Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2166178

Summary: nmap much slower after bz1596834 got fixed in libpcap [rhel8]
Product: Red Hat Enterprise Linux 8 Reporter: Christian Horn <chorn>
Component: nmapAssignee: Martin Osvald 🛹 <mosvald>
Status: CLOSED ERRATA QA Contact: František Hrdina <fhrdina>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.2CC: fhrdina, mosvald, mruprich, rhel-cs-infra-services-qe
Target Milestone: rcKeywords: AutoVerified, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: nmap-7.92-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2166177 Environment:
Last Closed: 2023-11-14 15:25:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2166177    

Description Christian Horn 2023-02-01 04:56:26 UTC 
+++ This bug was initially created as a clone of Bug #2166177 +++

Description of problem:
nmap much slower after bz1596834 got fixed in libpcap

Version-Release number of selected component (if applicable):
libpcap-1.5.3-13.el7_9 (last rhel7 version)
Also seen on rhel8, i.e.
libpcap-1.9.1-5.el8

How reproducible:
always

Steps to Reproduce:
1. install rhel7 with libpcap-1.5.3-12.el7 or later, and nmap (any version)
2. while :; do time nmap -n -r -p 1-65535 127.0.0.1 >/dev/null; done

Actual results:
real    0m6.259s
user    0m1.078s
sys     0m0.879s

real    0m6.254s
user    0m1.098s
sys     0m0.863s

Expected results:
real    0m1.150s
user    0m0.176s
sys     0m0.972s

real    0m1.129s
user    0m0.138s
sys     0m0.990s

Additional info:
- This seems to be a regression after implementing bz1596834.
  I recompiled libpcap-1.5.3-13.el7_9 (last rhel7 libpcap) with this change
  in the specfile:
  < export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
  > export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DHAVE_TPACKET3"
  With that change, the old (desired, low latency) behaviour is restored.
- rhel8.2/8.4/8.6 are also affected (did not test the other versions), above test 
  case takes ~6sec there.
- rhel9 is not affected, ~1sec for the test case

--- Additional comment from RHEL Program Management on 2023-02-01 04:50:48 UTC ---

RHEL 7 is currently in Maintenance Support 2 Phase.

The support of the product in this phase is limited, and not every bug should be getting fixed and is defined as this:

"During the Maintenance Support Phase for Red Hat Enterprise Linux Version 8 and Maintenance Support 2 Phase for Red Hat Enterprise Linux versions 6 and 7, Red Hat defined Critical and Important impact Security Advisories (RHSAs) and selected (at Red Hat discretion) Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate.

New functionality and new hardware enablement are not planned for availability in the Maintenance Support (RHEL 8) Phase and Maintenance Support 2 (RHEL 6, 7) Phase. Minor releases with updated installation images may be made available in this Phase."

If there is an available workaround, or the impact is minor/cosmetic, we should no longer be addressing this in RHEL 7. If the bug requires a large/invasive/risky fix, this should no longer be addressed in RHEL 7. We can address those types of issues only in future releases which are in a full support phase.

If you're unsure if the fix is suitable for RHEL 7, or if there's a real business reason to make an exception from inclusion criteria as stated above, please follow the Feature process by setting exception?, Such request will be reviewed at the RHEL Blocker and Exception meeting.

Please consider this before working on, or approving this bug.

For Product Owners and CEE: to approve this bug in 7.9.z (if it meets the inclusion criteria) set zstream+ and make sure ITR is set to 7.9.z. After devel and qa acks are provided, bug will be approved for a release, no action is needed.

--- Additional comment from RHEL Program Management on 2023-02-01 04:50:48 UTC ---

This bug does not have Internal Target Release set. It was set to 7.9.z (zstream) to ensure compliance with the process.

--- Additional comment from Christian Horn on 2023-02-01 04:54:13 UTC ---

This will probably not result in rhel7 code changes, but
we with engineering input maybe we get workarounds?
Also cloning this now to rhel8, where this also applies to.
Comment 1 Christian Horn 2023-02-01 04:59:23 UTC 
Issue verified to be on rhel8.2/8.4/8.6, probably all rhel8 affected.  
Issue does not exist on rhel9.
Removing regression keyword, as it seems like it had this behaviour all
along inside rhel8 (just inside rhel7 it got slower).
Comment 2 Michal Ruprich 2023-02-23 15:15:20 UTC 
So I am still trying to figure out why nmap is slower but seems to me like TPACKET_V3 is not the one to blame. Just checking this with gdb on RHEL-8.8.0:

# dnf debuginfo-install libpcap nmap
...
# gdb nmap
...

1. I test it with a breakpoint on pcap_read_linux_mmap_v2 from libpcap:

(gdb) b pcap_read_linux_mmap_v2
Function "pcap_read_linux_mmap_v2" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (pcap_read_linux_mmap_v2) pending.

(gdb) run -n -r -p 1-65535 127.0.0.1
Starting program: /usr/bin/nmap -n -r -p 1-65535 127.0.0.1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Starting Nmap 7.70 ( https://nmap.org ) at 2023-02-23 10:11 EST
Nmap scan report for 127.0.0.1
Host is up (0.0000020s latency).
Not shown: 65532 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
111/tcp  open  rpcbind
8081/tcp open  blackice-icecap

Nmap done: 1 IP address (1 host up) scanned in 5.04 seconds
[Inferior 1 (process 5963) exited normally]

2. add a breakpoint for pcap_read_linux_mmap_v3:
(gdb) b pcap_read_linux_mmap_v3
Breakpoint 2 at 0x7ffff791e120: file ./pcap-linux.c, line 5566.

(gdb) info b
Num     Type           Disp Enb Address            What
1       breakpoint     keep y   0x00007ffff791e410 in pcap_read_linux_mmap_v2 at ./pcap-linux.c:5480
2       breakpoint     keep y   0x00007ffff791e120 in pcap_read_linux_mmap_v3 at ./pcap-linux.c:5566

(gdb) run -n -r -p 1-65535 127.0.0.1
Starting program: /usr/bin/nmap -n -r -p 1-65535 127.0.0.1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Starting Nmap 7.70 ( https://nmap.org ) at 2023-02-23 10:13 EST

Breakpoint 2, pcap_read_linux_mmap_v3 (handle=0x555555fc0900, max_packets=1, 
    callback=0x7ffff7918f00 <pcap_oneshot_mmap>, user=0x7fffffffc8b0 "@\311\377\377\377\177") at ./pcap-linux.c:5566
5566	{

So libpcap IS using TPACKET_V3, otherwise the call for mmap_v3 would not be available.
Comment 3 Michal Ruprich 2023-02-23 16:09:12 UTC 
Just tested nmap-7.91 on RHEL8 and look at the results:
Starting Nmap 7.91 ( https://nmap.org ) at 2023-02-23 11:07 EST
Nmap scan report for 127.0.0.1
Host is up (0.0000020s latency).
Not shown: 65532 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
111/tcp  open  rpcbind
8081/tcp open  blackice-icecap

Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds <-----------

I will discuss this with my colleague who owns nmap and see what we can do here.
Comment 4 Martin Osvald 🛹 2023-02-27 12:47:17 UTC 
It doesn't look like libpcap problem. Perf tool does show very low cpu time usage for libpcap.so.1.9.1 routines. I built upstream nmap 9.80 and the problem isn't there (RHEL9 has nmap 7.91):

~~~
[root@ci-vm nmap-7.80]# time ./nmap -n -r -p 1-65535 127.0.0.1 >/dev/null

real    0m0.404s
user    0m0.111s
sys     0m0.179s
[root@ci-vm nmap-7.80]#
~~~

Therefore switching this to nmap component.
Comment 5 Martin Osvald 🛹 2023-02-27 12:56:23 UTC 
(In reply to Martin Osvald 🛹 from comment #4)
...
> usage for libpcap.so.1.9.1 routines. I built upstream nmap 9.80 and the

made a typo - 7.80 instead of 9.80
Comment 6 Martin Osvald 🛹 2023-02-27 14:33:58 UTC 
These changes should be fixing the issue:

o [GH#1291][GH#34][GH#1339] Use pcap_create instead of pcap_live_open in
  Nmap, and set immediate mode on the pcap descriptor. This solves packet
  loss problems on Linux and may improve performance on other platforms.
  [Daniel Cater, Mike Pontillo, Daniel Miller]
Comment 7 Martin Osvald 🛹 2023-02-27 15:19:08 UTC 
Manually checked out&built&tested that with the below upstream commit the issue is gone:

https://github.com/nmap/nmap/commit/e48361523b18596c023f565053e56d934fff70bd

The below commit is also needed:

https://github.com/nmap/nmap/commit/7e644b391ea16f74dd57f5865be545d514de540d
Comment 8 Christian Horn 2023-02-28 00:19:02 UTC 
mosvald++
Based on criticality this was so far reported via support,
I think for rhel8 a fix in an upcoming minor release seems to be sufficient.
Comment 9 Martin Osvald 🛹 2023-03-14 09:19:06 UTC 
full list of patches needed to fix this:

https://github.com/nmap/nmap/commit/7f1485f56d30572e59eb3a7dd345c38226d221f8
https://github.com/nmap/nmap/commit/7e644b391ea16f74dd57f5865be545d514de540d
https://github.com/nmap/nmap/commit/d6a04c465e536623598e980c6771c1dd9f8c7f95
https://github.com/nmap/nmap/commit/e48361523b18596c023f565053e56d934fff70bd

clean backport, CI tests passed so granting devel_ack.
Comment 22 errata-xmlrpc 2023-11-14 15:25:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (nmap bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6913