Bug 247345 - mac address are truncated
Summary: mac address are truncated
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: ulogd
Version: 7
Hardware: x86_64
OS: Linux
low
low
Target Milestone: ---
Assignee: Aurelien Bompard
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-07-07 12:08 UTC by Jean-Baptiste Vignaud
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version: 1.24-4.fc7
Clone Of:
Environment:
Last Closed: 2007-09-04 22:09:22 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
mac address contruction -D_FORTIFY_SOURCE=2 compatible (670 bytes, patch)
2007-08-06 09:38 UTC, Jean-Baptiste Vignaud
no flags Details | Diff
mac address contruction -D_FORTIFY_SOURCE=2 compatible (670 bytes, patch)
2007-08-06 09:47 UTC, Jean-Baptiste Vignaud
no flags Details | Diff

Description Jean-Baptiste Vignaud 2007-07-07 12:08:14 UTC
Description of problem:

I installed the ulogd package and the ulogd-mysql. I noticed that the raw_mac
field was not correctly filled :


mysql> select raw_mac from ulog where id='92';
+---------+
| raw_mac |
+---------+
| 00      |
+---------+
1 row in set (0.00 sec)

(all the raw_mac contained "00     ")

I'v configured ulogd to log to a different device (syslogemu)

Jul  7 13:26:55 loki IN=lo OUT= MAC=00  SRC=10.0.0.1 DST=10.0.0.1 LEN=60 TOS=10
PREC=0x00 TTL=64 ID=45158 CE DF PROTO=TCP SPT=54108 DPT=80 SEQ=164683982 ACK=0
WINDOW=32792 SYN URGP=0

MAC is also truncated.

i downloaded the following package:
wget
ftp://fr.rpmfind.net/linux/fedora/extras/development/SRPMS/ulogd-1.24-3.fc7.src.rpm

installed it, and compiled it, then i did:
service ulogd stop
mv /usr/lib64/ulogd/ulogd_BASE.so /usr/lib64/ulogd/ulogd_BASE.so-save
cp "new generated ulogd_BASE.so" /usr/lib64/ulogd/ulogd_BASE.so
service ulogd start

and after that the syslog like logging worked :
Jul  7 13:55:08 loki IN=eth1 OUT= MAC=00:04:75:b0:ff:2f:00:07:cb:34:90:28:08:00
 SRC=91.121.20.190 DST=82.230.172.5 LEN=60 TOS=00 PREC=0x00 TTL=57 ID=15425 DF
PROTO=TCP SPT=43040 DPT=81 SEQ=2218109664 ACK=0 WINDOW=5840 SYN URGP=0

then back to the mysql logging it works also :
mysql> select raw_mac from ulog where id='93';
+--------------------------------------------+
| raw_mac                                    |
+--------------------------------------------+
| 00:04:75:b0:ff:2f:00:07:cb:34:90:28:08:00  |
+--------------------------------------------+
1 row in set (0.00 sec)


i did not see any patches in the source rpm that affects the ulogd_BASE.so so i
guess that the package for x86_64 had been badly compiled ?

gcc used to compile : gcc version 4.1.2 20070502 (Red Hat 4.1.2-12)
kernel : 2.6.21-1.3228.fc7
arch : x86_64

Jean-Baptiste

Comment 1 Jean-Baptiste Vignaud 2007-07-07 12:19:23 UTC
example of trucated MAC address :

===>PACKET BOUNDARY
tcp.res2=0
tcp.res1=0
tcp.fin=0
tcp.syn=1
tcp.rst=0
tcp.psh=0
tcp.ack=0
tcp.urg=0
tcp.window=5840
tcp.reserved=0
tcp.offset=0
tcp.ackseq=0
tcp.seq=3722962661
tcp.dport=80
tcp.sport=57996
ip.fragoff=16384
ip.id=24835
ip.csum=29078
ip.ihl=5
ip.totlen=60
ip.ttl=57
ip.tos=0
ip.protocol=6
ip.daddr=82.230.172.5
ip.saddr=91.121.20.190
oob.out=
oob.in=eth1
oob.mark=0
oob.time.usec=274107
oob.time.sec=1183806672
oob.prefix=
raw.pktlen=60
raw.pkt=raw.mac=00

and a working one (with recompiled BASE)

===>PACKET BOUNDARY
tcp.res2=0
tcp.res1=0
tcp.fin=0
tcp.syn=1
tcp.rst=0
tcp.psh=0
tcp.ack=0
tcp.urg=0
tcp.window=5840
tcp.reserved=0
tcp.offset=0
tcp.ackseq=0
tcp.seq=3494998416
tcp.dport=81
tcp.sport=40171
ip.fragoff=16384
ip.id=17554
ip.csum=36359
ip.ihl=5
ip.totlen=60
ip.ttl=57
ip.tos=0
ip.protocol=6
ip.daddr=82.230.172.5
ip.saddr=91.121.20.190
oob.out=
oob.in=eth1
oob.mark=0
oob.time.usec=292586
oob.time.sec=1183810519
oob.prefix=
raw.pktlen=60
raw.pkt=raw.mac=00:04:75:b0:ff:2f:00:07:cb:34:90:28:08:00


Comment 2 Aurelien Bompard 2007-07-14 08:41:45 UTC
I can reproduce this bug here on i386, but I can't get it working again simply
by rebuilding it. Any details on how you built it ?

Comment 3 Jean-Baptiste Vignaud 2007-07-14 09:06:50 UTC
Sure;

i wanted to debug that, but i was unable to reproduce the problem after rebuild.

This is roughly what i did :

wget
ftp://fr.rpmfind.net/linux/fedora/extras/development/SRPMS/ulogd-1.24-3.fc7.src.rpm
mkdir -p /usr/src/redhat/SOURCES
rpm -i ulogd-1.24-3.fc7.src.rpm
cd /usr/src/redhat/SOURCES
tar -xjvf ulogd-1.24.tar.bz2
cd ulogd-1.24
./configure
make
cd extensions
service ulogd stop
locate ulogd_BASE.so
mv /usr/lib64/ulogd/ulogd_BASE.so /usr/lib64/ulogd/ulogd_BASE.so-save
cp ulogd_BASE.so /usr/lib64/ulogd/ulogd_BASE.so
service ulogd start

After that i also stripped the /usr/lib64/ulogd/ulogd_BASE.so
service ulogd stop
strip -a /usr/lib64/ulogd/ulogd_BASE.so
service ulogd start

But it was still working...

Maybe a valgrind/purify can find something ?
Did you used the same gcc version that me (gcc version 4.1.2 20070502 (Red Hat
4.1.2-12) ?



Comment 4 Aurelien Bompard 2007-07-22 07:53:49 UTC
OK, after some time debugging, I found that the mac adress is correctly stored
if the CFLAGS do *not* contain "-Wp,-D_FORTIFY_SOURCE=2"
By default, Fedora's RPM does set this in the CFLAGS.

That's about where my knowledge of C compilation stops. Any idea why this
happens, before I submit a bug upstream ?

Comment 5 Jean-Baptiste Vignaud 2007-08-06 09:38:21 UTC
Created attachment 160740 [details]
mac address contruction -D_FORTIFY_SOURCE=2 compatible

Comment 6 Jean-Baptiste Vignaud 2007-08-06 09:40:22 UTC
Certainly related to -D_FORTIFY_SOURCE=2.
This is a kind of buffer checking enabled at compile time, that will trigger
some extra check in the libc.

http://www.redhat.com/magazine/009jul05/features/execshield/#checks

I have changed the way the mac address is constructed (see patch).
It works for me with -Wp,-D_FORTIFY_SOURCE=2.



Comment 7 Jean-Baptiste Vignaud 2007-08-06 09:47:44 UTC
Created attachment 160741 [details]
mac address contruction -D_FORTIFY_SOURCE=2 compatible

Corrected diff format

Comment 8 Jean-Baptiste Vignaud 2007-08-10 08:39:22 UTC
Is there any news ?
I have a solution for the problem (see patch), is it possible for someone to
double check it, and eventually create a new official ulogd package ? 
Or do i need to submit my patch to ulogd author ?

Comment 9 Aurelien Bompard 2007-08-14 09:03:53 UTC
Sorry for not responding, I'm just back from vacation.
I've tried your patch, it seems to work fine. I've applied it and sent it
upstream for inclusion. Update pending, thanks a lot.

Comment 10 Fedora Update System 2007-08-15 19:40:17 UTC
ulogd-1.24-4.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2007-09-04 22:09:18 UTC
ulogd-1.24-4.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.