Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

getsockopt: No such file or directory #19

Closed
deliciouslytyped opened this issue Apr 16, 2023 · 5 comments
Closed

getsockopt: No such file or directory #19

deliciouslytyped opened this issue Apr 16, 2023 · 5 comments

Comments

@deliciouslytyped
Copy link

deliciouslytyped commented Apr 16, 2023

Im running into an issue with an error similar to the getsockopt error in #15

I'm running ssh on 2222 and http on 2280.

strace shows the following when I try to curl http://localhost:443:

[pid 13398] <... poll resumed>)         = 1 ([{fd=4, revents=POLLIN}])
[pid 13397] <... poll resumed>)         = 1 ([{fd=4, revents=POLLIN}])
[pid 13396] <... poll resumed>)         = 1 ([{fd=4, revents=POLLIN}])
[pid 13395] <... poll resumed>)         = 1 ([{fd=4, revents=POLLIN}])
[pid 13398] accept4(4,  <unfinished ...>
[pid 13397] accept4(4,  <unfinished ...>
[pid 13398] <... accept4 resumed>{sa_family=AF_INET, sin_port=htons(56942), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 5
[pid 13397] <... accept4 resumed>0x7ffe16a25040, [16], SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
[pid 13396] accept4(4,  <unfinished ...>
[pid 13395] accept4(4,  <unfinished ...>
[pid 13398] setsockopt(5, SOL_TCP, TCP_NODELAY, [1], 4 <unfinished ...>
[pid 13397] poll([{fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=4, events=POLLIN|POLLOUT}], 5, 1000 <unfinished ...>
[pid 13398] <... setsockopt resumed>)   = 0
[pid 13396] <... accept4 resumed>0x7ffe16a25040, [16], SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
[pid 13395] <... accept4 resumed>0x7ffe16a25040, [16], SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
[pid 13398] accept4(4,  <unfinished ...>
[pid 13396] poll([{fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=4, events=POLLIN|POLLOUT}], 5, 1000 <unfinished ...>
[pid 13398] <... accept4 resumed>0x7ffe16a25040, [16], SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
[pid 13395] poll([{fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=4, events=POLLIN|POLLOUT}], 5, 1000 <unfinished ...>
[pid 13398] poll([{fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=4, events=POLLIN|POLLOUT}, {fd=5, events=POLLIN}], 6, 1000) = 1 ([{fd=5, revents=POLLIN}])
[pid 13398] getsockopt(5, SOL_IP, 0x50 /* IP_??? */, 0x7ffe16a25050, [16]) = -1 ENOENT (No such file or directory)
[pid 13398] close(5)                    = 0
[pid 13398] getpid()                    = 13398
[pid 13398] sendto(3, "<27>Apr 16 18:11:51 sshttpd[1339"..., 106, MSG_NOSIGNAL, NULL, 0) = 106

The log shows: sshttpd[14112]: sshttp::loop::NS_Socket::dstaddr::getsockopt:No such file or directory

my PORTS is set to "2222 2280" and I'm running $sudo ./sshttpd -S 2222 -L 443 -H 2280 -U nobody -R /var/empty.
I hope i just missed something simple in the documentation, I don't really understand what exactly s breaking.

The nf-setup output:

 $sudo ./nf-setup
[sudo] password for a:
modprobe: FATAL: Module nf_conntrack_ipv4 not found in directory /lib/modules/6.0.0-12parrot1-amd64
iptables: Chain already exists.
Using network device enp1s0
Setting up port 2222 ...
Setting up port 2280 ...
RTNETLINK answers: File exists

conntrack is loaded:

 $lsmod | grep conntrack
nf_conntrack          188416  2 nf_nat,xt_REDIRECT
nf_defrag_ipv6         24576  2 nf_conntrack,xt_socket
nf_defrag_ipv4         16384  2 nf_conntrack,xt_socket
libcrc32c              16384  6 nf_conntrack,nf_nat,btrfs,nf_tables,xfs,raid456

iptables has the rules:

$sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i enp1s0 -p tcp -m tcp --dport 2222 -j DROP
-A INPUT -i enp1s0 -p tcp -m tcp --dport 2280 -j DROP
$sudo iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
 $sudo iptables -S -t raw
-P PREROUTING ACCEPT
-P OUTPUT ACCEPT
 $sudo iptables -S -t mangle
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DIVERT
-A PREROUTING -p tcp -m socket -j DIVERT
-A OUTPUT -o enp1s0 -p tcp -m tcp --sport 2222 -j DIVERT
-A OUTPUT -o enp1s0 -p tcp -m tcp --sport 2280 -j DIVERT
-A DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A DIVERT -j ACCEPT
@deliciouslytyped
Copy link
Author

I got sslh to work almost instantly, so I'm using that for the moment.

@stealth
Copy link
Owner

stealth commented Apr 28, 2023

Ok, you are using parrot with a 6.0.0 kernel?

@deliciouslytyped
Copy link
Author

I don't have access to the machine right now, but I'm pretty sure I was running Ubuntu 22.04 or 22.10 which Google suggests is running on 5.15 or 5.19, or on https://parrotsec.org/blog/2023-02-15-parrot-5.2-release-notes/ which is reportedly on 6.0 .

I didn't realize, does sshttp have some sort of kernel version requirement?

@stealth
Copy link
Owner

stealth commented Jun 22, 2023

Should be fixed now. Main problem was that new kernels rename the nfconntrack module so the setup script fails and the getsockopt() didnt work.
Tested to work on Kernel 6.3.

@stealth
Copy link
Owner

stealth commented Jun 22, 2023

closing

@stealth stealth closed this as completed Jun 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants