Rooter Recieving New iproute2 Error, cannot configure Cuckoo to use VPN following documentation

[utkonos]

My issue is:

Using iproute2 v.5, the following error is returned when the rooter runs this command via subprocess:

# ip route list table tun0
Error: ipv4: FIB table does not exist.
Dump terminated

My Cuckoo version and operating system are:

2.0.7 on Ubuntu 20.04

This can be reproduced by:

Configure vpn to be on according to the documentation.

The log, error, files etc can be found at:

Error: ipv4: FIB table does not exist. Dump terminated

[mfc]

maybe rename this issue "cannot configure Cuckoo to use VPN following documentation" in order raise visibility... seems like a pretty big issue.

[utkonos]

Here is the root cause of this issue:

When Cuckoo starts, this command is sent to the rooter:

rooter("rt_available", entry.rt_table)

The rooter then issues the following command via subprocess:

ip route show table default

The result of this command is the following error:

The result of this command is an error:
Error: ipv4: FIB table does not exist.
Dump terminated

According to the maintainers of the upstream iproute2, this is a new error and behavior for iproute2. There is a thread on their mailing list about the above: https://www.spinics.net/lists/netdev/msg559739.html

[mfc]

thanks for the mailing list reference for further info. sounds like the easiest place to fix this issue is within cuckoo to have the rooter subprocess issue a different command or be able to handle the error.

i will try to escalate with cuckoo devs, as no VPN = clear communication to potential adversary that analysis is being performed (either via Tor or clearnet).

[mfc]

after discussing with Hatching folks, easiest step would be to use Ubuntu 18.04 LTS instead. will probably be a while before the Cuckoo dev community move to a later Ubuntu LTS and start fixing issues like this unfortunately (18.04 LTS supported until April 2023).