search

ooni / probe

OONI Probe network measurement tool for detecting internet censorship
https://ooni.org/install
BSD 3-Clause "New" or "Revised" License
754 stars 142 forks source link

`ooniprobe version` needs network access #2586

Open chenrui333 opened 11 months ago

chenrui333 commented 11 months ago

Another issue found when building/testing 3.19.0 release is the version cmd now needs network access, which is a bit weird.

  ==> /opt/homebrew/Cellar/ooniprobe/3.19.0/bin/ooniprobe version
  Error: ooniprobe: failed
  An exception occurred within a child process:
    JSON::ParserError: unexpected token at '10/20 10:28:11 connection doesn't allow setting of send buffer size. Not a *net.UDPConn?. See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details.
  '

relates to https://github.com/Homebrew/homebrew-core/pull/151911

bassosimone commented 11 months ago

Dear @chenrui333,

Another issue found when building/testing 3.19.0 release is the version cmd now needs network access, which is a bit weird.

  ==> /opt/homebrew/Cellar/ooniprobe/3.19.0/bin/ooniprobe version
  Error: ooniprobe: failed
  An exception occurred within a child process:
    JSON::ParserError: unexpected token at '10/20 10:28:11 connection doesn't allow setting of send buffer size. Not a *net.UDPConn?. See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details.
  '

relates to Homebrew/homebrew-core#151911

Thank you for letting us know about this issue! 🙏 🙌

I do not know the details of how @Homebrew builds packages and why it's trying to parse JSON. But I know that the message that is breaking the parser is emitted on the standard error. So, one way to fix the CI tests would definitely be that of only capturing the standard output of the process, provided that this is possible.

That said, I also agree that the version command should not need network access. I investigated this issue on Linux by running the following command:

strace ./ooniprobe version 2>&1 | grep -v rt_sigaction | grep -v rt_sigreturn | \
  grep -v mmap | grep -v mprotect | grep -v getrandom | grep -v futex | \
  grep -v rt_sigprocmask | grep -v clone3 | grep -v SIGURG | grep -v sigaltstack | grep -v getrlimit

The following listing contains the system calls not filtered out using grep:

execve("./ooniprobe", ["./ooniprobe", "version"], 0x7ffd6fd30af8 /* 34 vars */) = 0
brk(NULL)                               = 0x48ef000
arch_prctl(0x3001 /* ARCH_??? */, 0x7fffc59256a0) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=27591, ...}, AT_EMPTY_PATH) = 0
close(4)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 4
read(4, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\237\2\0\0\0\0\0"..., 832) = 832
pread64(4, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(4, "\4\0\0\0 \0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0"..., 48, 848) = 48
pread64(4, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\244;\374\204(\337f#\315I\214\234\f\256\271\32"..., 68, 896) = 68
newfstatat(4, "", {st_mode=S_IFREG|0755, st_size=2216304, ...}, AT_EMPTY_PATH) = 0
pread64(4, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
close(4)                                = 0
arch_prctl(ARCH_SET_FS, 0x7fe4f40a1740) = 0
set_tid_address(0x7fe4f40a1a10)         = 2939
set_robust_list(0x7fe4f40a1a20, 24)     = 0
rseq(0x7fe4f40a20e0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7fe4f42cc000, 27591)           = 0
brk(NULL)                               = 0x48ef000
brk(0x4910000)                          = 0x4910000
sched_getaffinity(0, 8192, [0, 1, 2])   = 8
openat(AT_FDCWD, "/sys/kernel/mm/transparent_hugepage/hpage_pmd_size", O_RDONLY) = 4
read(4, "2097152\n", 20)                = 8
close(4)                                = 0
madvise(0x7fe4cf000000, 2097152, MADV_HUGEPAGE) = 0
gettid()                                = 2939
setrlimit(RLIMIT_NOFILE, {rlim_cur=1024*1024, rlim_max=1024*1024}) = 0
fcntl(0, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(1, F_GETFL)                       = 0x1 (flags O_WRONLY)
fcntl(2, F_GETFL)                       = 0x1 (flags O_WRONLY)
ioctl(1, TCGETS, 0xc0001bb91c)          = -1 ENOTTY (Inappropriate ioctl for device)
getpid()                                = 2939
epoll_create1(EPOLL_CLOEXEC)            = 4
pipe2([5, 6], O_NONBLOCK|O_CLOEXEC)     = 0
epoll_ctl(4, EPOLL_CTL_ADD, 5, {events=EPOLLIN, data={u32=62330288, u64=62330288}}) = 0
capget({version=0 /* _LINUX_CAPABILITY_VERSION_??? */, pid=0}, NULL) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cap_last_cap", O_RDONLY|O_CLOEXEC) = 7
fcntl(7, F_GETFL)                       = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 0
epoll_ctl(4, EPOLL_CTL_ADD, 7, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=3427039560, u64=140620656310600}}) = 0
read(7, "40\n", 11)                     = 3
epoll_ctl(4, EPOLL_CTL_DEL, 7, 0xc000230df4) = 0
close(7)                                = 0
epoll_pwait(4, [], 128, 0, NULL, 0)     = 0
sched_yield()                           = 0
sched_yield()                           = 0
write(1, "3.20.0-alpha\n", 133.20.0-alpha
)          = 13
exit_group(0)                           = ?
+++ exited with 0 +++

I do not see any network I/O in here. All the epoll calls seem to be related to files I/O.

Do you have any suggestion for me to reproduce the issue? Thank you!

jbonisteel commented 8 months ago

We will triage appropriately once we have more info from the reporter