search

openziti / ziti-openwrt

Ziti package feed for OpenWRT
Apache License 2.0
3 stars 0 forks source link

With v0.16.2 ziti tunnel - Getting Segmentation Fault when Radius UDP port 1812 traffic is intercepted #3

Closed sameersarkar-tcl closed 3 years ago

sameersarkar-tcl commented 3 years ago

Hi Team, As said i have configured the NF service to intercept radius udp port 1812 and 1813 by ziti tunneler. I also have port 80, simple webservice as well. When port 80 is intercepted, there is no segmentation fault. But when port 1812 is intercepted, ziti tunneler gives a segmentation failure.

Attaching log here

root@Teltonika-RUT240:/tmp# /usr/sbin/ziti-edge-tunnel run -i /etc/ziti/id.json --dns=dnsmasq:/tmp/hosts & root@Teltonika-RUT240:/tmp# [ 0.000] INFO lib/ziti-tunnel/ziti_tunnel.c:58 ziti_tunneler_init() Ziti Tunneler SDK (v0.16.2-local) [ 0.097] INFO lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c:208 load_ziti_async() attempting to load ziti instance from file[/etc/ziti/id.json] [ 0.097] INFO lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c:214 load_ziti_async() loading ziti instance from /etc/ziti/id.json [ 0.097] INFO ziti_log_set_level set log level: ziti_log_lvl=3 &ziti_log_lvl = 0x645af0 [ 0.097] INFO programs/ziti-edge-tunnel/ziti-edge-tunnel.c:143 load_id_cb() identity[/etc/ziti/id.json] loaded [ 0.152] INFO _deps/ziti-sdk-c-src/library/ziti.c:230 ziti_init_async() ztx[0] Ziti C SDK version 0.22.4 @e231b31(HEAD) starting at (1970-01-01T00:00:00.414) [ 0.152] INFO _deps/ziti-sdk-c-src/library/ziti.c:231 ziti_init_async() ztx[0] Loading from config[/etc/ziti/id.json] controller[https://174.129.210.139:443] [ 2.423] INFO _deps/ziti-sdk-c-src/library/ziti.c:909 version_cb() ztx[0] connected to controller https://174.129.210.139:443 version v0.19.11(ee2dd563f84d 2021-04-15 19:15:29) [ 2.908] INFO lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c:174 on_ziti_event() ziti_ctx[demo_rut240_endpoint_2] connected to controller [ 3.352] INFO _deps/ziti-sdk-c-src/library/channel.c:216 new_ziti_channel() ch[0] (scdx-webservice-router@tls://192.168.3.11:443) new channel for ztx[0] identity[demo_rut240_endpoint_2] [ 3.352] INFO _deps/ziti-sdk-c-src/library/channel.c:723 reconnect_channel() ch[0] reconnecting NOW [ 3.352] INFO _deps/ziti-sdk-c-src/library/channel.c:216 new_ziti_channel() ch[1] (NF-Demo-Router@tls://65.0.50.2:443) new channel for ztx[0] identity[demo_rut240_endpoint_2] [ 3.352] INFO _deps/ziti-sdk-c-src/library/channel.c:723 reconnect_channel() ch[1] reconnecting NOW [ 5.080] ERROR _deps/uv-mbed-src/src/tls_link.c:113 TLS read -4095(end of file) [ 5.080] ERROR _deps/ziti-sdk-c-src/library/channel.c:831 on_channel_connect_internal() ch[0] failed to connect [-130/software caused connection abort] [ 5.080] INFO _deps/ziti-sdk-c-src/library/channel.c:720 reconnect_channel() ch[0] reconnecting in 0 ms (attempt = 3839) [ 5.080] INFO lib/ziti-tunnel-cbs/ziti_tunnel_cbs.c:367 new_ziti_intercept() creating intercept for service[scdx-demo-radiusserver-auth-udp] with ziti-tunneler-client.v1 = {"hostname":"demo-radiusserver.com","port":1812} [ 5.080] INFO lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c:141 on_service() starting intercepting for service[scdx-demo-radiusserver-auth-udp] [ 5.080] INFO lib/ziti-tunnel-cbs/ziti_tunnel_cbs.c:367 new_ziti_intercept() creating intercept for service[scdx-demo-radiusserver-accnt-udp] with ziti-tunneler-client.v1 = {"hostname":"demo-radiusserver.com","port":1813} [ 5.080] INFO lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c:141 on_service() starting intercepting for service[scdx-demo-radiusserver-accnt-udp] [ 5.080] INFO lib/ziti-tunnel-cbs/ziti_tunnel_cbs.c:367 new_ziti_intercept() creating intercept for service[scdx-demo-webservice] with ziti-tunneler-client.v1 = {"hostname":"demo-webservice.com","port":80} [ 5.080] INFO lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c:141 on_service() starting intercepting for service[scdx-demo-webservice] [ 6.919] INFO _deps/ziti-sdk-c-src/library/channel.c:629 hello_reply_cb() ch[1] connected. EdgeRouter version: v0.19.11|ee2dd563f84d|2021-04-15 19:15:29|linux|amd64

root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp# [ 10.669] ERROR _deps/uv-mbed-src/src/tls_link.c:113 TLS read -4095(end of file) [ 10.669] ERROR _deps/ziti-sdk-c-src/library/channel.c:831 on_channel_connect_internal() ch[0] failed to connect [-130/software caused connection abort] [ 10.669] INFO _deps/ziti-sdk-c-src/library/channel.c:720 reconnect_channel() ch[0] reconnecting in 0 ms (attempt = 18268)

root@Teltonika-RUT240:/tmp# [ 11.676] INFO lib/ziti-tunnel/tunnel_udp.c:210 recv_udp() intercepted address[udp:100.64.2.1:1812] client[udp:100.64.0.1:34482] service[scdx-demo-radiusserver-auth-udp]

[1]+ Segmentation fault /usr/sbin/ziti-edge-tunnel run -i /etc/ziti/id.json --dns=dnsmasq:/tmp/hosts root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp# /usr/sbin/ziti-edge-tunnel run -i /etc/ziti/id.json --dns=dnsmasq:/tmp/hosts & root@Teltonika-RUT240:/tmp# [ 0.000] INFO lib/ziti-tunnel/ziti_tunnel.c:58 ziti_tunneler_init() Ziti Tunneler SDK (v0.16.2-local) [ 0.119] INFO lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c:208 load_ziti_async() attempting to load ziti instance from file[/etc/ziti/id.json] [ 0.119] INFO lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c:214 load_ziti_async() loading ziti instance from /etc/ziti/id.json [ 0.119] INFO ziti_log_set_level set log level: ziti_log_lvl=3 &ziti_log_lvl = 0x645af0 [ 0.119] INFO programs/ziti-edge-tunnel/ziti-edge-tunnel.c:143 load_id_cb() identity[/etc/ziti/id.json] loaded [ 0.169] INFO _deps/ziti-sdk-c-src/library/ziti.c:230 ziti_init_async() ztx[0] Ziti C SDK version 0.22.4 @e231b31(HEAD) starting at (1970-01-01T00:00:00.922) [ 0.169] INFO _deps/ziti-sdk-c-src/library/ziti.c:231 ziti_init_async() ztx[0] Loading from config[/etc/ziti/id.json] controller[https://174.129.210.139:443] [ 2.417] INFO _deps/ziti-sdk-c-src/library/ziti.c:909 version_cb() ztx[0] connected to controller https://174.129.210.139:443 version v0.19.11(ee2dd563f84d 2021-04-15 19:15:29) [ 2.901] INFO lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c:174 on_ziti_event() ziti_ctx[demo_rut240_endpoint_2] connected to controller [ 3.331] INFO _deps/ziti-sdk-c-src/library/channel.c:216 new_ziti_channel() ch[0] (scdx-webservice-router@tls://192.168.3.11:443) new channel for ztx[0] identity[demo_rut240_endpoint_2] [ 3.331] INFO _deps/ziti-sdk-c-src/library/channel.c:723 reconnect_channel() ch[0] reconnecting NOW [ 3.331] INFO _deps/ziti-sdk-c-src/library/channel.c:216 new_ziti_channel() ch[1] (NF-Demo-Router@tls://65.0.50.2:443) new channel for ztx[0] identity[demo_rut240_endpoint_2] [ 3.331] INFO _deps/ziti-sdk-c-src/library/channel.c:723 reconnect_channel() ch[1] reconnecting NOW [ 5.064] ERROR _deps/uv-mbed-src/src/tls_link.c:113 TLS read -4095(end of file) [ 5.064] ERROR _deps/ziti-sdk-c-src/library/channel.c:831 on_channel_connect_internal() ch[0] failed to connect [-130/software caused connection abort] [ 5.064] INFO _deps/ziti-sdk-c-src/library/channel.c:720 reconnect_channel() ch[0] reconnecting in 0 ms (attempt = 6596) [ 5.064] INFO lib/ziti-tunnel-cbs/ziti_tunnel_cbs.c:367 new_ziti_intercept() creating intercept for service[scdx-demo-radiusserver-auth-udp] with ziti-tunneler-client.v1 = {"hostname":"demo-radiusserver.com","port":1812} [ 5.064] INFO lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c:141 on_service() starting intercepting for service[scdx-demo-radiusserver-auth-udp] [ 5.064] INFO lib/ziti-tunnel-cbs/ziti_tunnel_cbs.c:367 new_ziti_intercept() creating intercept for service[scdx-demo-radiusserver-accnt-udp] with ziti-tunneler-client.v1 = {"hostname":"demo-radiusserver.com","port":1813} [ 5.064] INFO lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c:141 on_service() starting intercepting for service[scdx-demo-radiusserver-accnt-udp] [ 5.064] INFO lib/ziti-tunnel-cbs/ziti_tunnel_cbs.c:367 new_ziti_intercept() creating intercept for service[scdx-demo-webservice] with ziti-tunneler-client.v1 = {"hostname":"demo-webservice.com","port":80} [ 5.064] INFO lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c:141 on_service() starting intercepting for service[scdx-demo-webservice] [ 7.124] INFO _deps/ziti-sdk-c-src/library/channel.c:629 hello_reply_cb() ch[1] connected. EdgeRouter version: v0.19.11|ee2dd563f84d|2021-04-15 19:15:29|linux|amd64 [ 13.390] ERROR _deps/uv-mbed-src/src/tls_link.c:113 TLS read -4095(end of file) [ 13.390] ERROR _deps/ziti-sdk-c-src/library/channel.c:831 on_channel_connect_internal() ch[0] failed to connect [-130/software caused connection abort] [ 13.390] INFO _deps/ziti-sdk-c-src/library/channel.c:720 reconnect_channel() ch[0] reconnecting in 0 ms (attempt = 8006)

root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp# [ 23.116] ERROR _deps/uv-mbed-src/src/tls_link.c:113 TLS read -4095(end of file) [ 23.116] ERROR _deps/ziti-sdk-c-src/library/channel.c:831 on_channel_connect_internal() ch[0] failed to connect [-130/software caused connection abort] [ 23.116] INFO _deps/ziti-sdk-c-src/library/channel.c:720 reconnect_channel() ch[0] reconnecting in 0 ms (attempt = 3338)

root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp# [ 28.285] ERROR _deps/uv-mbed-src/src/tls_link.c:113 TLS read -4095(end of file) [ 28.285] ERROR _deps/ziti-sdk-c-src/library/channel.c:831 on_channel_connect_internal() ch[0] failed to connect [-130/software caused connection abort] [ 28.285] INFO _deps/ziti-sdk-c-src/library/channel.c:720 reconnect_channel() ch[0] reconnecting in 0 ms (attempt = 15149)

root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp# wget demo-webservice.com Connecting to demo-webservice.com (100.64.2.2:80) [ 33.247] INFO lib/ziti-tunnel/tunnel_tcp.c:93 new_tcp_pcb() snd_wnd: 29200, snd_snd_max: 29200, mss: 1460 [ 33.247] INFO lib/ziti-tunnel/tunnel_tcp.c:368 recv_tcp() intercepted address[tcp:100.64.2.2:80] client[tcp:100.64.0.1:36717] service[scdx-demo-webservice] [ 34.199] INFO _deps/ziti-sdk-c-src/library/channel.c:723 reconnect_channel() ch[0] reconnecting NOW [ 36.001] ERROR _deps/uv-mbed-src/src/tls_link.c:113 TLS read -4095(end of file) [ 36.001] ERROR _deps/ziti-sdk-c-src/library/channel.c:831 on_channel_connect_internal() ch[0] failed to connect [-130/software caused connection abort] [ 36.001] INFO _deps/ziti-sdk-c-src/library/channel.c:720 reconnect_channel() ch[0] reconnecting in 0 ms (attempt = 48108) [ 36.001] INFO lib/ziti-tunnel/ziti_tunnel.c:133 ziti_tunneler_dial_completed() ziti dial succeeded: service=scdx-demo-webservice, client=tcp:100.64.0.1:36717 [ 36.120] INFO lib/ziti-tunnel/ziti_tunnel.c:465 ziti_tunneler_close_write() closing write connection: service=scdx-demo-webservice, client=tcp:100.64.0.1:36717 wget: can't open 'index.html': File exists [ 36.127] INFO lib/ziti-tunnel/ziti_tunnel.c:439 ziti_tunneler_close() closing connection: service=scdx-demo-webservice, client=tcp:100.64.0.1:36717 root@Teltonika-RUT240:/tmp# rm index.html root@Teltonika-RUT240:/tmp# **root@Teltonika-RUT240:/tmp# wget demo-webservice.com Connecting to demo-webservice.com (100.64.2.2:80) [ 47.690] INFO lib/ziti-tunnel/tunnel_tcp.c:93 new_tcp_pcb() snd_wnd: 29200, snd_snd_max: 29200, mss: 1460 [ 47.690] INFO lib/ziti-tunnel/tunnel_tcp.c:368 recv_tcp() intercepted address[tcp:100.64.2.2:80] client[tcp:100.64.0.1:36721] service[scdx-demo-webservice] [ 47.691] INFO _deps/ziti-sdk-c-src/library/channel.c:723 reconnect_channel() ch[0] reconnecting NOW [ 49.776] ERROR _deps/uv-mbed-src/src/tls_link.c:113 TLS read -4095(end of file) [ 49.776] ERROR _deps/ziti-sdk-c-src/library/channel.c:831 on_channel_connect_internal() ch[0] failed to connect [-130/software caused connection abort] [ 49.776] INFO _deps/ziti-sdk-c-src/library/channel.c:720 reconnect_channel() ch[0] reconnecting in 0 ms (attempt = 78974) [ 49.776] INFO lib/ziti-tunnel/ziti_tunnel.c:133 ziti_tunneler_dial_completed() ziti dial succeeded: service=scdx-demo-webservice, client=tcp:100.64.0.1:36721 [ 49.944] INFO lib/ziti-tunnel/ziti_tunnel.c:465 ziti_tunneler_close_write() closing write connection: service=scdx-demo-webservice, client=tcp:100.64.0.1:36721 index.html 100% |***| 361 0:00:00 ETA [ 49.951] INFO lib/ziti-tunnel/ziti_tunnel.c:439 ziti_tunneler_close() closing connection: service=scdx-demo-webservice, client=tcp:100.64.0.1:36721 root@Teltonika-RUT240:/tmp# ls index.html index.html** root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp# [ 81.696] INFO lib/ziti-tunnel/tunnel_udp.c:210 recv_udp() intercepted address[udp:100.64.2.1:1812] client[udp:100.64.0.1:54131] service[scdx-demo-radiusserver-auth-udp]

[1]+ Segmentation fault /usr/sbin/ziti-edge-tunnel run -i /etc/ziti/id.json --dns=dnsmasq:/tmp/hosts root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp# root@Teltonika-RUT240:/tmp#

It is a consistent behavior.

Kindly help in resolving this issue.

Thanks Sameer Sarkar

scareything commented 3 years ago

Hi Sameer.

You're seeing this issue because we are in the process of updating some of the configuration schemas in our controller (since version 0.19.11, which you are using), and the 0.16 ziti-edge-tunnel codebase has not quite caught up with those changes.

If you need to get running immediately you can use the https://github.com/openziti/ziti-tunnel-sdk-c/tree/0.15.x-host.v1.updates branch for now (this branch also includes the openwrt fixes that we discussed in the previous issue that you raised here). We expect to merge the configuration schema support into 0.16 within the next couple of weeks.

Thanks, -Shawn

sameersarkar-tcl commented 3 years ago

Thanks Shawn, I used https://github.com/openziti/ziti-tunnel-sdk-c/blob/0.15.x-source.ip.routes to build the ziti tunnel binary. Thanks for you help.

You can close this ticket

dovholuknf commented 3 years ago

closing per request to close