search

stealth / sshttp

SSH/HTTP(S) multiplexer. Run a webserver and a sshd on the same port w/o changes.
http://c-skills.blogspot.com
865 stars 97 forks source link

getsockopt: No such file or directory #19

Closed deliciouslytyped closed 1 year ago

deliciouslytyped commented 1 year ago

Im running into an issue with an error similar to the getsockopt error in https://github.com/stealth/sshttp/issues/15

I'm running ssh on 2222 and http on 2280.

strace shows the following when I try to curl http://localhost:443:

[pid 13398] <... poll resumed>)         = 1 ([{fd=4, revents=POLLIN}])
[pid 13397] <... poll resumed>)         = 1 ([{fd=4, revents=POLLIN}])
[pid 13396] <... poll resumed>)         = 1 ([{fd=4, revents=POLLIN}])
[pid 13395] <... poll resumed>)         = 1 ([{fd=4, revents=POLLIN}])
[pid 13398] accept4(4,  <unfinished ...>
[pid 13397] accept4(4,  <unfinished ...>
[pid 13398] <... accept4 resumed>{sa_family=AF_INET, sin_port=htons(56942), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 5
[pid 13397] <... accept4 resumed>0x7ffe16a25040, [16], SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
[pid 13396] accept4(4,  <unfinished ...>
[pid 13395] accept4(4,  <unfinished ...>
[pid 13398] setsockopt(5, SOL_TCP, TCP_NODELAY, [1], 4 <unfinished ...>
[pid 13397] poll([{fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=4, events=POLLIN|POLLOUT}], 5, 1000 <unfinished ...>
[pid 13398] <... setsockopt resumed>)   = 0
[pid 13396] <... accept4 resumed>0x7ffe16a25040, [16], SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
[pid 13395] <... accept4 resumed>0x7ffe16a25040, [16], SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
[pid 13398] accept4(4,  <unfinished ...>
[pid 13396] poll([{fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=4, events=POLLIN|POLLOUT}], 5, 1000 <unfinished ...>
[pid 13398] <... accept4 resumed>0x7ffe16a25040, [16], SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
[pid 13395] poll([{fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=4, events=POLLIN|POLLOUT}], 5, 1000 <unfinished ...>
[pid 13398] poll([{fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=4, events=POLLIN|POLLOUT}, {fd=5, events=POLLIN}], 6, 1000) = 1 ([{fd=5, revents=POLLIN}])
[pid 13398] getsockopt(5, SOL_IP, 0x50 /* IP_??? */, 0x7ffe16a25050, [16]) = -1 ENOENT (No such file or directory)
[pid 13398] close(5)                    = 0
[pid 13398] getpid()                    = 13398
[pid 13398] sendto(3, "<27>Apr 16 18:11:51 sshttpd[1339"..., 106, MSG_NOSIGNAL, NULL, 0) = 106

The log shows: sshttpd[14112]: sshttp::loop::NS_Socket::dstaddr::getsockopt:No such file or directory

my PORTS is set to "2222 2280" and I'm running $sudo ./sshttpd -S 2222 -L 443 -H 2280 -U nobody -R /var/empty. I hope i just missed something simple in the documentation, I don't really understand what exactly s breaking.

The nf-setup output:

 $sudo ./nf-setup
[sudo] password for a:
modprobe: FATAL: Module nf_conntrack_ipv4 not found in directory /lib/modules/6.0.0-12parrot1-amd64
iptables: Chain already exists.
Using network device enp1s0
Setting up port 2222 ...
Setting up port 2280 ...
RTNETLINK answers: File exists

conntrack is loaded:

 $lsmod | grep conntrack
nf_conntrack          188416  2 nf_nat,xt_REDIRECT
nf_defrag_ipv6         24576  2 nf_conntrack,xt_socket
nf_defrag_ipv4         16384  2 nf_conntrack,xt_socket
libcrc32c              16384  6 nf_conntrack,nf_nat,btrfs,nf_tables,xfs,raid456

iptables has the rules:

$sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i enp1s0 -p tcp -m tcp --dport 2222 -j DROP
-A INPUT -i enp1s0 -p tcp -m tcp --dport 2280 -j DROP
$sudo iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
 $sudo iptables -S -t raw
-P PREROUTING ACCEPT
-P OUTPUT ACCEPT
 $sudo iptables -S -t mangle
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DIVERT
-A PREROUTING -p tcp -m socket -j DIVERT
-A OUTPUT -o enp1s0 -p tcp -m tcp --sport 2222 -j DIVERT
-A OUTPUT -o enp1s0 -p tcp -m tcp --sport 2280 -j DIVERT
-A DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A DIVERT -j ACCEPT
deliciouslytyped commented 1 year ago

I got sslh to work almost instantly, so I'm using that for the moment.

stealth commented 1 year ago

Ok, you are using parrot with a 6.0.0 kernel?

deliciouslytyped commented 1 year ago

I don't have access to the machine right now, but I'm pretty sure I was running Ubuntu 22.04 or 22.10 which Google suggests is running on 5.15 or 5.19, or on https://parrotsec.org/blog/2023-02-15-parrot-5.2-release-notes/ which is reportedly on 6.0 .

I didn't realize, does sshttp have some sort of kernel version requirement?

stealth commented 1 year ago

Should be fixed now. Main problem was that new kernels rename the nfconntrack module so the setup script fails and the getsockopt() didnt work. Tested to work on Kernel 6.3.

stealth commented 1 year ago

closing