New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mobike fails due to socket dissolve call in android_net::get_source_addr #1691
Comments
Hm, while creating a new socket might be a workaround, I really wonder what goes wrong here. Because according to the man page for diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_net.c b/src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_net.c
index d60bee6f780e..210adbf3ba08 100644
--- a/src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_net.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_net.c
@@ -118,7 +118,7 @@ METHOD(kernel_net_t, get_source_addr, host_t*,
struct sockaddr sockaddr;
struct sockaddr_in sin;
struct sockaddr_in6 sin6;
- } addr;
+ } addr = {};
socklen_t addrlen;
timeval_t now;
job_t *job; |
My guess is that the OS is doing something to clean up the socket from underneath the app when it goes into doze mode. I tried ignoring it and allowing the next connect() by just commenting out the return here:
DBG1(DBG_KNL, "failed to disconnect socket: %s", strerror(errno));
return NULL;
But then the actual connect failed, and they share the socket fd and length. Unless the length is just invalid, it is likely the socket fd. The destination host_t is valid because it prints out as the expected value.
if (connect(socket, dest->get_sockaddr(dest), addrlen) < 0)
With error ENETUNREACH.
“05-09 15:39:26.838 29421 29896 I charon : 03[KNL] failed to connect socket2: Network is unreachable”
Whatever happens to that socket fd, it seems to become unusable. If you manually disconnect and then reconnect, it destroys the socket and opens a new one. Then the get_source_addr works with the new socket.
There may be another way to resolve it than closing the socket and opening a new one. But this was good enough for my purposes.
I can try initializing the struct to all zeroes and get back to you. The really weird part of this is that if the phone is plugged in via USB (preventing Doze) or the router is only disconnected for a short time, this doesn’t happen. The dissolve works for the most part.
…--Andrew
From: Tobias Brunner ***@***.***>
Sent: Thursday, May 11, 2023 5:09 AM
To: strongswan/strongswan ***@***.***>
Cc: Andrew Phillips ***@***.***>; Author ***@***.***>
Subject: Re: [strongswan/strongswan] Mobike fails due to socket dissolve call in android_net::get_source_addr (Issue #1691)
CAUTION - This email is from an external source. Please be cautious with links and attachments. (go/taginfo)
Hm, while creating a new socket might be a workaround, I really wonder what goes wrong here. Because according to the man page for connect(), ECONNREFUSED is only returned if "connect() on a stream socket found no one listening on the remote address", which clearly doesn't apply for a dissolve attempt on a SOCK_DGRAM socket with AF_UNSPEC. However, I did notice that addr isn't initialized to 0 (the assumption is that AF_UNSPEC is enough to trigger the disolve and any other fields are ignored). Could you try if this change makes a difference:
diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_net.c b/src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_net.c
index d60bee6f780e..210adbf3ba08 100644
--- a/src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_net.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_net.c
@@ -118,7 +118,7 @@ METHOD(kernel_net_t, get_source_addr, host_t*,
struct sockaddr sockaddr;
struct sockaddr_in sin;
struct sockaddr_in6 sin6;
- } addr;
+ } addr = {};
socklen_t addrlen;
timeval_t now;
job_t *job;
—
Reply to this email directly, view it on GitHub<https://urldefense.com/v3/__https:/github.com/strongswan/strongswan/issues/1691*issuecomment-1543626623__;Iw!!JoeW-IhCUkS0Jg!au6zcDqkJ9SJyumsFFEpLNiHfg_zgpTi0AP6LXW9V9-NpdUtaZGxwCsPBQDtfHBS1jY39iwvovdTLmKsnocuyTu5HrNnAw$>, or unsubscribe<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AIO2OIIJ4PL53SWYPVDPBOTXFSUCRANCNFSM6AAAAAAX5FWGKE__;!!JoeW-IhCUkS0Jg!au6zcDqkJ9SJyumsFFEpLNiHfg_zgpTi0AP6LXW9V9-NpdUtaZGxwCsPBQDtfHBS1jY39iwvovdTLmKsnocuyTv5cviepQ$>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
----------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
|
Initializing addr didn't do anything. So far, the only thing i've found that works is a close of the socket fd and opening a new one. |
OK, thanks for testing. I've pushed a possible fix to the 1691-android-src-ip branch. Please let me know if that work for you. |
Ok. I see, you just made it a local rather than a class variable. I’ll get back to you.
From: Tobias Brunner ***@***.***>
Sent: Wednesday, May 17, 2023 4:26 AM
To: strongswan/strongswan ***@***.***>
Cc: Andrew Phillips ***@***.***>; Author ***@***.***>
Subject: Re: [strongswan/strongswan] Mobike fails due to socket dissolve call in android_net::get_source_addr (Issue #1691)
CAUTION - This email is from an external source. Please be cautious with links and attachments. (go/taginfo)
OK, thanks for testing. I've pushed a possible fix to the 1691-android-src-ip branch. Please let me know if that work for you.
—
Reply to this email directly, view it on GitHub<https://urldefense.com/v3/__https:/github.com/strongswan/strongswan/issues/1691*issuecomment-1550970744__;Iw!!JoeW-IhCUkS0Jg!cuUzhNDnmYk3hPvtf2ia4_DjzOxDNxZQEeCuzD0_N4dPukKumOrDllVMjeyfcZ2nJG4gWBz7_y3o7Tly9ajBGlauqUFdyw$>, or unsubscribe<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AIO2OIOGV4ALYLGKHIDICRTXGSDSHANCNFSM6AAAAAAX5FWGKE__;!!JoeW-IhCUkS0Jg!cuUzhNDnmYk3hPvtf2ia4_DjzOxDNxZQEeCuzD0_N4dPukKumOrDllVMjeyfcZ2nJG4gWBz7_y3o7Tly9ajBGlZZMgI2dw$>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
…----------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
|
Yeah, if we replace the socket with each call anyway, there is no need to keep it around.
Have you been able to test the patch in your environment in the meantime? |
Not yet, have had other priorities. Will get back to this soon.
…--Andrew
From: Tobias Brunner ***@***.***>
Sent: Wednesday, May 31, 2023 11:35 AM
To: strongswan/strongswan ***@***.***>
Cc: Andrew Phillips ***@***.***>; Author ***@***.***>
Subject: Re: [strongswan/strongswan] Mobike fails due to socket dissolve call in android_net::get_source_addr (Issue #1691)
CAUTION - This email is from an external source. Please be cautious with links and attachments. (go/taginfo)
Ok. I see, you just made it a local rather than a class variable.
Yeah, if we replace the socket with each call anyway, there is no need to keep it around.
I’ll get back to you.
Have you been able to test the patch in your environment in the meantime?
—
Reply to this email directly, view it on GitHub<https://urldefense.com/v3/__https:/github.com/strongswan/strongswan/issues/1691*issuecomment-1570461206__;Iw!!JoeW-IhCUkS0Jg!YCv_J6VsDwLtQs-rpqf8xfPP4GiQ7gEMfYHkoAGCedR5FaZbxI2ZtXpDyHWUA0swHJo1fpoVc8RqZjinAWzLs0DBUShXwA$>, or unsubscribe<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AIO2OIOTP3LNTZNAQN2HGMDXI5QIPANCNFSM6AAAAAAX5FWGKE__;!!JoeW-IhCUkS0Jg!YCv_J6VsDwLtQs-rpqf8xfPP4GiQ7gEMfYHkoAGCedR5FaZbxI2ZtXpDyHWUA0swHJo1fpoVc8RqZjinAWzLs0Br8PLooA$>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
----------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
|
Any updates on this? |
No, sorry. Haven’t had time.
From: Tobias Brunner ***@***.***>
Sent: Monday, July 24, 2023 5:02 AM
To: strongswan/strongswan ***@***.***>
Cc: Andrew Phillips ***@***.***>; Author ***@***.***>
Subject: Re: [strongswan/strongswan] Mobike fails due to socket dissolve call in android_net::get_source_addr (Issue #1691)
CAUTION - This email is from an external source. Please be cautious with links and attachments. (go/taginfo)
Any updates on this?
—
Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https:/github.com/strongswan/strongswan/issues/1691*issuecomment-1647505463__;Iw!!JoeW-IhCUkS0Jg!cxWcXRp_PW2L3XHuVfTF57ykoYwKLAwC7ja8x9BbwaA6R05BdpqIe_wsfFBuUMOBwrZcgBFGM9ZgYmTnMq7Ht1hhQUTZMg$> , or unsubscribe <https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AIO2OINVSZGHBB2TJE72VLLXRY2XBANCNFSM6AAAAAAX5FWGKE__;!!JoeW-IhCUkS0Jg!cxWcXRp_PW2L3XHuVfTF57ykoYwKLAwC7ja8x9BbwaA6R05BdpqIe_wsfFBuUMOBwrZcgBFGM9ZgYmTnMq7Ht1ha03VZDw$> .
You are receiving this because you authored the thread. <https://github.com/notifications/beacon/AIO2OIJE73AQLKW4YVPXSE3XRY2XBA5CNFSM6AAAAAAX5FWGKGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTTCGLYDO.gif> Message ID: ***@***.*** ***@***.***> >
…----------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
|
System (please complete the following information):
Describe the bug
In ./src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_net.c, there is a socket "dissolve" call (sorry it all got jumbled on one line):
addr.sockaddr.sa_family = AF_UNSPEC; if (connect(socket, &addr.sockaddr, addrlen) < 0) { DBG1(DBG_KNL, "failed to disconnect socket: %s", strerror(errno)); return NULL; }
On the Samsung Galaxy devices (I don't know whether it's specific to Samsung or not, but it was 100% reproducible on them), socket dissolve does not consistently work. As tested, it behaves better if you instead do a clean socket close and open to get a new socket FD. The example pictured below is for the IPv4 socket in android_net.c.
if (dest->get_family(dest) == AF_INET) { socket = this->socket_v4; // Instead of using socket "dissolve" just close and reopen the socket. // see https://man7.org/linux/man-pages/man2/connect.2.html // https://idea.popcount.org/2019-11-06-creating-sockets close(this->socket_v4); this->socket_v4 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); charonservice->bypass_socket(charonservice, this->socket_v4, AF_INET); socketFd = this->socket_v4; }
As the link below says "This AF_UNSPEC socket dissolve trick is totally ugly, but it can save us a syscall. Instead of calling close() and then socket(), we can do a single connect(AF_UNSPEC) only. The big issue is it's not obvious which internal socket fields are reset and which are preserved."
https://idea.popcount.org/2019-11-06-creating-sockets/
https://man7.org/linux/man-pages/man2/connect.2.html
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The connection is restored.
Actual behavior
Mobike fails because android_net::get_source_addr bails out early since it gets the following error. The errno returned is ECONNREFUSED.
"failed to disconnect socket: Connection refused"
Logs/Backtraces
05-09 06:03:25.846 26854 8804 I charon : 16[NET] error writing to socket: Network is unreachable
...
05-09 06:03:30.851 26854 8804 I charon : 16[NET] error writing to socket: Network is unreachable
...
05-09 09:18:20.391 26854 8788 I charon : 17[DMN] charonservice get_network_manager
05-09 09:18:20.393 26854 8788 I charon : 17[KNL] networkChanged 1
05-09 09:18:20.394 26854 8788 I charon : 17[KNL] connectivity_cb: connected 1
05-09 09:18:20.395 26854 8788 I charon : 17[KNL] connectivity_cb: too soon
05-09 09:18:20.552 26854 8790 I charon : 02[ESP] could not find an outbound IPsec SA for reqid {46}, dropping packet
05-09 09:18:21.026 26854 8790 I charon : 02[ESP] could not find an outbound IPsec SA for reqid {46}, dropping packet
05-09 09:18:21.043 26854 8802 I charon : 14[KNL] failed to disconnect socket: Connection refused
05-09 09:18:21.045 26854 8802 I charon : 14[IKE] old path is not available anymore, try to find another
05-09 09:18:21.046 26854 8802 I charon : 14[IKE] looking for a route to 62.67.59.130 ...
05-09 09:18:21.048 26854 8802 I charon : 14[KNL] failed to disconnect socket: Connection refused
05-09 09:18:21.050 26854 8802 I charon : 14[IKE] is_any_path_valid source address:(null) path valid:0
05-09 09:18:21.052 26854 8802 I charon : 14[IKE] no route found to reach 62.67.59.130, MOBIKE update deferred
05-09 09:18:22.908 26854 8788 I charon : 17[DMN] charonservice get_network_manager
05-09 09:18:22.910 26854 8788 I charon : 17[KNL] networkChanged 1
05-09 09:18:22.911 26854 8788 I charon : 17[KNL] connectivity_cb: connected 1
05-09 09:18:22.912 26854 8788 I charon : 17[KNL] connectivity_cb: checking connectivity
05-09 09:18:23.041 26854 8790 I charon : 02[ESP] could not find an outbound IPsec SA for reqid {46}, dropping packet
05-09 09:18:23.922 26854 8803 I charon : 15[KNL] failed to disconnect socket: Connection refused
05-09 09:18:23.923 26854 8803 I charon : 15[IKE] old path is not available anymore, try to find another
05-09 09:18:23.924 26854 8803 I charon : 15[IKE] looking for a route to 62.67.59.130 ...
05-09 09:18:23.926 26854 8803 I charon : 15[KNL] failed to disconnect socket: Connection refused
05-09 09:18:23.926 26854 8803 I charon : 15[IKE] is_any_path_valid source address:(null) path valid:0
05-09 09:18:23.927 26854 8803 I charon : 15[IKE] no route found to reach 62.67.59.130, MOBIKE update deferred
05-09 09:18:24.032 26854 8792 I charon : 04[IKE] sending keep alive to 62.67.59.130[4500]. uptime:68762(s)
The text was updated successfully, but these errors were encountered: