Results 1 to 10 of 10

Thread: Is traceroute broken in 11.4?

  1. #1
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,353
    Blog Entries
    3

    Default Is traceroute broken in 11.4?

    Code:
    # traceroute -I 69.12.32.2
    Note: the -i and -I options were exchangedfor compability with LBL traceroute
    Use -I for ICMP, and -i <ifname> to specify the interface name
    unable to create ICMP send socket: Permission denied
    Note that the command was done as root. This worked in 11.3.

    And yes, it works without the "-I". But it should work with the "-I". One shouldn't have to boot into Windows, just to run "tracert" there.
    openSUSE Leap 15.1; KDE Plasma 5;

  2. #2
    Join Date
    Mar 2009
    Location
    sri mayapur, west bengal, india
    Posts
    958

    Default Re: Is traceroute broken in 11.4?

    On Wed, 06 Apr 2011 11:36:01 +0530, nrickert
    <nrickert@no-mx.forums.opensuse.org> wrote:

    >
    > Code:
    > --------------------
    > # traceroute -I 69.12.32.2
    > Note: the -i and -I options were exchangedfor compability with LBL
    > traceroute
    > Use -I for ICMP, and -i <ifname> to specify the interface name
    > unable to create ICMP send socket: Permission denied
    > --------------------
    >
    > Note that the command was done as root. This worked in 11.3.
    >
    > And yes, it works without the "-I". But it should work with the "-I".
    > One shouldn't have to boot into Windows, just to run "tracert" there.
    >


    for me traceroute works as expected with the -I option (oS 11.4). another
    program for this purpose, which i think is a little more flexible, is mtr,
    available from the OSS repo.


    --
    phani.

  3. #3
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Is traceroute broken in 11.4?

    Note that you can get misleading errors from network utils due to firewall rules and also due to installing a new kernel and not rebooting making the module unavailable. I suspect apparmor and selinux can also have an effect. Have a look in the logs to see if there is more to send socket permission denied.

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,353
    Blog Entries
    3

    Default Re: Is traceroute broken in 11.4?

    Quote Originally Posted by ken_yap View Post
    I suspect apparmor and selinux can also have an effect.
    Thanks for the hints. Apparently, this was due to apparmor.
    Code:
    type=AVC msg=audit(1302098571.660:201): apparmor="DENIED" operation="create" par
    ent=446 profile="/usr/sbin/traceroute" pid=5840 comm="traceroute" family="inet" 
    sock_type="raw" protocol=255
    I found that in "/var/log/audit/audit.log

    I went into the Yast, and checked the apparmor settings. There was a choice for "edit profiles" (or similar).

    I started by editing the profile for ping, since that works. I saw a line there "network inet raw".

    Aborting that edit, I then edited the entry for traceroute, and was able to add a similar permission for traceroute. It now works (as root).
    openSUSE Leap 15.1; KDE Plasma 5;

  5. #5
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Is traceroute broken in 11.4?

    Question is whether you missed an update to the apparmor profille or this is a distro bug that should be reported.

  6. #6
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,353
    Blog Entries
    3

    Default Re: Is traceroute broken in 11.4?

    I am not aware of missing an update. Wouldn't the update be offered again if I had missed it?

    I tested this on my home computer, installed via the 64 bit NET install CD. I also did an ssh login to my work computer, installed via the 32 bit live CD. Both had the problem.

    There were already apparmor rules for traceroute. But they did not include a rule for raw sockets. I am guessing that this is a distro bug (or distro oversight). Let me know if you think I should report it as a bug.
    openSUSE Leap 15.1; KDE Plasma 5;

  7. #7
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Is traceroute broken in 11.4?

    I don't know about apparmor updates actually, as I don't have apparmor turned on. Maybe phani knows better?

  8. #8
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Is traceroute broken in 11.4?

    On 2011-04-06 21:06, nrickert wrote:

    > There were already apparmor rules for traceroute. But they did not
    > include a rule for raw sockets. I am guessing that this is a distro bug
    > (or distro oversight). Let me know if you think I should report it as a
    > bug.


    I think so, yes.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  9. #9
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,353
    Blog Entries
    3

    Default Re: Is traceroute broken in 11.4?

    openSUSE Leap 15.1; KDE Plasma 5;

  10. #10
    Join Date
    Mar 2009
    Location
    sri mayapur, west bengal, india
    Posts
    958

    Default Re: Is traceroute broken in 11.4?

    On Thu, 07 Apr 2011 00:36:02 +0530, ken yap
    <ken_yap@no-mx.forums.opensuse.org> wrote:

    >
    > I don't know about apparmor updates actually, as I don't have apparmor
    > turned on. Maybe phani knows better?
    >


    sorry, don't use apparmor either.

    --
    phani.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •