+++ This bug was initially created as a clone of Bug #11705 +++ as described on the mailinglist: A recent kernel security update[1] caused some issues with our ctdb cluster; messages like: | We are still serving a public IP 'x.x.x.x' that we should not be serving. Removing it | common/system_common.c:89 failed to open raw socket (Invalid argument) | Could not find which interface the ip address is hosted on. can not release it and | common/system_linux.c:344 failed to open raw socket (Invalid argument) The corresponding parts in ctdb's code look like this: | s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW)); converting IPPROTO_RAW to 0xff00 (from strace): | socket(PF_INET, SOCK_RAW, 0xff00 /* IPPROTO_??? */) = -1 EINVAL (Invalid argument) Removing htons() from both calls seems to fix the issue for us. To have the original behavior, one could use IPPROTO_IP which is 0. [1] https://security-tracker.debian.org/tracker/CVE-2015-8543
We did not backport this to 4.2
Created attachment 12214 [details] Patches for v4-2 branch
Comment on attachment 12214 [details] Patches for v4-2 branch Don't we also need commit f5b6a5b13406c245ab9cc8c1699483af9eb21f88?
(In reply to Martin Schwenke from comment #3) Yes we do! New patches coming up.
Created attachment 12227 [details] Patches for v4-2 branch
Hi Karolin, This one is ready for Samba 4.2.x. Thanks!
(In reply to Martin Schwenke from comment #6) 4.2 is in the security fixes only mode. Are there any special reasons why it should be included in the next 4.2 security release?
Created attachment 12230 [details] Patches for 1.0.114(.9) Here're patches for 1.0.114.9 in case someone needs them too...
(In reply to Karolin Seeger from comment #7) It seems that this bug causes linux kernel to crash in some older versions. Is that good enough reason?
(In reply to Amitay Isaacs from comment #9) I'd agree to include this in our next security release, otherwise please have choose between having a broken cluster or a kernel without security patches.
Ok, thanks. Applied on current v4-2-stable.
(In reply to Karolin Seeger from comment #11) Pushed and included in 4.2.14. Closing out bug report. Thanks!