Saned Daemon stops - Networking

This is a discussion on Saned Daemon stops - Networking ; Trying to get a network printer to work I have been adjusting settings for saned. I have altered the various saned.conf, services.conf and inetd.conf files as per the MAN pages and the various web pages (They all seem identical) but ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Saned Daemon stops

  1. Saned Daemon stops

    Trying to get a network printer to work I have been adjusting settings
    for saned.

    I have altered the various saned.conf, services.conf and inetd.conf
    files as per the MAN pages and the various web pages (They all seem
    identical) but if I do a port scan the saned port 6566 does not show.

    Strangely if I issue the saned -d6 (Debug) command I get the output as
    shown below;

    geoff@challenger:~$ saned -d6
    [saned] main: starting debug mode (level 6)
    [saned] main: trying to get port for service `sane-port' (getaddrinfo)
    [saned] main: [0] socket () using IPv6
    [saned] main: [0] setsockopt ()
    [saned] main: [0] bind () to port 6566
    [saned] main: [0] listen ()
    [saned] main: [1] socket () using IPv4
    [saned] main: [1] setsockopt ()
    [saned] main: [1] bind () to port 6566
    [saned] main: [1] bind failed: Address already in use
    [saned] main: waiting for control connection

    If I then do a port scan it is followed immediately by the following output;

    [saned] saned (AF-indep+IPv6) from sane-backends 1.0.18-cvs ready
    [saned] check_host: detected an IPv4-mapped address
    [saned] check_host: access by remote host: ::ffff:127.0.0.1
    [saned] check_host: remote host is IN_LOOPBACK: access granted
    [saned] init: access granted
    [saned] init: bad status=22 or procnum=-1080513340
    [saned] quit: exiting

    I can do the same but with a remote scan connection instead of a port
    scan and get the same result.

    Any ideas as to why saned is not working correctly?

    Geoff Lane
    Followup-To:comp.os.linux.networking

  2. Re: Saned Daemon stops

    Geoff Lane wrote:
    > Trying to get a network printer to work I have been adjusting settings
    > for saned.


    I'm not sure what you think the relationship is between saned.conf and
    a network printer? Saned.conf lets you offer an attached scanner as
    a network service to other systems. Typically people would use cupsd
    to offer a network printing service. (If you're trying to talk to a
    networked scanner/printer then you're looking in the wrong places,
    and the following advice will be of no use.)


    > I have altered the various saned.conf, services.conf and inetd.conf
    > files as per the MAN pages and the various web pages (They all seem
    > identical) but if I do a port scan the saned port 6566 does not show.


    In inetd.conf you should have a line for sane-port leading to
    /usr/sbin/saned. I don't have a services.conf (did you mean /etc/services,
    which should have an entry for sane-port on 6566/tcp). In saned.conf
    you should have one line per network range that is allowed to connect
    to /this/ server.


    > Strangely if I issue the saned -d6 (Debug) command I get the output as
    > shown below;


    > [saned] main: [1] bind () to port 6566
    > [saned] main: [1] bind failed: Address already in use


    That's because inetd has already allocated it. Disable inetd before
    trying to run it under debug mode


    > If I then do a port scan it is followed immediately by the following output:
    > [saned] init: bad status=22 or procnum=-1080513340
    > [saned] quit: exiting


    That's because you've not talked the correct protocol, and saned is
    designed to exit when its handled a connection (inetd is responsible
    for respawning it).


    > I can do the same but with a remote scan connection instead of a port
    > scan and get the same result.


    Huh? That sentence doesn't make sense to me at all.


    > Any ideas as to why saned is not working correctly?


    I think it is, but it's possibly not doing what you think it should be
    doing. Can you explain well what it is you're actually trying to achieve?

    Chris

  3. Re: Saned Daemon stops

    Hello,

    Chris Davies a écrit :
    > Geoff Lane wrote:
    >
    >>Strangely if I issue the saned -d6 (Debug) command I get the output as
    >>shown below;
    >>
    >>geoff@challenger:~$ saned -d6
    >>[saned] main: starting debug mode (level 6)
    >>[saned] main: trying to get port for service `sane-port' (getaddrinfo)
    >>[saned] main: [0] socket () using IPv6
    >>[saned] main: [0] setsockopt ()
    >>[saned] main: [0] bind () to port 6566
    >>[saned] main: [0] listen ()
    >>[saned] main: [1] socket () using IPv4
    >>[saned] main: [1] setsockopt ()
    >>[saned] main: [1] bind () to port 6566
    >>[saned] main: [1] bind failed: Address already in use

    >
    > That's because inetd has already allocated it.


    I don't think so. I think that the system fails to bind an IPv4 socket
    to port 6566 because the IPv6 socket has already been bound to this
    port. This is the default on Linux for sockets listening on any address
    (:: and 0.0.0.0), as an IPv6 socket listening on any address (: also
    accepts IPv4 connections.

    See :
    >> [saned] saned (AF-indep+IPv6) from sane-backends 1.0.18-cvs ready
    >> [saned] check_host: detected an IPv4-mapped address
    >> [saned] check_host: access by remote host: ::ffff:127.0.0.1


    The IPv4 connection from 127.0.0.1 is received by the IPv6 socket and
    the source IP address is seen as an IPv4-mapped IPv6 address
    ::ffff:127.0.0.1 as usual.

    The default behaviour can be changed by setting the net.ipv6.bindv6only
    sysctl to 1 so IPv6 sockets allow only IPv6 connections, and IPv6 and
    IPv4 sockets can be bound to the same port.

  4. Re: Saned Daemon stops

    Chris Davies wrote:

    >> Trying to get a network printer to work I have been adjusting settings
    >> for saned.

    >
    > I'm not sure what you think the relationship is between saned.conf and
    > a network printer?


    My mistake, it is the scanner part of an MFP.

    > In inetd.conf you should have a line for sane-port leading to
    > /usr/sbin/saned.


    Mine has sane-port stream tcp nowait saned.saned /usr/sbin/saned saned


    > I don't have a services.conf (did you mean /etc/services,
    > which should have an entry for sane-port on 6566/tcp). In saned.conf
    > you should have one line per network range that is allowed to connect
    > to /this/ server.


    Yes it should have been /etc/services and it does have the network range.

    >> Strangely if I issue the saned -d6 (Debug) command I get the output as
    >> shown below;

    >
    >> [saned] main: [1] bind () to port 6566
    >> [saned] main: [1] bind failed: Address already in use

    >
    > That's because inetd has already allocated it. Disable inetd before
    > trying to run it under debug mode


    If I run the port scanner before issuing saned from the command line it
    does not show port 6566 as running.

    >> If I then do a port scan it is followed immediately by the following output:
    >> [saned] init: bad status=22 or procnum=-1080513340
    >> [saned] quit: exiting

    >
    > That's because you've not talked the correct protocol, and saned is
    > designed to exit when its handled a connection (inetd is responsible
    > for respawning it).


    That makes sense.

    >> I can do the same but with a remote scan connection instead of a port
    >> scan and get the same result.

    >
    > Huh? That sentence doesn't make sense to me at all.


    If instead of running a port scan I connect remotely with a scanner the
    connection is made successfully but saned drops as soon as the scanner
    disconnects.

    I was under the impression that saned continuously listens on port 6566
    regardless of a remote connection dropping.

    Geoff Lane

  5. Re: Saned Daemon stops

    Geoff Lane wrote:
    > I was under the impression that saned continuously listens on port 6566
    > regardless of a remote connection dropping.


    Not really. inetd continuously listens on 6566 and forks a copy of saned
    for every connection attempt it detects.

    Chris

  6. Re: Saned Daemon stops

    Chris Davies wrote:

    >> I was under the impression that saned continuously listens on port 6566
    >> regardless of a remote connection dropping.

    >
    > Not really. inetd continuously listens on 6566 and forks a copy of saned
    > for every connection attempt it detects.


    Ah, that's interesting; I was under the impression that saned (I
    understand that is a server) did the listening, I thought inetd was just
    a launch platform.

    Geoff Lane

  7. Re: Saned Daemon stops

    Chris Davies wrote:
    > Geoff Lane wrote:
    >> I was under the impression that saned continuously listens on port 6566
    >> regardless of a remote connection dropping.

    >
    > Not really. inetd continuously listens on 6566 and forks a copy of saned
    > for every connection attempt it detects.


    I naively thought that as I had saned.conf that saned was installed, it
    wasn't.

    I downloaded and installed it but still problems.

    If in saned.conf I alter the entry

    sane-port stream tcp nowait saned.saned /usr/sbin/saned saned and delete
    the .saned so it
    reads nowait saned then if I do a local port scan then port 6566 shows;
    it does NOT if I leave
    it as saned.saned.

    I get the impression that it may be a user or group problem.

    Geoff Lane

  8. Re: Saned Daemon stops

    Geoff Lane wrote:
    > If in saned.conf I alter the entry
    > sane-port stream tcp nowait saned.saned /usr/sbin/saned saned and delete
    > the .saned so it
    > reads nowait saned then if I do a local port scan then port 6566 shows;
    > it does NOT if I leave
    > it as saned.saned.


    Sounds to me like you're missing an entry for saned in /etc/group. If
    you're struggling, use these lines to add it:

    # Determine expected GID for saned
    G=`awk -F: '/^saned:/ {print $4}' /etc/passwd`; echo GID is $G

    # Add missing group - unless it's already there
    test -n "$G" && sudo groupadd -g $G saned

    # Tell you the expected group name of the saned group
    N=`awk -F: '$3 == "'"$G"'" {print $0; exit}' /etc/group`; echo NAME is $N

    The final line tells you the group name for use in the inetd.conf entry
    (you'd replace GROUP as necessary)

    sane-port stream tcp nowait saned.GROUP /usr/sbin/saned saned

    Chris

  9. Re: Saned Daemon stops

    On Mar 3, 10:38 pm, Chris Davies wrote:

    > Sounds to me like you're missing an entry for saned in /etc/group. If
    > you're struggling, use these lines to add it:
    >
    > # Determine expected GID for saned
    > G=`awk -F: '/^saned:/ {print $4}' /etc/passwd`; echo GID is $G
    >
    > # Add missing group - unless it's already there
    > test -n "$G" && sudo groupadd -g $G saned
    >
    > # Tell you the expected group name of the saned group
    > N=`awk -F: '$3 == "'"$G"'" {print $0; exit}' /etc/group`; echo NAME is $N
    >
    > The final line tells you the group name for use in the inetd.conf entry
    > (you'd replace GROUP as necessary)
    >
    > sane-port stream tcp nowait saned.GROUP /usr/sbin/saned saned


    Chris,

    This is my read out from the commands you suggested;

    geoff@challenger:~$ G=`awk -F: '/^saned:/ {print $4}' /etc/passwd`;
    echo GID is $G
    GID is 120
    geoff@challenger:~$ test -n "$G" && sudo groupadd -g $G saned
    [sudo] password for geoff:
    groupadd: group saned exists
    geoff@challenger:~$ N=`awk -F: '$3 == "'"$G"'" {print $0; exit}' /etc/
    group`; echo NAME is $N
    NAME is saned:x:120:minkins_2,geffers,geoff,saned
    geoff@challenger:~$

    My inetd entry is as follows;

    ## netbios-ssn stream tcp nowait root /usr/sbin/tcpd /usr/sbin/
    smbd
    sane-port stream tcp nowait saned.saned /usr/sbin/saned saned

    So, it looks as though all is set up OK but still no joy.

    Strangely, if I run saned -d6 from the command line my remote image
    scanner connects, if I just run saned it does not. I thought the -d
    flag was just a debug mode to supply information.

    Geoff Lane



+ Reply to Thread