Hi There,
I am running centos 6.5 in a virtual machine under vSphere 5.5. I am trying to use command "ip route add 123.123.123.123/24 unreachable" to mitigate an attack on my server. As soon as I enter the command I start getting this warning message every 30 seconds. I seems that vmware tools cannot parse the output of /proc/net/route when it has an Iface value of "*" which is added by the ip route command. Can anyone tell me how to disable this message. It doesn't appear to have any negative effects except that it clutters my log and just feels very "wrong".
TIA,
Jerry
Hi
Welcome to communities.
Rename libtimeSync.so to libtimeSync.so.bak (or something else you choose)
There is a KB Article that you might want to read and see it you can try that as well if you have access to the full back end
The File locations are as follows:
/usr/lib/vmware-tools/plugins32/vmsvc/libtimeSync.so
/usr/lib/vmware-tools/plugins64/vmsvc/libtimeSync.so
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1189
Hi There,
I renamed both files as recommended (added .bak to names) and then did a "service vmware-tools restart". The messages still appear every 30 seconds. I read the KB article but this is a service machine and shutting it down is problematic.
Any other suggestions?
I have this same issue.
After the adding unreachable route in the routing table
ip route add unreachable 10.0.0.0/8 metric 999
I'm starting to get an error
vmsvc[938]: [ warning] [guestinfo] RecordRoutingInfo: Unable to collect IPv4 routing table.
Of course I've read http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=204857...
But these solution did not help me.
I've just spent a happy hour debugging the binary of vmtools (where is the source code of this beast??) and found the bug -- vmsvc does not understand the concept of non-matching rules in /proc/net/route, and stops as soon as it finds a non-matching rule (the prohibit rule). A work-around for this logic fault is to change the regular expression to match the "offending" line.
Lines in /proc/net/route are assumed to match this regular expression:
^(\w+)\s+([[:xdigit:]]{8})\s+([[:xdigit:]]{8})\s+([[:xdigit:]]{4})\s+\d+\s+\d+\s+(\d+)\s+([[:xdigit:]]{8})\s+(\d+)\s+\d+\s+(\d+)\s*$
The regular expression is incorrect, as shown by the following command:
grep -P '^(\w+)\s+([[:xdigit:]]{8})\s+([[:xdigit:]]{8})\s+([[:xdigit:]]{4})\s+\d+\s+\d+\s+(\d+)\s+([[:xdigit:]]{8})\s+(\d+)\s+\d+\s+(\d+)\s*$|$' /proc/net/route --colour
You can find this regular expression with 'strings' and manual inspection:
strings /usr/lib/vmware-tools/plugins64/vmsvc/libguestInfo.so
The following regular expression will work (changing the leading \w to \S -- from word to non-space):
^(\S+)\s+([[:xdigit:]]{8})\s+([[:xdigit:]]{8})\s+([[:xdigit:]]{4})\s+\d+\s+\d+\s+(\d+)\s+([[:xdigit:]]{8})\s+(\d+)\s+\d+\s+(\d+)\s*$
You can hack the change with ... oh wow ... this is horrible ...
sed -i.orig \
's/\^(\\w+)\\s+(\[\[:xdigit:\]\]{8})/^(\\S+)\\s+([[:xdigit:]]{8})/' \
/usr/lib/vmware-tools/plugins64/vmsvc/libguestInfo.so
This should be patched in that source code, preferably to not bomb out on regex misses. Patching the binary like this solves the problem of logging every 30 seconds, but renders vmwaretools out of date.
Wow... Using sed on a binary file is the sort of thing that I would do too... But writing a regex for sed to patch a regex in a binary, that takes it to a whole new level.
I've brought this thread to the attention of the folks who should be able to fix the problem in the source.
Cheers,
--
Darius
I ran into the same problem today morning in my centos 6.5 m/c. Did you find any solution to this? renaming libtimesync.so doesn't seem to solve the issue.
The problem in this thread is not related to libtimesync.so. Do the other posts in this thread help you at all? The message quite likely is caused by a failure to parse an "unreachable" route from the guest's routing table.
Cheers,
--
Darius