On Thu, 8 Jul 2021 22:46:47 -0700 Ralph Little <[email protected]> wrote:
> Hi, > > On 2021-07-08 7:28 p.m., E. Liddell via sane-devel wrote: > > Background: I have a Canon LiDE 200 scanner, tested and confirmed to > > work with the genesys backend. It's hooked up to a headless Raspberry Pi > > running Gentoo (*not* Raspbian, and it uses OpenRC, not systemd, for > > init) with a fairly minimal set of packages installed. I want to share this > > scanner to another machine on my LAN. > > > > I have saned running. The problem is that no matter how I configure it, > > it won't accept connections from anything but localhost. This includes > > the host itself attempting to contact it by IP, which happens to be > > 192.168.1.51. > > > > Debug gives the error "argument marshalling error (Connection reset > > by peer)" regardless of what machine scanimage -L is running on, or > > what user it's running under. > > > > The problem is not likely to be general-networking or firewall-related > > (sshd works fine without having to drill holes anywhere, and I can see the > > open saned port when running nmap from a different machine). > > > > /proc/sys/net/ipv6/bindv6only contains a 0, so that isn't an issue (and sshd > > would be broken if it were). > > > > avahi support is not compiled into sane (it causes errors), but I don't see > > why that would cause this type of breakage. > > > > The saned user is in the usb and scanner groups. > > > > What have I missed? > > > > ==== > > > > saned.conf, minus comments: > > > > 192.168.1.55 > > 192.168.1.51 > > 192.168.1.52 > > 192.168.1.0/24 > > localhost > > > > ==== > > > > net.conf, minus comments: > > > > connect_timeout = 60 > > > > 192.168.1.51 > > localhost > > The config looks OK. > > Firstly, let's check the obvious: do you have a firewall activated on > the Pi? No. The only firewall-capable package installed is iptables, and it has never been configured or started. > Failing that , would it be possible to get some diag from saned itself? > It looks like the problem is there. > saned outputs diag with the "-d 128" option. By default it outputs to > syslog, but if you use -e the output goes to stderr instead. Details: > man saned (Full output at the end.) Turns out I needed -l as well to get this to work. It looks like it's handling addresses in IPv6 even when they're specified in IPv4? I think I see why I couldn't find any other descriptions of this problem, though: the nature of the network configuration on this Pi. It's hand-coded (not DHCP) and very minimal (/etc/hosts only contains the definitions for "localhost"). If I'd taken the time to fill out /etc/hosts and link "raspi2" and the hostname of the other machine to their IPs, the connection attempts might be succeeding. I get the impression it isn't even testing the bare IP, just looking for a hostname, even though only the IP information can be guaranteed to exist. Settings problem? Bug? > I don't know anything about the setup of how saned is started with > OpenRC. If you cannot get diag output from it somewhere, then I can see > if I can figure something out here. OpenRC is an overlayer for traditional SysV init, so there's a shell script involved that I can reproduce if necessary. A quick check suggests it invokes saned -a, but I'm not clear on the username passed. === naspi2 ~ # saned -d128 -e -l [saned] read_config: searching for config file [saned] read_config: done reading config [saned] saned (AF-indep+IPv6) from sane-backends 1.0.31 starting up [saned] do_bindings: trying to get port for service "sane-port" (getaddrinfo) [saned] do_bindings: [1] socket () using IPv6 [saned] do_bindings: [1] setsockopt () [saned] do_bindings: [1] bind () to port 6566 [saned] do_bindings: [1] listen () [saned] do_bindings: [0] socket () using IPv4 [saned] do_bindings: [0] setsockopt () [saned] do_bindings: [0] bind () to port 6566 [saned] do_bindings: [0] bind failed: Address already in use [saned] run_standalone: waiting for control connection [saned] handle_client: spawning child process [saned] handle_connection: processing client connection [saned] check_host: access by remote host: ::1 [saned] check_host: remote host is IN6_LOOPBACK: access granted [saned] init: access granted [saned] init: access granted to eliddell@::1 [saned] process_request: waiting for request [saned] process_request: got request 1 [saned] process_request: waiting for request [saned] handle_client: spawning child process [saned] handle_connection: processing client connection [saned] check_host: detected an IPv4-mapped address [saned] check_host: access by remote host: ::ffff:192.168.1.51 [saned] check_host: remote host is not IN_LOOPBACK nor IN6_LOOPBACK [saned] check_host: local hostname: naspi2 [saned] check_host: getaddrinfo for local hostname failed: No address associated with hostname [saned] init: access by host ::ffff:192.168.1.51 denied [saned] quit: exiting [saned] process_request: got request 10 [saned] quit: exiting
