Re: sample/proxy.c

Fri, 19 May 2006 04:16:14 -0700

Open RD_ONLY then try to modify is probably an error, so I changed the open of /dev/ipnat to O_RDWR. 

Now the error is slightly different:

real IP is: 210.172.133.140
Failed to TPUT ipf: 0:Error 0
 error: Error 0.
remote end for connection: 210.172.133.140,7100
OK Hello 210.172.133.140:39168 - you are connected to 210.172.133.140:7100


Which actually created a lovely new rule:

??? 210.172.133.140 39168 <- -> 210.my.ext.IP 60444 [210.172.133.140 7100]
RDR 210.172.133.140 1     <- -> 210.172.133.140 7100  [210.my.ext.IP 60444]


Jorgen Lundman wrote:

The error is from the locking ioctl:


        onoff = 1;
        if (ioctl(fd, SIOCSTLCK, &onoff) == 0) {
                if (ioctl(fd, SIOCSTPUT, &obj) != 0)
                        perror("SIOCSTPUT");
printf("Failed to TPUT ipf: %d:%s\n", errno, strerror(errno)); 
                onoff = 0;
                if (ioctl(fd, SIOCSTLCK, &onoff) != 0)
                        perror("SIOCSTLCK");
        } else {
printf("Failed to lock ipf: %d:%s\n", errno, strerror(errno)); 
        }



Failed to lock ipf: 1:Not owner


truss:

12691:  open("/dev/ipnat", O_RDONLY)                    = 3
12691:  ioctl(3, _IOWRN('r', 63, 52), 0x08047D64)       = 0
12691:  so_socket(PF_INET, SOCK_DGRAM, IPPROTO_IP, "", SOV_DEFAULT) = 4
12691:  connect(4, 0x08047610, 16, SOV_DEFAULT)         = 0
12691:  getsockname(4, 0x08047610, 0x080475F8, SOV_DEFAULT) = 0
12691:  close(4)                                        = 0
12691:  ioctl(1, TCGETA, 0x080468F4)                    Err#22 EINVAL
12691:  fstat64(1, 0x08046920)                          = 0
12691:  brk(0x08062308)                                 = 0
12691:  brk(0x08066308)                                 = 0
12691:  fstat64(1, 0x08046860)                          = 0
12691:  so_socket(PF_INET, SOCK_STREAM, IPPROTO_IP, "", SOV_DEFAULT) = 4
12691:  bind(4, 0x08047610, 16, SOV_SOCKBSD)            = 0
12691:  getsockname(4, 0x08047610, 0x080475F8, SOV_DEFAULT) = 0
12691:  ioctl(3, _IOWRN('r', 79, 4), 0x08047600)        Err#1 EPERM
12691:  write(1, " l o c a l   I P #   t o".., 243)     = 243


Darren Reed wrote:
Ok, the ioctl() are failing, but inetd is eating the stderr output.. Sigh. 

 error: Not owner.
root 12660 12523 0 17:51:19 ? 0:00 /usr/local/bin/proxy e1000g0 

# ls -lL /dev/ipl*
crw-rw-rw-   1 root     sys      165,  0 Mar 20 15:31 /dev/ipl
crw-rw-rw-   1 root     sys      165,  6 May 19 17:51 /dev/iplookup
So I assume that doesn't mean Unix owner (root, and /dev looks accessable) but rather NAT rule owner? 



What exactly produces the above error?

None of the perror calls have that output.

Can you use truss on inetd to find out?

Darren






--
Jorgen Lundman       | <[EMAIL PROTECTED]>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)

Reply via email to