Re: sample/proxy.c

Tue, 23 May 2006 20:28:07 -0700 



??? 210.172.133.140 39168 <- -> 210.my.ext.IP 60444 [210.172.133.140 7100]



Finally got around to looking at this again. The "???" output seems to be when 
"nat->nat_ptr" is NULL. All the proxy source calls "nat_new" to set this.



The ioctl seems to copy in the structure that proxy.c passes it, to set nat_ptr 
so presumably somthing is missing in proxy.c.



So I add:

         nat->nat_flags = IPN_TCPUDP;
+        nat->nat_ptr = ipn;

List of active sessions:
unknown(0000) 210.172.133.140 42190 <- -> 210.my.ext.IP 50570 [210.172.133.140 
7100]

Guess I didn't get that right :)

Lund






RDR 210.172.133.140 1     <- -> 210.172.133.140 7100  [210.my.ext.IP 60444]


Jorgen Lundman wrote:


The error is from the locking ioctl:


        onoff = 1;
        if (ioctl(fd, SIOCSTLCK, &onoff) == 0) {
                if (ioctl(fd, SIOCSTPUT, &obj) != 0)
                        perror("SIOCSTPUT");

                printf("Failed to TPUT ipf: %d:%s\n", errno, 
strerror(errno));

                onoff = 0;
                if (ioctl(fd, SIOCSTLCK, &onoff) != 0)
                        perror("SIOCSTLCK");
        } else {

                printf("Failed to lock ipf: %d:%s\n", errno, 
strerror(errno));

        }



Failed to lock ipf: 1:Not owner


truss:

12691:  open("/dev/ipnat", O_RDONLY)                    = 3
12691:  ioctl(3, _IOWRN('r', 63, 52), 0x08047D64)       = 0
12691:  so_socket(PF_INET, SOCK_DGRAM, IPPROTO_IP, "", SOV_DEFAULT) = 4
12691:  connect(4, 0x08047610, 16, SOV_DEFAULT)         = 0
12691:  getsockname(4, 0x08047610, 0x080475F8, SOV_DEFAULT) = 0
12691:  close(4)                                        = 0
12691:  ioctl(1, TCGETA, 0x080468F4)                    Err#22 EINVAL
12691:  fstat64(1, 0x08046920)                          = 0
12691:  brk(0x08062308)                                 = 0
12691:  brk(0x08066308)                                 = 0
12691:  fstat64(1, 0x08046860)                          = 0
12691:  so_socket(PF_INET, SOCK_STREAM, IPPROTO_IP, "", SOV_DEFAULT) = 4
12691:  bind(4, 0x08047610, 16, SOV_SOCKBSD)            = 0
12691:  getsockname(4, 0x08047610, 0x080475F8, SOV_DEFAULT) = 0
12691:  ioctl(3, _IOWRN('r', 79, 4), 0x08047600)        Err#1 EPERM
12691:  write(1, " l o c a l   I P #   t o".., 243)     = 243


Darren Reed wrote:


Ok, the ioctl() are failing, but inetd is eating the stderr output.. 
Sigh.


 error: Not owner.


    root 12660 12523   0 17:51:19 ?           0:00 
/usr/local/bin/proxy e1000g0


# ls -lL /dev/ipl*
crw-rw-rw-   1 root     sys      165,  0 Mar 20 15:31 /dev/ipl
crw-rw-rw-   1 root     sys      165,  6 May 19 17:51 /dev/iplookup


So I assume that doesn't mean Unix owner (root, and /dev looks 
accessable) but rather NAT rule owner?





What exactly produces the above error?

None of the perror calls have that output.

Can you use truss on inetd to find out?

Darren








--
Jorgen Lundman       | <[EMAIL PROTECTED]>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)






















					Reply via email to