divert , ipfw question
Hi , I'm interesed in the divert mechanism and want to try it out , so I recompiled the kernel ( FreeBSD 5.2.1-RELEASE #0 ) after adding the IPDIVERT option and then added the needed lines in the rc.conf file, after that , I set up ipfw to divert packets to some port here is my ipfw rule set . 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65100 divert 5000 ip from any 22 to me the divert rule 65535 deny ip from any to any then, I wanted to monitor the diverted traffic using tcpdump : $ tcpdump port 5000 when I do a telnet connection to the port 22 from a remote host , I was expecting that tcpdump will display packets diverted to the port 5000 by ipfw. The remote host I use shows that it connects to port 22 and the ipfw divert rule seems not to work. I can set another rule to block the traffic in the port 22 , and it works. only the divert rule seems to fail. I wrote some piece of code using divert socket to read packets from the divert port , but no result ... I think I'm missing something , so please enlighten my mind ... Many Thanks -- Saber /*#include stdio.h #include string.h #include sys/cdefs.h #include sys/types.h #include sys/socket.h #include netinet/in.h #include netinet/ip.h */ #include sys/param.h /* NB: we rely on this for sys/types.h */ #include sys/socket.h #include sys/sysctl.h #include sys/time.h #include sys/uio.h #include netinet/in.h #include netinet/in_systm.h #include netinet/ip.h #include netinet/ip_icmp.h #include netinet/ip_var.h #include arpa/inet.h #ifdef IPSEC #include netinet6/ipsec.h #endif /*IPSEC*/ #include ctype.h #include err.h #include errno.h #include math.h #include netdb.h #include signal.h #include stdio.h #include stdlib.h #include string.h #include sysexits.h #include termios.h #include unistd.h #define BUFSIZE 65535 int main(int argc, char **argv) { int fd, rawfd, fdfw, ret, n; int on = 1; struct sockaddr_in bindPort, sin; int sinlen; int port_nb; struct ip *hdr; unsigned char packet[BUFSIZE]; struct in_addr addr; int i, direction; struct ip_mreq mreq; if (argc != 2) { fprintf(stderr, Usage: %s port number\n, argv[0]); exit(1); } bindPort.sin_family = AF_INET; bindPort.sin_port = htons(atol(argv[1])); bindPort.sin_addr.s_addr = 0; fprintf(stderr, %s:Creating a socket\n, argv[0]); /* open a divert socket */ fd = socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT); if (fd == -1) { fprintf(stderr, %s:We could not open a divert socket\n, argv[0]); exit(1); } bindPort.sin_family = AF_INET; bindPort.sin_port = htons(atol(argv[1])); bindPort.sin_addr.s_addr = 0; fprintf(stderr, %s:Binding a socket\n, argv[0]); ret = bind(fd, (struct sockaddr*)bindPort, sizeof(struct sockaddr_in)); if (ret != 0) { close(fd); fprintf(stderr, %s: Error bind(): %s, argv[0], strerror(ret)); exit(2); } printf(%s: Waiting for data...\n, argv[0]); /* read data in */ sinlen = sizeof(struct sockaddr_in); while (1) { n = recvfrom(fd, packet, BUFSIZE, 0, (struct sockaddr*)sin, sinlen); hdr = (struct ip *) packet; printf(%s: The packet looks like this:\n, argv[0]); for (i = 0; i 40; i++) { printf(%02x , (int)*(packet + i)); if (!((i + 1) % 16)) printf(\n); }; printf(\n); printf(%s: Source address: %s\n, argv[0], inet_ntoa(hdr-ip_src)); printf(%s: Destination address: %s\n, argv[0], inet_ntoa(hdr-ip_dst)); printf(%s: Receiving IF address: %s\n, argv[0], inet_ntoa(sin.sin_addr)); printf(%s: Protocol number: %i\n, argv[0], hdr-ip_p); } } ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: divert , ipfw question
Zrelli Saber Ben Mohamed wrote: Hi , I'm interesed in the divert mechanism and want to try it out , so I recompiled the kernel ( FreeBSD 5.2.1-RELEASE #0 ) after adding the IPDIVERT option and then added the needed lines in the rc.conf file, after that , I set up ipfw to divert packets to some port here is my ipfw rule set . 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65100 divert 5000 ip from any 22 to me the divert rule 65535 deny ip from any to any then, I wanted to monitor the diverted traffic using tcpdump : $ tcpdump port 5000 when I do a telnet connection to the port 22 from a remote host , I was expecting that tcpdump will display packets diverted to the port 5000 by ipfw. The remote host I use shows that it connects to port 22 and the ipfw divert rule seems not to work. I can set another rule to block the traffic in the port 22 , and it works. only the divert rule seems to fail. I wrote some piece of code using divert socket to read packets from the divert port , but no result ... I think I'm missing something , so please enlighten my mind ... you have 2 problems.. firstly, all packats never get to your divert rule ecause they are accepted by the previous rule.. 65000 allow ip from any to any secondly divert sends teh data to a DIVERT socket.. you can also use a 'tee' command in teh ipfw to just get a copy of the packet in which case you will see the negotioation continue. Divert sockets remove the packet from the kernel. Since you do not pass the packet BACK to the kernel again no further negotiation will occur as no tcp handshake will occur. If you use the 'tee' rule you are effectively simulating bpf and libpcap. If you use 'divert' then you need to write the packet (and the sockaddr) back to the divert socket to reinject it to the system after you have examined (and possibly modified) it. Many Thanks -- Saber /*#include stdio.h #include string.h #include sys/cdefs.h #include sys/types.h #include sys/socket.h #include netinet/in.h #include netinet/ip.h */ #include sys/param.h/* NB: we rely on this for sys/types.h */ #include sys/socket.h #include sys/sysctl.h #include sys/time.h #include sys/uio.h #include netinet/in.h #include netinet/in_systm.h #include netinet/ip.h #include netinet/ip_icmp.h #include netinet/ip_var.h #include arpa/inet.h #ifdef IPSEC #include netinet6/ipsec.h #endif /*IPSEC*/ #include ctype.h #include err.h #include errno.h #include math.h #include netdb.h #include signal.h #include stdio.h #include stdlib.h #include string.h #include sysexits.h #include termios.h #include unistd.h #define BUFSIZE 65535 int main(int argc, char **argv) { int fd, rawfd, fdfw, ret, n; int on = 1; struct sockaddr_in bindPort, sin; int sinlen; int port_nb; struct ip *hdr; unsigned char packet[BUFSIZE]; struct in_addr addr; int i, direction; struct ip_mreq mreq; if (argc != 2) { fprintf(stderr, Usage: %s port number\n, argv[0]); exit(1); } bindPort.sin_family = AF_INET; bindPort.sin_port = htons(atol(argv[1])); bindPort.sin_addr.s_addr = 0; fprintf(stderr, %s:Creating a socket\n, argv[0]); /* open a divert socket */ fd = socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT); if (fd == -1) { fprintf(stderr, %s:We could not open a divert socket\n, argv[0]); exit(1); } bindPort.sin_family = AF_INET; bindPort.sin_port = htons(atol(argv[1])); bindPort.sin_addr.s_addr = 0; fprintf(stderr, %s:Binding a socket\n, argv[0]); ret = bind(fd, (struct sockaddr*)bindPort, sizeof(struct sockaddr_in)); if (ret != 0) { close(fd); fprintf(stderr, %s: Error bind(): %s, argv[0], strerror(ret)); exit(2); } printf(%s: Waiting for data...\n, argv[0]); /* read data in */ sinlen = sizeof(struct sockaddr_in); while (1) { n = recvfrom(fd, packet, BUFSIZE, 0, (struct sockaddr*)sin, sinlen); hdr = (struct ip *) packet; printf(%s: The packet looks like this:\n, argv[0]); for (i = 0; i 40; i++) { printf(%02x , (int)*(packet + i)); if (!((i + 1) % 16)) printf(\n); }; printf(\n); printf(%s: Source address: %s\n, argv[0], inet_ntoa(hdr-ip_src)); printf(%s: Destination address: %s\n, argv[0], inet_ntoa(hdr-ip_dst)); printf(%s: Receiving IF address: %s\n, argv[0], inet_ntoa(sin.sin_addr)); printf(%s: Protocol number: %i\n, argv[0], hdr-ip_p);
Re: divert , ipfw question
Thanks ! I got it working. -- Saber Zrelli Saber Ben Mohamed wrote: Hi , I'm interesed in the divert mechanism and want to try it out , so I recompiled the kernel ( FreeBSD 5.2.1-RELEASE #0 ) after adding the IPDIVERT option and then added the needed lines in the rc.conf file, after that , I set up ipfw to divert packets to some port here is my ipfw rule set . 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65100 divert 5000 ip from any 22 to me the divert rule 65535 deny ip from any to any then, I wanted to monitor the diverted traffic using tcpdump : $ tcpdump port 5000 when I do a telnet connection to the port 22 from a remote host , I was expecting that tcpdump will display packets diverted to the port 5000 by ipfw. The remote host I use shows that it connects to port 22 and the ipfw divert rule seems not to work. I can set another rule to block the traffic in the port 22 , and it works. only the divert rule seems to fail. I wrote some piece of code using divert socket to read packets from the divert port , but no result ... I think I'm missing something , so please enlighten my mind ... Many Thanks -- Saber /*#include stdio.h #include string.h #include sys/cdefs.h #include sys/types.h #include sys/socket.h #include netinet/in.h #include netinet/ip.h */ #include sys/param.h/* NB: we rely on this for sys/types.h */ #include sys/socket.h #include sys/sysctl.h #include sys/time.h #include sys/uio.h #include netinet/in.h #include netinet/in_systm.h #include netinet/ip.h #include netinet/ip_icmp.h #include netinet/ip_var.h #include arpa/inet.h #ifdef IPSEC #include netinet6/ipsec.h #endif /*IPSEC*/ #include ctype.h #include err.h #include errno.h #include math.h #include netdb.h #include signal.h #include stdio.h #include stdlib.h #include string.h #include sysexits.h #include termios.h #include unistd.h #define BUFSIZE 65535 int main(int argc, char **argv) { int fd, rawfd, fdfw, ret, n; int on = 1; struct sockaddr_in bindPort, sin; int sinlen; int port_nb; struct ip *hdr; unsigned char packet[BUFSIZE]; struct in_addr addr; int i, direction; struct ip_mreq mreq; if (argc != 2) { fprintf(stderr, Usage: %s port number\n, argv[0]); exit(1); } bindPort.sin_family = AF_INET; bindPort.sin_port = htons(atol(argv[1])); bindPort.sin_addr.s_addr = 0; fprintf(stderr, %s:Creating a socket\n, argv[0]); /* open a divert socket */ fd = socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT); if (fd == -1) { fprintf(stderr, %s:We could not open a divert socket\n, argv[0]); exit(1); } bindPort.sin_family = AF_INET; bindPort.sin_port = htons(atol(argv[1])); bindPort.sin_addr.s_addr = 0; fprintf(stderr, %s:Binding a socket\n, argv[0]); ret = bind(fd, (struct sockaddr*)bindPort, sizeof(struct sockaddr_in)); if (ret != 0) { close(fd); fprintf(stderr, %s: Error bind(): %s, argv[0], strerror(ret)); exit(2); } printf(%s: Waiting for data...\n, argv[0]); /* read data in */ sinlen = sizeof(struct sockaddr_in); while (1) { n = recvfrom(fd, packet, BUFSIZE, 0, (struct sockaddr*)sin, sinlen); hdr = (struct ip *) packet; printf(%s: The packet looks like this:\n, argv[0]); for (i = 0; i 40; i++) { printf(%02x , (int)*(packet + i)); if (!((i + 1) % 16)) printf(\n); }; printf(\n); printf(%s: Source address: %s\n, argv[0], inet_ntoa(hdr-ip_src)); printf(%s: Destination address: %s\n, argv[0], inet_ntoa(hdr-ip_dst)); printf(%s: Receiving IF address: %s\n, argv[0], inet_ntoa(sin.sin_addr)); printf(%s: Protocol number: %i\n, argv[0], hdr-ip_p); } } ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: hacking SCO....
John Von Essen wrote: Unfortunately, I have inherited a Intel P200 with SCO OpenServer 5.0.4 with a 4Gb SCSI drive. Condolences ! SCO is Horrible to work on, a waste of time, erase ASAP ! SCO is of no help, they cant provide replacement boot floppy, only sell me complete distribution version 5.0.7 for $100. Any ideas on how I should go about this. All I need to do is get that data from the tape onto the disk and I should good to go. SCO is of no help, they cant provide replacement boot floppy, only sell me complete distribution version 5.0.7 for $100. SCO used to give away licences free for 5.0.4 /or 5.0.5 for restricted use. One could legally download cdrom images burn them. Good denough to rescue data then erase SCO install BSD If you can't rescue the data while running FreeBSD, either: Non Commercial solution: Look around find someone near who has a 5.0.4 or 5 cdrom, (maybe even SCO site somewhere) get a copy, (cdrom contains floppy images too I recall), rescue data, delete SCO very quickly from your machine, (before you discover the pain of running SCO, ( if you really must run SCO then Do get their Skunkware CDROM too (yes that's it's real name! it's full of FSF/GNU stuff free makes using SCO rather less unpleasant (not unpleasant, just rather less). Commercial solution. Pay the $100, if its for a commercial job it's cheap. No point quibbling. SCO used to cost about 2000 German Deutschmarks, for end users, ( was the Unix I found most crippled. BSD is cheaper, but if it's for business, it's their legal right, cheap enough. There's SCO forums somewhere, but probably the wrong route. Their manuals used to just present work-rounds for obsolete old software everyone else wasn't using anymore eg at one stage they were SVR3 all other vendors were SVR4 based. Last time I was contracted to work on SCO, I just kept tossing more modern source eg X11R6 lesstif GNU src/ on top of the base obsolete SCO, till obsolete SCO libraries no longer broke my project. Reading SCO manuals was a waste of time, better to just to rip it out replace it with better software, either per utility that annoys, or per whole OS. - Julian Stacey. Unix,C,Net Sys. Eng. Consultant, Munich. http://berklix.com Mail in Ascii, Html dumped as Spam. Ihr Rauch = mein allergischer Kopfschmerz. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: divert , ipfw question
Hello Zrelli, the rule 65000 allow ip from any to any stops processing of a packet, so it will never reach diverting rule 65100. see man ipfw about rule-processing Tuesday, September 28, 2004, 2:08:36 PM, Zrelli Saber Ben Mohamed wrote: ZSBM Hi , ZSBM I'm interesed in the divert mechanism and want to try it out , ZSBM so I recompiled the kernel ( FreeBSD 5.2.1-RELEASE #0 ) after adding the ZSBM IPDIVERT option and then added the needed lines in the rc.conf file, ZSBM after that , I set up ipfw to divert packets to some port ZSBM here is my ipfw rule set . ZSBM 00100 allow ip from any to any via lo0 ZSBM 00200 deny ip from any to 127.0.0.0/8 ZSBM 00300 deny ip from 127.0.0.0/8 to any ZSBM 65000 allow ip from any to any ZSBM 65100 divert 5000 ip from any 22 to me the divert rule ZSBM 65535 deny ip from any to any ZSBM then, I wanted to monitor the diverted traffic using tcpdump : ZSBM $ tcpdump port 5000 ZSBM when I do a telnet connection to the port 22 from a remote host , I was ZSBM expecting that tcpdump will display packets diverted to the port 5000 by ZSBM ipfw. ZSBM The remote host I use shows that it connects to port 22 and the ipfw ZSBM divert rule seems not to work. ZSBM I can set another rule to block the traffic in the port 22 , and it works. ZSBM only the divert rule seems to fail. ZSBM I wrote some piece of code using divert socket to read packets from the ZSBM divert port , but no result ... ZSBM I think I'm missing something , ZSBM so please enlighten my mind ... ZSBM Many Thanks ZSBM -- ZSBM Saber -- Best regards, ; Nickolay A. Kritsky ; SysAdmin STAR Software LLC ; mailto:[EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Midnight Commander
Hello, World! Can somebody explain me why Midnight Commander always says cannot chdir to ... whenever I do something on his right panel? When I switch pannels using Crtl+U command, the left panel gets into the same trouble. Igor. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
ping(8) 64BTT friendly patch
Here is a patch stolen from OpenBSD via NetBSD (rev. 1.75 ping/ping.c) which does two things: - stores timestamp in network byte order; - removes an assumption that sizeof(struct timeval) == 8 (it's not true on sparc64). Any comments? Index: ping.c === RCS file: /home/ncvs/src/sbin/ping/ping.c,v retrieving revision 1.105 diff -u -r1.105 ping.c --- ping.c 14 Aug 2004 17:46:10 - 1.105 +++ ping.c 28 Sep 2004 14:51:04 - @@ -92,7 +92,7 @@ #include unistd.h #defineINADDR_LEN ((int)sizeof(in_addr_t)) -#defineTIMEVAL_LEN ((int)sizeof(struct timeval)) +#defineTIMEVAL_LEN ((int)sizeof(struct tv32)) #defineMASK_LEN(ICMP_MASKLEN - ICMP_MINLEN) #defineTS_LEN (ICMP_TSLEN - ICMP_MINLEN) #defineDEFDATALEN 56 /* default data length */ @@ -110,6 +110,11 @@ #defineCLR(bit)(A(bit) = (~B(bit))) #defineTST(bit)(A(bit) B(bit)) +struct tv32 { + int32_t tv32_sec; + int32_t tv32_usec; +}; + /* various options */ int options; #defineF_FLOOD 0x0001 @@ -838,6 +843,7 @@ pinger(void) { struct timeval now; + struct tv32 tv32; struct ip *ip; struct icmp *icp; int cc, i; @@ -856,13 +862,15 @@ if ((options F_TIME) || timing) { (void)gettimeofday(now, NULL); + tv32.tv32_sec = htonl(now.tv_sec); + tv32.tv32_usec = htonl(now.tv_usec); if (options F_TIME) icp-icmp_otime = htonl((now.tv_sec % (24*60*60)) * 1000 + now.tv_usec / 1000); if (timing) - bcopy((void *)now, + bcopy((void *)tv32, (void *)outpack[ICMP_MINLEN + phdr_len], - sizeof(struct timeval)); + sizeof(tv32)); } cc = ICMP_MINLEN + phdr_len + datalen; @@ -942,6 +950,7 @@ triptime = 0.0; if (timing) { struct timeval tv1; + struct tv32 tv32; #ifndef icmp_data tp = icp-icmp_ip; #else @@ -951,7 +960,9 @@ if (cc - ICMP_MINLEN - phdr_len = sizeof(tv1)) { /* Copy to avoid alignment problems: */ - memcpy(tv1, tp, sizeof(tv1)); + memcpy(tv32, tp, sizeof(tv32)); + tv1.tv_sec = ntohl(tv32.tv32_sec); + tv1.tv_usec = ntohl(tv32.tv32_usec); tvsub(tv, tv1); triptime = ((double)tv-tv_sec) * 1000.0 + ((double)tv-tv_usec) / 1000.0; %%% -- Maxim Konovalov ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: fixes for ipfw and pf lock ordering issues
On 28 Sep 2004 Wiktor Niesiobedzki wrote: pf_socket_lookup(cbb24958,cbb2495c,2,cbb24a0c,c15275a0) at pf_socket_lookup+0x22 pf_test_tcp(cbb249c0,cbb249bc,2,c14d6200,c139e500) at pf_test_tcp+0x648 pf_test(2,c14b8014,cbb24aa8,c15275a0,c15661c0) at pf_test+0x53d pf_check_out(0,cbb24aa8,c14b8014,2,c15275a0) at pf_check_out+0x6d pfil_run_hooks(c066da00,cbb24b1c,c14b8014,2,c15275a0) at pfil_run_hooks+0xeb ip_output(c139e500,0,cbb24ae8,0,0) at ip_output+0x630 tcp_twrespond(c18709a0,10,c0607304,69c,1) at tcp_twrespond+0x1ed tcp_twstart(c186b380,0,c0606ba2,96f,0) at tcp_twstart+0x1d3 tcp_input(c139d800,14,c14b8014,1,0) at tcp_input+0x2c39 ip_input(c139d800,0,c06053ae,e7,c066d098) at ip_input+0x5b0 netisr_processqueue(c066d098,c0642940,1,c05fb4da,c10d62c0) at netisr_processqueu e+0x8e swi_net(0,0,c05f9b18,269,0) at swi_net+0xe9 ithread_loop(c10de480,cbb24d48,c05f990f,31f,100) at ithread_loop+0x172 fork_exit(c04a6520,c10de480,cbb24d48) at fork_exit+0xc6 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xcbb24d7c, ebp = 0 --- db db show locks exclusive sleep mutex inp (tcpinp) r = 0 (0xc1527630) locked @ /usr/src/sys/neti net/tcp_input.c:737 exclusive sleep mutex tcp r = 0 (0xc066de6c) locked @ /usr/src/sys/netinet/tcp_i nput.c:611 db (gdb) l *pf_socket_lookup+0x22 0xc043a2d2 is in pf_socket_lookup (/usr/src/sys/contrib/pf/net/pf.c:2414). 2409#endif 2410struct inpcb*inp; 2411 2412#ifdef __FreeBSD__ 2413if (inp_arg != NULL) { 2414*uid = inp_arg-inp_socket-so_cred-cr_uid; 2415*gid = inp_arg-inp_socket-so_cred-cr_groups[0]; 2416return (1); 2417} 2418#endif Looks like it could be a bad pointer dereference, have you recompiled your kernel and the pf/ipfw modules? If not, please try recompiling your kernel. otherwise I will keep hunting for potentially bad pointers being passed to the pfil hooks -- Christian S.J. Peron [EMAIL PROTECTED] FreeBSD Committer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: remote debugging question
Hi Greg, thank you for all the feedback. The set remotebaud 1 thing in my previous email was a typo, I usually enter 9600. So you're saying that I may have a communication problem. I would like to point out that I can use cu -l cuaa0 -s 9600 on both side and all is well. What do you think could cause this communication issue? I will run another cvsup soon. May be a bug in 6.0current for kgdb. On Monday 27 September 2004 06:52 pm, Greg 'groggy' Lehey wrote: You'll need the sources as well, but that's the next problem, not the one you're experiencing. as for the sources that I am supposed to transfer to B (the remote), are you talking about /usr/src of A or /usr/obj of A or both? then mount_nfs? My next option will be firewire. thank you, Jerry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: fixes for ipfw and pf lock ordering issues
On Tuesday 28 September 2004 20:01, Wiktor Niesiobedzki wrote: On Fri, Sep 24, 2004 at 10:37:54PM +, Christian S.J. Peron wrote: Good day folks, we need some beta testers Hi, as an author of LOR reports I feel obliged to test this patch. I was running it for a 2 days and intended to report, that for me everything works ok, when an panic occured. Regretably, I do not have actual panic message, but the trace looks as follows: pf_socket_lookup(cbb24958,cbb2495c,2,cbb24a0c,c15275a0) at pf_socket_lookup+0x22 pf_test_tcp(cbb249c0,cbb249bc,2,c14d6200,c139e500) at pf_test_tcp+0x648 pf_test(2,c14b8014,cbb24aa8,c15275a0,c15661c0) at pf_test+0x53d pf_check_out(0,cbb24aa8,c14b8014,2,c15275a0) at pf_check_out+0x6d pfil_run_hooks(c066da00,cbb24b1c,c14b8014,2,c15275a0) at pfil_run_hooks+0xeb ip_output(c139e500,0,cbb24ae8,0,0) at ip_output+0x630 tcp_twrespond(c18709a0,10,c0607304,69c,1) at tcp_twrespond+0x1ed tcp_twstart(c186b380,0,c0606ba2,96f,0) at tcp_twstart+0x1d3 tcp_input(c139d800,14,c14b8014,1,0) at tcp_input+0x2c39 ip_input(c139d800,0,c06053ae,e7,c066d098) at ip_input+0x5b0 netisr_processqueue(c066d098,c0642940,1,c05fb4da,c10d62c0) at netisr_processqueu e+0x8e swi_net(0,0,c05f9b18,269,0) at swi_net+0xe9 ithread_loop(c10de480,cbb24d48,c05f990f,31f,100) at ithread_loop+0x172 fork_exit(c04a6520,c10de480,cbb24d48) at fork_exit+0xc6 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xcbb24d7c, ebp = 0 --- db db show locks exclusive sleep mutex inp (tcpinp) r = 0 (0xc1527630) locked @ /usr/src/sys/neti net/tcp_input.c:737 exclusive sleep mutex tcp r = 0 (0xc066de6c) locked @ /usr/src/sys/netinet/tcp_i nput.c:611 db (gdb) l *pf_socket_lookup+0x22 0xc043a2d2 is in pf_socket_lookup (/usr/src/sys/contrib/pf/net/pf.c:2414). 2409#endif 2410struct inpcb*inp; 2411 2412#ifdef __FreeBSD__ 2413if (inp_arg != NULL) { 2414*uid = inp_arg-inp_socket-so_cred-cr_uid; 2415*gid = inp_arg-inp_socket-so_cred-cr_groups[0]; 2416return (1); 2417} 2418#endif This should read: *uid = UID_MAX; *gid = GID_MAX; #ifdef __FreeBSD__ if (inp_arg != NULL) { if (inp_arg-inp_socket) { *uid = inp_arg-inp_socket-so_cred-cr_uid; *gid = inp_arg-inp_socket-so_cred-cr_groups[0]; return (1); } else return (0); } #endif now. Thanks for testing, I will post an updated patch the other day. -- /\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News pgpUicdL92FIN.pgp Description: PGP signature
Re: Strange FTPD behavior
You could use ktrace(1) to determine what the ftpd daemon is actually doing. rh Is the user's shell listed in /etc/shells? It must be there for ftpd to rh let them in. vt I run FreeBSD 4.3-STABLE machine. I use ftpd for ftp server daemon. It has vt very strange behavior with one of user accounts on my machine. Every one user ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]