Date: Thu, 04 Apr 1996 00:14:57 -0800 From: Lyndon Nerenberg VE7TCP <lyndon@orthanc.com> To: freebsd-current@freebsd.org Subject: Nice Firewall :-) Message-ID: <199604040814.AAA15211@multivac.orthanc.com>
next in thread | raw e-mail | index | archive | help
I just finished nailing up a recent (3 Apr from sup3) current,
rebuilt (twice) from source, rebooted, and got the following ...
Any network access returns permission denied (ERRNO == 13). Bizarre.
Even remade all of /dev. It's late and I'm not going to chase this
any further tonight, but not having seen (or recalling) anything from
the -current list, maybe this will give people something to chew on
for a bit. What follows is a ktrace from ping, followed by the
kernel config I was running. (A 2.1-RELEASE kernel works fine on
the same machine.)
3416 ktrace RET ktrace 0
3416 ktrace CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0)
3416 ktrace RET mmap 134328320/0x801b000
3416 ktrace CALL break(0x5000)
3416 ktrace RET break 0
3416 ktrace CALL break(0x6000)
3416 ktrace RET break 0
3416 ktrace CALL execve(0xefbfd9a8,0xefbfde04,0xefbfde10)
3416 ktrace NAMI "/sbin/ping"
3416 ping RET execve 0
3416 ping CALL ioctl(0,0x402c7413 ,0xefbfddb8)
3416 ping RET ioctl 0
3416 ping CALL ioctl(0,0x802c7414 ,0xefbfddb8)
3416 ping RET ioctl 0
3416 ping CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0)
3416 ping RET mmap 134340608/0x801e000
3416 ping CALL break(0x39000)
3416 ping RET break 0
3416 ping CALL break(0x3a000)
3416 ping RET break 0
3416 ping CALL getpid
3416 ping RET getpid 3416/0xd58
3416 ping CALL open(0x33c2,0,0x1b6)
3416 ping NAMI "/etc/protocols"
3416 ping RET open 3
3416 ping CALL fstat(0x3,0xefbfdb60)
3416 ping RET fstat 0
3416 ping CALL break(0x3c000)
3416 ping RET break 0
3416 ping CALL read(0x3,0x3a000,0x2000)
3416 ping GIO fd 3 read 1137 bytes
"#
# Internet (IP) protocols
#
# $Id: protocols,v 1.3 1995/08/29 19:29:35 wollman Exp $
# from: @(#)protocols 5.1 (Berkeley) 4/17/89
#
# Updated for FreeBSD based on RFC 1340, Assigned Numbers (July 1992).
#
ip 0 IP # internet protocol, pseudo protocol n\
umber
icmp 1 ICMP # internet control message protocol
igmp 2 IGMP # Internet Group Management
ggp 3 GGP # gateway-gateway protocol
ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``\
IP'')
st 5 ST # ST datagram mode
tcp 6 TCP # transmission control protocol
egp 8 EGP # exterior gateway protocol
pup 12 PUP # PARC universal packet protocol
udp 17 UDP # user datagram protocol
hmp 20 HMP # host monitoring protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
rdp 27 RDP # "reliable datagram" protocol
iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4
xtp 36 XTP # Xpress Tranfer Protocol
idpr-cmtp 39 IDPR-CMTP # IDPR Control Message Transpo\
rt
rsvp 46 RSVP # Resource ReSerVation Protocol
vmtp 81 VMTP # Versatile Message Transport
ospf 89 OSPFIGP # Open Shortest Path First IGP
ipip 94 IPIP # Yet Another IP encapsulation
encap 98 ENCAP # Yet Another IP encapsulation
"
3416 ping RET read 1137/0x471
3416 ping CALL close(0x3)
3416 ping RET close 0
3416 ping CALL socket(0x2,0x3,0x1)
3416 ping RET socket 3
3416 ping CALL setsockopt(0x3,0xffff,0x1002,0xefbfdc8c,0x4)
3416 ping RET setsockopt 0
3416 ping CALL fstat(0x1,0xefbfd960)
3416 ping RET fstat 0
3416 ping CALL break(0x40000)
3416 ping RET break 0
3416 ping CALL ioctl(0x1,0x402c7413 ,0xefbfd99c)
3416 ping RET ioctl 0
3416 ping CALL write(0x1,0x3c000,0x30)
3416 ping GIO fd 1 wrote 48 bytes
"PING 206.12.238.2 (206.12.238.2): 56 data bytes
"
3416 ping RET write 48/0x30
3416 ping CALL sigaction(0x2,0xefbfdc38,0xefbfdc2c)
3416 ping RET sigaction 0
3416 ping CALL sigaction(0xe,0xefbfdc30,0xefbfdc24)
3416 ping RET sigaction 0
3416 ping CALL sigaction(0x1d,0xefbfdc28,0xefbfdc1c)
3416 ping RET sigaction 0
3416 ping CALL gettimeofday(0x27100,0)
3416 ping RET gettimeofday 0
3416 ping CALL sendto(0x3,0x270f8,0x40,0,0x26df4,0x10)
3416 ping RET sendto -1 errno 13 Permission denied
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
3416 ping CALL writev(0x2,0xefbfdbfc,0x4)
3416 ping GIO fd 2 wrote 32 bytes
"ping: sendto: Permission denied
"
3416 ping RET writev 32/0x20
3416 ping CALL write(0x1,0x3c000,0x2a)
3416 ping GIO fd 1 wrote 42 bytes
"ping: wrote 206.12.238.2 64 chars, ret=-1
"
3416 ping RET write 42/0x2a
3416 ping CALL sigaction(0xe,0xefbfdc24,0xefbfdc18)
3416 ping RET sigaction 0
3416 ping CALL setitimer(0,0xefbfdc24,0xefbfdc14)
3416 ping RET setitimer 0
3416 ping CALL recvfrom(0x3,0x39000,0xc0,0,0xefbfdc7c,0xefbfdc6c)
3416 ping PSIG SIGALRM caught handler=0x191c mask=0x0 code=0x0
3416 ping RET recvfrom RESTART
3416 ping CALL gettimeofday(0x27100,0)
3416 ping RET gettimeofday 0
3416 ping CALL sendto(0x3,0x270f8,0x40,0,0x26df4,0x10)
3416 ping RET sendto -1 errno 13 Permission denied
3416 ping CALL writev(0x2,0xefbfdb88,0x4)
3416 ping GIO fd 2 wrote 32 bytes
"ping: sendto: Permission denied
"
3416 ping RET writev 32/0x20
3416 ping CALL write(0x1,0x3c000,0x2a)
3416 ping GIO fd 1 wrote 42 bytes
"ping: wrote 206.12.238.2 64 chars, ret=-1
"
3416 ping RET write 42/0x2a
3416 ping CALL sigaction(0xe,0xefbfdbb0,0xefbfdba4)
3416 ping RET sigaction 0
3416 ping CALL setitimer(0,0xefbfdbb0,0xefbfdba0)
3416 ping RET setitimer 0
3416 ping CALL sigreturn(0xefbfdbf4)
3416 ping RET sigreturn JUSTRETURN
3416 ping CALL recvfrom(0x3,0x39000,0xc0,0,0xefbfdc7c,0xefbfdc6c)
3416 ping PSIG SIGALRM caught handler=0x191c mask=0x0 code=0x0
3416 ping RET recvfrom RESTART
3416 ping CALL gettimeofday(0x27100,0)
3416 ping RET gettimeofday 0
3416 ping CALL sendto(0x3,0x270f8,0x40,0,0x26df4,0x10)
3416 ping RET sendto -1 errno 13 Permission denied
3416 ping CALL writev(0x2,0xefbfdb88,0x4)
3416 ping GIO fd 2 wrote 32 bytes
"ping: sendto: Permission denied
"
3416 ping RET writev 32/0x20
3416 ping CALL write(0x1,0x3c000,0x2a)
3416 ping GIO fd 1 wrote 42 bytes
"ping: wrote 206.12.238.2 64 chars, ret=-1
"
3416 ping RET write 42/0x2a
3416 ping CALL sigaction(0xe,0xefbfdbb0,0xefbfdba4)
3416 ping RET sigaction 0
3416 ping CALL setitimer(0,0xefbfdbb0,0xefbfdba0)
3416 ping RET setitimer 0
3416 ping CALL sigreturn(0xefbfdbf4)
3416 ping RET sigreturn JUSTRETURN
3416 ping CALL recvfrom(0x3,0x39000,0xc0,0,0xefbfdc7c,0xefbfdc6c)
3416 ping PSIG SIGINT caught handler=0x23c4 mask=0x0 code=0x0
3416 ping RET recvfrom RESTART
3416 ping CALL sigaction(0x2,0xefbfdb84,0xefbfdb78)
3416 ping RET sigaction 0
3416 ping CALL write(0x1,0x3c000,0x1)
3416 ping GIO fd 1 wrote 1 bytes
"
"
3416 ping RET write 1
3416 ping CALL write(0x1,0x3c000,0x25)
3416 ping GIO fd 1 wrote 37 bytes
"--- 206.12.238.2 ping statistics ---
"
3416 ping RET write 37/0x25
3416 ping CALL write(0x1,0x3c000,0x3c)
3416 ping GIO fd 1 wrote 60 bytes
"3 packets transmitted, 0 packets received, 100% packet loss
"
3416 ping RET write 60/0x3c
3416 ping CALL exit(0x2)
# KERNEL CONFIG
machine "i386"
cpu "I386_CPU"
cpu "I486_CPU"
cpu "I586_CPU" # aka Pentium(tm)
#cpu "I686_CPU" # aka Pentium Pro(tm)
ident BLURFL
maxusers 64
options FAILSAFE
config kernel root on wd0 dumps on wd0
options "COMPAT_43"
options USER_LDT #allow user-level control of i386 ldt
options SYSVSHM
options SYSVSEM
options SYSVMSG
options DDB
options DDB_UNATTENDED
options KTRACE #kernel tracing
options DIAGNOSTIC
options PERFMON
options UCONSOLE
options INET #Internet communications protocols
pseudo-device ether #Generic Ethernet
pseudo-device loop #Network loopback device
pseudo-device bpfilter 4 #Berkeley packet filter
pseudo-device disc #Discard device
pseudo-device tun 4 #Tunnel driver(user process ppp)
options MROUTING # Multicast routing
options IPFIREWALL #firewall
options TCPDEBUG
options FFS #Fast filesystem
options NFS #Network File System
pseudo-device pty 64 #Pseudo ttys - can go as high as 64
pseudo-device speaker #Play IBM BASIC-style noises out your speaker
pseudo-device log #Kernel syslog interface (/dev/klog)
pseudo-device vn #Vnode driver (turns a file into a device)
pseudo-device snp 3 #Snoop device - to look at pty/vty/etc..
controller isa0
options "AUTO_EOI_1"
device vt0 at isa? port "IO_KBD" tty irq 1 vector pcrint
options PCVT_FREEBSD=210 # pcvt running on FreeBSD >= 2.0.5
options XSERVER # include code for XFree86
options FAT_CURSOR # start with block cursor
device npx0 at isa? port "IO_NPX" irq 13 vector npxintr
controller wdc0 at isa? port "IO_WD1" bio irq 14 vector wdintr
disk wd0 at wdc0 drive 0
options ATAPI #Enable ATAPI support for IDE bus
controller fdc0 at isa? port "IO_FD1" bio irq 6 drq 2 vector fdintr
disk fd0 at fdc0 drive 0
device lpt0 at isa? port? tty irq 7 vector lptintr
device sio0 at isa? port "IO_COM1" tty irq 4 vector siointr
device ed0 at isa? port 0x280 net irq 15 iomem 0xd8000 vector edintr
controller snd0
device sb0 at isa? port 0x220 irq 5 drq 1 vector sbintr
device sbxvi0 at isa? drq 5
device sbmidi0 at isa? port 0x330
device mpu0 at isa? port 0x330 irq 6 drq 0
device pca0 at isa? port IO_TIMER1 tty
device scd0 at isa? port 0x230 bio
device apm0 at isa?
device joy0 at isa? port "IO_GAME"
controller pci0
device vx0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604040814.AAA15211>