From owner-freebsd-current Thu Apr 4 00:15:12 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id AAA07702 for current-outgoing; Thu, 4 Apr 1996 00:15:12 -0800 (PST) Received: from multivac.orthanc.com (root@multivac.orthanc.com [206.12.238.2]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id AAA07694 for ; Thu, 4 Apr 1996 00:15:04 -0800 (PST) Received: from localhost (lyndon@localhost) by multivac.orthanc.com (8.7.3/8.7.3) with SMTP id AAA15211 for ; Thu, 4 Apr 1996 00:14:58 -0800 (PST) Message-Id: <199604040814.AAA15211@multivac.orthanc.com> From: Lyndon Nerenberg VE7TCP To: freebsd-current@freebsd.org Subject: Nice Firewall :-) X-Attribution: VE7TCP Date: Thu, 04 Apr 1996 00:14:57 -0800 Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I just finished nailing up a recent (3 Apr from sup3) current, rebuilt (twice) from source, rebooted, and got the following ... Any network access returns permission denied (ERRNO == 13). Bizarre. Even remade all of /dev. It's late and I'm not going to chase this any further tonight, but not having seen (or recalling) anything from the -current list, maybe this will give people something to chew on for a bit. What follows is a ktrace from ping, followed by the kernel config I was running. (A 2.1-RELEASE kernel works fine on the same machine.) 3416 ktrace RET ktrace 0 3416 ktrace CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0) 3416 ktrace RET mmap 134328320/0x801b000 3416 ktrace CALL break(0x5000) 3416 ktrace RET break 0 3416 ktrace CALL break(0x6000) 3416 ktrace RET break 0 3416 ktrace CALL execve(0xefbfd9a8,0xefbfde04,0xefbfde10) 3416 ktrace NAMI "/sbin/ping" 3416 ping RET execve 0 3416 ping CALL ioctl(0,0x402c7413 ,0xefbfddb8) 3416 ping RET ioctl 0 3416 ping CALL ioctl(0,0x802c7414 ,0xefbfddb8) 3416 ping RET ioctl 0 3416 ping CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0) 3416 ping RET mmap 134340608/0x801e000 3416 ping CALL break(0x39000) 3416 ping RET break 0 3416 ping CALL break(0x3a000) 3416 ping RET break 0 3416 ping CALL getpid 3416 ping RET getpid 3416/0xd58 3416 ping CALL open(0x33c2,0,0x1b6) 3416 ping NAMI "/etc/protocols" 3416 ping RET open 3 3416 ping CALL fstat(0x3,0xefbfdb60) 3416 ping RET fstat 0 3416 ping CALL break(0x3c000) 3416 ping RET break 0 3416 ping CALL read(0x3,0x3a000,0x2000) 3416 ping GIO fd 3 read 1137 bytes "# # Internet (IP) protocols # # $Id: protocols,v 1.3 1995/08/29 19:29:35 wollman Exp $ # from: @(#)protocols 5.1 (Berkeley) 4/17/89 # # Updated for FreeBSD based on RFC 1340, Assigned Numbers (July 1992). # ip 0 IP # internet protocol, pseudo protocol n\ umber icmp 1 ICMP # internet control message protocol igmp 2 IGMP # Internet Group Management ggp 3 GGP # gateway-gateway protocol ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``\ IP'') st 5 ST # ST datagram mode tcp 6 TCP # transmission control protocol egp 8 EGP # exterior gateway protocol pup 12 PUP # PARC universal packet protocol udp 17 UDP # user datagram protocol hmp 20 HMP # host monitoring protocol xns-idp 22 XNS-IDP # Xerox NS IDP rdp 27 RDP # "reliable datagram" protocol iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4 xtp 36 XTP # Xpress Tranfer Protocol idpr-cmtp 39 IDPR-CMTP # IDPR Control Message Transpo\ rt rsvp 46 RSVP # Resource ReSerVation Protocol vmtp 81 VMTP # Versatile Message Transport ospf 89 OSPFIGP # Open Shortest Path First IGP ipip 94 IPIP # Yet Another IP encapsulation encap 98 ENCAP # Yet Another IP encapsulation " 3416 ping RET read 1137/0x471 3416 ping CALL close(0x3) 3416 ping RET close 0 3416 ping CALL socket(0x2,0x3,0x1) 3416 ping RET socket 3 3416 ping CALL setsockopt(0x3,0xffff,0x1002,0xefbfdc8c,0x4) 3416 ping RET setsockopt 0 3416 ping CALL fstat(0x1,0xefbfd960) 3416 ping RET fstat 0 3416 ping CALL break(0x40000) 3416 ping RET break 0 3416 ping CALL ioctl(0x1,0x402c7413 ,0xefbfd99c) 3416 ping RET ioctl 0 3416 ping CALL write(0x1,0x3c000,0x30) 3416 ping GIO fd 1 wrote 48 bytes "PING 206.12.238.2 (206.12.238.2): 56 data bytes " 3416 ping RET write 48/0x30 3416 ping CALL sigaction(0x2,0xefbfdc38,0xefbfdc2c) 3416 ping RET sigaction 0 3416 ping CALL sigaction(0xe,0xefbfdc30,0xefbfdc24) 3416 ping RET sigaction 0 3416 ping CALL sigaction(0x1d,0xefbfdc28,0xefbfdc1c) 3416 ping RET sigaction 0 3416 ping CALL gettimeofday(0x27100,0) 3416 ping RET gettimeofday 0 3416 ping CALL sendto(0x3,0x270f8,0x40,0,0x26df4,0x10) 3416 ping RET sendto -1 errno 13 Permission denied ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 3416 ping CALL writev(0x2,0xefbfdbfc,0x4) 3416 ping GIO fd 2 wrote 32 bytes "ping: sendto: Permission denied " 3416 ping RET writev 32/0x20 3416 ping CALL write(0x1,0x3c000,0x2a) 3416 ping GIO fd 1 wrote 42 bytes "ping: wrote 206.12.238.2 64 chars, ret=-1 " 3416 ping RET write 42/0x2a 3416 ping CALL sigaction(0xe,0xefbfdc24,0xefbfdc18) 3416 ping RET sigaction 0 3416 ping CALL setitimer(0,0xefbfdc24,0xefbfdc14) 3416 ping RET setitimer 0 3416 ping CALL recvfrom(0x3,0x39000,0xc0,0,0xefbfdc7c,0xefbfdc6c) 3416 ping PSIG SIGALRM caught handler=0x191c mask=0x0 code=0x0 3416 ping RET recvfrom RESTART 3416 ping CALL gettimeofday(0x27100,0) 3416 ping RET gettimeofday 0 3416 ping CALL sendto(0x3,0x270f8,0x40,0,0x26df4,0x10) 3416 ping RET sendto -1 errno 13 Permission denied 3416 ping CALL writev(0x2,0xefbfdb88,0x4) 3416 ping GIO fd 2 wrote 32 bytes "ping: sendto: Permission denied " 3416 ping RET writev 32/0x20 3416 ping CALL write(0x1,0x3c000,0x2a) 3416 ping GIO fd 1 wrote 42 bytes "ping: wrote 206.12.238.2 64 chars, ret=-1 " 3416 ping RET write 42/0x2a 3416 ping CALL sigaction(0xe,0xefbfdbb0,0xefbfdba4) 3416 ping RET sigaction 0 3416 ping CALL setitimer(0,0xefbfdbb0,0xefbfdba0) 3416 ping RET setitimer 0 3416 ping CALL sigreturn(0xefbfdbf4) 3416 ping RET sigreturn JUSTRETURN 3416 ping CALL recvfrom(0x3,0x39000,0xc0,0,0xefbfdc7c,0xefbfdc6c) 3416 ping PSIG SIGALRM caught handler=0x191c mask=0x0 code=0x0 3416 ping RET recvfrom RESTART 3416 ping CALL gettimeofday(0x27100,0) 3416 ping RET gettimeofday 0 3416 ping CALL sendto(0x3,0x270f8,0x40,0,0x26df4,0x10) 3416 ping RET sendto -1 errno 13 Permission denied 3416 ping CALL writev(0x2,0xefbfdb88,0x4) 3416 ping GIO fd 2 wrote 32 bytes "ping: sendto: Permission denied " 3416 ping RET writev 32/0x20 3416 ping CALL write(0x1,0x3c000,0x2a) 3416 ping GIO fd 1 wrote 42 bytes "ping: wrote 206.12.238.2 64 chars, ret=-1 " 3416 ping RET write 42/0x2a 3416 ping CALL sigaction(0xe,0xefbfdbb0,0xefbfdba4) 3416 ping RET sigaction 0 3416 ping CALL setitimer(0,0xefbfdbb0,0xefbfdba0) 3416 ping RET setitimer 0 3416 ping CALL sigreturn(0xefbfdbf4) 3416 ping RET sigreturn JUSTRETURN 3416 ping CALL recvfrom(0x3,0x39000,0xc0,0,0xefbfdc7c,0xefbfdc6c) 3416 ping PSIG SIGINT caught handler=0x23c4 mask=0x0 code=0x0 3416 ping RET recvfrom RESTART 3416 ping CALL sigaction(0x2,0xefbfdb84,0xefbfdb78) 3416 ping RET sigaction 0 3416 ping CALL write(0x1,0x3c000,0x1) 3416 ping GIO fd 1 wrote 1 bytes " " 3416 ping RET write 1 3416 ping CALL write(0x1,0x3c000,0x25) 3416 ping GIO fd 1 wrote 37 bytes "--- 206.12.238.2 ping statistics --- " 3416 ping RET write 37/0x25 3416 ping CALL write(0x1,0x3c000,0x3c) 3416 ping GIO fd 1 wrote 60 bytes "3 packets transmitted, 0 packets received, 100% packet loss " 3416 ping RET write 60/0x3c 3416 ping CALL exit(0x2) # KERNEL CONFIG machine "i386" cpu "I386_CPU" cpu "I486_CPU" cpu "I586_CPU" # aka Pentium(tm) #cpu "I686_CPU" # aka Pentium Pro(tm) ident BLURFL maxusers 64 options FAILSAFE config kernel root on wd0 dumps on wd0 options "COMPAT_43" options USER_LDT #allow user-level control of i386 ldt options SYSVSHM options SYSVSEM options SYSVMSG options DDB options DDB_UNATTENDED options KTRACE #kernel tracing options DIAGNOSTIC options PERFMON options UCONSOLE options INET #Internet communications protocols pseudo-device ether #Generic Ethernet pseudo-device loop #Network loopback device pseudo-device bpfilter 4 #Berkeley packet filter pseudo-device disc #Discard device pseudo-device tun 4 #Tunnel driver(user process ppp) options MROUTING # Multicast routing options IPFIREWALL #firewall options TCPDEBUG options FFS #Fast filesystem options NFS #Network File System pseudo-device pty 64 #Pseudo ttys - can go as high as 64 pseudo-device speaker #Play IBM BASIC-style noises out your speaker pseudo-device log #Kernel syslog interface (/dev/klog) pseudo-device vn #Vnode driver (turns a file into a device) pseudo-device snp 3 #Snoop device - to look at pty/vty/etc.. controller isa0 options "AUTO_EOI_1" device vt0 at isa? port "IO_KBD" tty irq 1 vector pcrint options PCVT_FREEBSD=210 # pcvt running on FreeBSD >= 2.0.5 options XSERVER # include code for XFree86 options FAT_CURSOR # start with block cursor device npx0 at isa? port "IO_NPX" irq 13 vector npxintr controller wdc0 at isa? port "IO_WD1" bio irq 14 vector wdintr disk wd0 at wdc0 drive 0 options ATAPI #Enable ATAPI support for IDE bus controller fdc0 at isa? port "IO_FD1" bio irq 6 drq 2 vector fdintr disk fd0 at fdc0 drive 0 device lpt0 at isa? port? tty irq 7 vector lptintr device sio0 at isa? port "IO_COM1" tty irq 4 vector siointr device ed0 at isa? port 0x280 net irq 15 iomem 0xd8000 vector edintr controller snd0 device sb0 at isa? port 0x220 irq 5 drq 1 vector sbintr device sbxvi0 at isa? drq 5 device sbmidi0 at isa? port 0x330 device mpu0 at isa? port 0x330 irq 6 drq 0 device pca0 at isa? port IO_TIMER1 tty device scd0 at isa? port 0x230 bio device apm0 at isa? device joy0 at isa? port "IO_GAME" controller pci0 device vx0