pete@more.net wrote:
>Hi, I tried to subscribe to the list last night while I was working through
>this, but I haven't gotten anything back, so I thought I would write you
>directly.
>
>I've been trying to track this down for a while along with Eric.
>
>I ended up taking the system's ifconfig.c on FreeBSD 5.4 and seeing
>how they were doing their aliases. It turns out, FreeBSD wants the alias
>interface request to be global. I tried doinking with ifconfig's alias
>request and it broke it in the same way wackamole is broke on FreeBSD.
>I could create an alias, but I couldn't bind to it.
>
>I moved toup's declaration above the function if_up just like ifconfig
>does their's, and it worked. I know that ifconfig is a simple program and
>wackamole has a lot more going on, so who knows if this will be a bad
>thing for wackamole's internals.
>This is how FreeBSD is doing it on their system, so I thought this might
>be a solution for wackamole. I tried it with 7 or 8 ips at once and
>they all worked fine. We're going to do some more testing and see if we
>can finally move from our old solaris systems to FreeBSD if all is well.
>
>Thanks for all your work. We love wackamole!
>
># diff -u ife-bpf.orig ife-bpf.c
>--- ife-bpf.orig Thu Nov 17 03:31:12 2005
>+++ ife-bpf.c Thu Nov 17 03:31:06 2005
>@@ -216,11 +216,11 @@
> return -1;
> }
>
>+ struct ifaliasreq toup;
> int
> if_up(struct interface *areq) {
> int i, ic;
> struct sockaddr_in *a;
>- struct ifaliasreq toup;
> struct interface ifs[IFLISTSIZE];
>
> ic = if_list_ips(ifs, IFLISTSIZE);
>
>
>
>
>
> ------------------------------------------------------------------------
>
> Subject:
> Re: [Wackamole-users] Re: Wackamole and ProFTPd on FreeBSD
> From:
> "Eric L. Anderson" <anderson@more.net>
> Date:
> Thu, 8 Sep 2005 12:26:28 -0500
> To:
> Wackamole Users List <wackamole-users@lists.backhand.org>
>
> To:
> Wackamole Users List <wackamole-users@lists.backhand.org>
>
>
>I did some further investigation of this by looking at the ProFTPd
>source and I noticed the following comment in inet.c:
>
> * FreeBSD 2.2.6 (possibly other versions as well), has a security
> * "feature" which disallows SO_REUSEADDR from working if the socket
> * owners don't match. The easiest thing to do is simply make
> * sure the socket is created as root. (Note: this "feature" seems to
> * apply to _all_ BSDs.)
>
>I then decided to see if I could reproduce this same behavior in a
>program other than ProFTPd and outside of xinetd. I then installed
>tcpserver which is from /usr/ports/sysutils/ucspi-tcp. This program
>fails the same way that ProFTPd does. I first ran tcpserver against a
>non-wackamole managed alias and it works fine:
>
> # tcpserver -v -1 192.168.0.19 0 sh
> 51625
> tcpserver: status: 0/40
>
>I then ran tcpserver against a wackamole managed alias:
>
> # tcpserver -v -1 192.168.0.20 0 sh
> tcpserver: fatal: unable to bind: address not available
>
>Looking at the source for ucspi-tcp, in socket_bind.c sets the
>SO_REUSEADDR option. I am running tcpserver as user root and wackamole
>is also running as user root.
>
>So, how do you find out the socket owners?
>
>On Thu, Sep 08, 2005 at 09:12:10AM -0500, Eric L. Anderson wrote:
>
>
>>On Wed, Sep 07, 2005 at 04:56:30PM -0400, Theo Schlossnagle wrote:
>>
>>
>>>Eric L. Anderson wrote:
>>>
>>>
>>>
>>>>On Wed, Sep 07, 2005 at 02:48:54PM -0400, Theo Schlossnagle wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>Are you running proftpd stand alone or from inetd? If you are running
>>>>>it standalone, start it, add 192.168.0.20, then try passive FTP. It
>>>>>maybe that proftpd notes the lack of IP at startup and then refuses to
>>>>>"relearn" that the IP addres sis no available locally on the box.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>We are running it in inetd mode from xinetd.
>>>>
>>>>
>>>>
>>>>
>>>If you assign multiple IP addresses manually can you make passive FTP
>>>connections via each of the IPs or only to one?
>>>
>>>
>>I configured two additional aliases manually via ifconfig and passive
>>FTP works fine to both of them.
>>
>>--
>>Eric L. Anderson
>>anderson@more.net
>>
>>_______________________________________________
>>wackamole-users mailing list
>>wackamole-users@lists.backhand.org
>>http://lists.backhand.org/mailman/listinfo/wackamole-users
>>
>>
>>
>
>
>
A fix committed to CVS.
; cvs diff -c
Index: ChangeLog
===================================================================
RCS file: /storage/cvs/munjal/wackamole/ChangeLog,v
retrieving revision 1.26
diff -c -r1.26 ChangeLog
*** ChangeLog 14 Nov 2005 17:17:53 -0000 1.26
--- ChangeLog 18 Nov 2005 16:48:50 -0000
***************
*** 86,88 ****
--- 86,91 ----
* Win32 support
* patch for perl up and down invocations from Glenn Nielsen < glenn
at mail
dot more dot net >
+ * patch from < pete at more dot net > and < anderson at more dot net >
+ regarding uninitialized stack variable usable. Fixes occasional
+ interface operations on FreeBSD.
Index: ife-bpf.c
===================================================================
RCS file: /storage/cvs/munjal/wackamole/ife-bpf.c,v
retrieving revision 1.9
diff -c -r1.9 ife-bpf.c
*** ife-bpf.c 15 Aug 2004 01:44:20 -0000 1.9
--- ife-bpf.c 18 Nov 2005 16:48:50 -0000
***************
*** 194,199 ****
--- 194,200 ----
}
if(areq) return -1;
areq = &ifs[i];
+ memset(&toup, 0, sizeof(toup));
memcpy(&toup.ifra_name, areq->ifname, IFNAMSIZ);
a = ((struct sockaddr_in *)&toup.ifra_addr);
a->sin_len = sizeof(struct sockaddr_in);
; cvs commit -m "Fix FreeBSD iface manips"
Checking in ChangeLog;
/storage/cvs/munjal/wackamole/ChangeLog,v <-- ChangeLog
new revision: 1.27; previous revision: 1.26
done
Checking in ife-bpf.c;
/storage/cvs/munjal/wackamole/ife-bpf.c,v <-- ife-bpf.c
new revision: 1.10; previous revision: 1.9
done
--
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Ecelerity: Run with it. -- http://www.omniti.com/
_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users
>Hi, I tried to subscribe to the list last night while I was working through
>this, but I haven't gotten anything back, so I thought I would write you
>directly.
>
>I've been trying to track this down for a while along with Eric.
>
>I ended up taking the system's ifconfig.c on FreeBSD 5.4 and seeing
>how they were doing their aliases. It turns out, FreeBSD wants the alias
>interface request to be global. I tried doinking with ifconfig's alias
>request and it broke it in the same way wackamole is broke on FreeBSD.
>I could create an alias, but I couldn't bind to it.
>
>I moved toup's declaration above the function if_up just like ifconfig
>does their's, and it worked. I know that ifconfig is a simple program and
>wackamole has a lot more going on, so who knows if this will be a bad
>thing for wackamole's internals.
>This is how FreeBSD is doing it on their system, so I thought this might
>be a solution for wackamole. I tried it with 7 or 8 ips at once and
>they all worked fine. We're going to do some more testing and see if we
>can finally move from our old solaris systems to FreeBSD if all is well.
>
>Thanks for all your work. We love wackamole!
>
># diff -u ife-bpf.orig ife-bpf.c
>--- ife-bpf.orig Thu Nov 17 03:31:12 2005
>+++ ife-bpf.c Thu Nov 17 03:31:06 2005
>@@ -216,11 +216,11 @@
> return -1;
> }
>
>+ struct ifaliasreq toup;
> int
> if_up(struct interface *areq) {
> int i, ic;
> struct sockaddr_in *a;
>- struct ifaliasreq toup;
> struct interface ifs[IFLISTSIZE];
>
> ic = if_list_ips(ifs, IFLISTSIZE);
>
>
>
>
>
> ------------------------------------------------------------------------
>
> Subject:
> Re: [Wackamole-users] Re: Wackamole and ProFTPd on FreeBSD
> From:
> "Eric L. Anderson" <anderson@more.net>
> Date:
> Thu, 8 Sep 2005 12:26:28 -0500
> To:
> Wackamole Users List <wackamole-users@lists.backhand.org>
>
> To:
> Wackamole Users List <wackamole-users@lists.backhand.org>
>
>
>I did some further investigation of this by looking at the ProFTPd
>source and I noticed the following comment in inet.c:
>
> * FreeBSD 2.2.6 (possibly other versions as well), has a security
> * "feature" which disallows SO_REUSEADDR from working if the socket
> * owners don't match. The easiest thing to do is simply make
> * sure the socket is created as root. (Note: this "feature" seems to
> * apply to _all_ BSDs.)
>
>I then decided to see if I could reproduce this same behavior in a
>program other than ProFTPd and outside of xinetd. I then installed
>tcpserver which is from /usr/ports/sysutils/ucspi-tcp. This program
>fails the same way that ProFTPd does. I first ran tcpserver against a
>non-wackamole managed alias and it works fine:
>
> # tcpserver -v -1 192.168.0.19 0 sh
> 51625
> tcpserver: status: 0/40
>
>I then ran tcpserver against a wackamole managed alias:
>
> # tcpserver -v -1 192.168.0.20 0 sh
> tcpserver: fatal: unable to bind: address not available
>
>Looking at the source for ucspi-tcp, in socket_bind.c sets the
>SO_REUSEADDR option. I am running tcpserver as user root and wackamole
>is also running as user root.
>
>So, how do you find out the socket owners?
>
>On Thu, Sep 08, 2005 at 09:12:10AM -0500, Eric L. Anderson wrote:
>
>
>>On Wed, Sep 07, 2005 at 04:56:30PM -0400, Theo Schlossnagle wrote:
>>
>>
>>>Eric L. Anderson wrote:
>>>
>>>
>>>
>>>>On Wed, Sep 07, 2005 at 02:48:54PM -0400, Theo Schlossnagle wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>Are you running proftpd stand alone or from inetd? If you are running
>>>>>it standalone, start it, add 192.168.0.20, then try passive FTP. It
>>>>>maybe that proftpd notes the lack of IP at startup and then refuses to
>>>>>"relearn" that the IP addres sis no available locally on the box.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>We are running it in inetd mode from xinetd.
>>>>
>>>>
>>>>
>>>>
>>>If you assign multiple IP addresses manually can you make passive FTP
>>>connections via each of the IPs or only to one?
>>>
>>>
>>I configured two additional aliases manually via ifconfig and passive
>>FTP works fine to both of them.
>>
>>--
>>Eric L. Anderson
>>anderson@more.net
>>
>>_______________________________________________
>>wackamole-users mailing list
>>wackamole-users@lists.backhand.org
>>http://lists.backhand.org/mailman/listinfo/wackamole-users
>>
>>
>>
>
>
>
A fix committed to CVS.
; cvs diff -c
Index: ChangeLog
===================================================================
RCS file: /storage/cvs/munjal/wackamole/ChangeLog,v
retrieving revision 1.26
diff -c -r1.26 ChangeLog
*** ChangeLog 14 Nov 2005 17:17:53 -0000 1.26
--- ChangeLog 18 Nov 2005 16:48:50 -0000
***************
*** 86,88 ****
--- 86,91 ----
* Win32 support
* patch for perl up and down invocations from Glenn Nielsen < glenn
at mail
dot more dot net >
+ * patch from < pete at more dot net > and < anderson at more dot net >
+ regarding uninitialized stack variable usable. Fixes occasional
+ interface operations on FreeBSD.
Index: ife-bpf.c
===================================================================
RCS file: /storage/cvs/munjal/wackamole/ife-bpf.c,v
retrieving revision 1.9
diff -c -r1.9 ife-bpf.c
*** ife-bpf.c 15 Aug 2004 01:44:20 -0000 1.9
--- ife-bpf.c 18 Nov 2005 16:48:50 -0000
***************
*** 194,199 ****
--- 194,200 ----
}
if(areq) return -1;
areq = &ifs[i];
+ memset(&toup, 0, sizeof(toup));
memcpy(&toup.ifra_name, areq->ifname, IFNAMSIZ);
a = ((struct sockaddr_in *)&toup.ifra_addr);
a->sin_len = sizeof(struct sockaddr_in);
; cvs commit -m "Fix FreeBSD iface manips"
Checking in ChangeLog;
/storage/cvs/munjal/wackamole/ChangeLog,v <-- ChangeLog
new revision: 1.27; previous revision: 1.26
done
Checking in ife-bpf.c;
/storage/cvs/munjal/wackamole/ife-bpf.c,v <-- ife-bpf.c
new revision: 1.10; previous revision: 1.9
done
--
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Ecelerity: Run with it. -- http://www.omniti.com/
_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users