Suspect that IPFilter breaks Veritas VCS

Bullington, Robert Mon, 10 Jun 2002 14:02:45 -0700

All,

I think we've discovered a conflict between Veritas VCS and IPFilter.  We
compiled ip_fil3.4.27 on a Solaris 8 box with 64-bit capable gcc 3.1.  After
applying ipf.pkg (64-bit,  32-bit), we get the following system error
message from Veritas VCS:


TAG_C 2002/06/06 15:46:11 (nj3225c-5) VCS:135009:IP:ipVVRNJ:monitor:Ioctl
failed on /dev/ip errno 62

We contacted Veritas, and they gave us the block of code that produces the
error:

=========================BEGIN
SAMPLE===================================================

        if ( (ip_fd = open("/dev/ip",O_RDWR)) == -1 ) {
                sprintf(buffer,"VCS:135008:IP:%s:monitor:Cannot open /dev/ip
errno %d\n",res_name, errno);
                sprintf(buf1, "%s", res_name);
                sprintf(buf2, "%d", errno);
                VCSAgLogI18NConsoleMsg(TAG_C, buffer, 135008, buf1, buf2,
NULL,  NULL, LOG_TIMESTAMP|LOG_TAG);
                goto done;
        }

        stl.ic_cmd = SIOCGIFNUM;
        stl.ic_timout = 0;
        stl.ic_dp = (char *)&numifs;
        stl.ic_len = sizeof(int);

        if ( (ret = ioctl(ip_fd, I_STR, &stl)) == -1 ) {
                sprintf(buffer,"VCS:135009:IP:%s:monitor:Ioctl failed on
/dev/ip errno %d\n",res_name, errno);
                sprintf(buf1, "%s", res_name);
                sprintf(buf2, "%d", errno);
                VCSAgLogI18NConsoleMsg(TAG_C, buffer, 135009, buf1, buf2,
NULL, NULL,  LOG_TIMESTAMP|LOG_TAG);
                goto done;
        }
===================================END
SAMPLE====================================

This occurs when we have IPFilter active with an empty ruleset (default
allow in/out).  Does IPfilter do any hardening to /dev/ip that would make an
ioctl() call fail?

Thanks,

Robert Bullington
Lehman Brothers
Security Engineering
Tel: 201-793-6454
Fax: 646-758-1034
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>




------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the designated 
recipient(s) named above.  If you are not the intended recipient of this message you 
are hereby notified that any review, dissemination, distribution or copying of this 
message is strictly prohibited.  This communication is for information purposes only 
and should not be regarded as an offer to sell or as a solicitation of an offer to buy 
any financial product, an official confirmation of any transaction, or as an official 
statement of Lehman Brothers.  Email transmission cannot be guaranteed to be secure or 
error-free.  Therefore, we do not represent that this information is complete or 
accurate and it should not be relied upon as such.  All information is subject to 
change without notice.

Suspect that IPFilter breaks Veritas VCS

Reply via email to