Olaf Rempel wrote:
>>On Trustix 2.2 Linux 2.4.31-6tr, I get the following error:
>> [EMAIL PROTECTED] ~/scripts# iptables -A FORWARD -d boss.streamos.com -j
>> ACCEPT
>> Segmentation fault
>>
>>
>
>Some more informations please :)
>
>
Thanks for replying. Sure, I am glad to give more information. :)
First, the only relatively strange thing on my system I can think of is
that I use dnsmasq on the same system as iptables. The dnsmasq program
caches DNS and provides DHCP.
>$ rpm -q iptables
>
>
# rpm -q iptables
iptables-1.2.11-7tr
>$ host boss.streamos.com
>
>
# host boss.streamos.com
boss.streamos.com has address 69.27.174.221
boss.streamos.com has address 69.27.160.221
;; reply from unexpected source: 205.171.2.65#53, expected 127.0.0.1#53
;; Warning: ID mismatch: expected ID 302, got 65355
>$ strace iptables -A FORWARD -d boss.streamos.com -j ACCEPT
>
>
# strace iptables -A FORWARD -d boss.streamos.com -j ACCEPT
execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-d",
"boss.streamos.com", "-j", "ACCEPT"], [/* 17 vars */]) = 0
brk(0) = 0x8054570
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=17039, ...}) = 0
old_mmap(NULL, 17039, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40016000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\26"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=8704, ...}) = 0
old_mmap(NULL, 11164, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001b000
mprotect(0x4001d000, 2972, PROT_NONE) = 0
old_mmap(0x4001d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x1000) = 0x4001d000
close(3) = 0
open("/lib/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220<\0"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=75144, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x4001e000
old_mmap(NULL, 85248, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001f000
mprotect(0x40031000, 11520, PROT_NONE) = 0
old_mmap(0x40031000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x11000) = 0x40031000
old_mmap(0x40032000, 7424, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40032000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Y\1"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=1262160, ...}) = 0
old_mmap(NULL, 1243008, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40034000
mprotect(0x4015d000, 26496, PROT_NONE) = 0
old_mmap(0x4015d000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x128000) = 0x4015d000
old_mmap(0x40161000, 10112, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40161000
close(3) = 0
munmap(0x40016000, 17039) = 0
open("/dev/urandom", O_RDONLY) = 3
read(3, "\322p\332\272>\331~Cp#U\206\314P\345h{\201`~7#\242\371"..., 32)
= 32
close(3) = 0
brk(0) = 0x8054570
brk(0x8055570) = 0x8055570
brk(0) = 0x8055570
brk(0x8056000) = 0x8056000
open("//lib/iptables/libipt_standard.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\3\0"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=3022, ...}) = 0
old_mmap(NULL, 5560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40016000
mprotect(0x40017000, 1464, PROT_NONE) = 0
old_mmap(0x40017000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0) = 0x40017000
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1805, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x40018000
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1805
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40018000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=17039, ...}) = 0
old_mmap(NULL, 17039, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40164000
close(3) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\37"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=37296, ...}) = 0
old_mmap(NULL, 40096, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40169000
mprotect(0x40172000, 3232, PROT_NONE) = 0
old_mmap(0x40172000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x8000) = 0x40172000
close(3) = 0
open("/dev/urandom", O_RDONLY) = 3
read(3, "\371S8=\206\347\213\345\270<\vQ\266\245\301sS\r\240\377"...,
32) = 32
close(3) = 0
munmap(0x40164000, 17039) = 0
gettimeofday({1134402026, 991416}, NULL) = 0
getpid() = 30444
open("/etc/resolv.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=69, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x40018000
read(3, "nameserver 127.0.0.1\nnameserver "..., 4096) = 69
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40018000, 4096) = 0
uname({sys="Linux", node="hostname.srm", ...}) = 0
open("/etc/networks", O_RDONLY) = -1 ENOENT (No such file or
directory)
socket(PF_FILE, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/.nscd_socket"}, 110) = -1
ENOENT (No such file or directory)
close(3) = 0
open("/etc/host.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=26, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x40018000
read(3, "order hosts,bind\nmulti on\n", 4096) = 26
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40018000, 4096) = 0
open("/etc/hosts", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=478, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x40018000
read(3, "127.0.0.1\t\tlocalhost.localdomain"..., 4096) = 478
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40018000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=17039, ...}) = 0
old_mmap(NULL, 17039, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40164000
close(3) = 0
open("/lib/libnss_dns.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \22\0\000"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=16408, ...}) = 0
old_mmap(NULL, 19040, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40173000
mprotect(0x40177000, 2656, PROT_NONE) = 0
old_mmap(0x40177000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x3000) = 0x40177000
close(3) = 0
open("/lib/libresolv.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p+\0\000"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=62364, ...}) = 0
brk(0) = 0x8056000
brk(0x8057000) = 0x8057000
old_mmap(NULL, 74560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40178000
mprotect(0x40187000, 13120, PROT_NONE) = 0
old_mmap(0x40187000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0xe000) = 0x40187000
old_mmap(0x40188000, 9024, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40188000
close(3) = 0
open("/dev/urandom", O_RDONLY) = 3
read(3, "`\327t\362\234\rd\244\266\272+ \331i8\325\222\260\313\235"...,
32) = 32
close(3) = 0
open("/dev/urandom", O_RDONLY) = 3
read(3, "K[\2756\200r\267\4\364?\24d\32\270\300\5\23718\333\360"..., 32)
= 32
close(3) = 0
munmap(0x40164000, 17039) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("127.0.0.1")}, 28) = 0
send(3, "\317\277\1\0\0\1\0\0\0\0\0\0\4boss\10streamos\3com\0\0"..., 35,
0) = 35
gettimeofday({1134402027, 22586}, NULL) = 0
poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(3, FIONREAD, [189]) = 0
recvfrom(3, "\317\277\201\200\0\1\0\2\0\3\0\3\4boss\10streamos\3com"...,
1024, 0, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("127.0.0.1")}, [16]) = 189
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84]) = 0
brk(0) = 0x8057000
brk(0x805d000) = 0x805d000
getsockopt(3, SOL_IP, 0x41 /* IP_??? */,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [23620]) = 0
brk(0) = 0x805d000
brk(0x8063000) = 0x8063000
brk(0) = 0x8063000
brk(0x806a000) = 0x806a000
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
>is iptables -A FORWARD -d $some-ip -j ACCEPT working?
>
>
Yes. I run my iptables script twice a day and I use the same format for
>10 addresses, and at most, one fails Sometimes none fail. Lately
only boss.streamos.com has been failing the second time in the day I run it.
Also, after I ran the above commands, I repeated them. The first
repetition did not crash but the second repetition did crash:
# host boss.streamos.com
boss.streamos.com has address 69.27.160.221
# iptables -A FORWARD -d boss.streamos.com -j ACCEPT
# host boss.streamos.com
boss.streamos.com has address 69.27.160.221
boss.streamos.com has address 69.27.174.221
# iptables -A FORWARD -d boss.streamos.com -j ACCEPT
Segmentation fault
Andrew
BTW,
I appreciate replies CC to me because I only get the list digest.
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
