From: Pawel R. <so...@rs...> - 2003-09-02 19:36:17
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, i know that someone must be half brained to do such thing, but it happend few times to me. Pawel, maybe You should add some kind of checking if the cerb and kernel are compiled from the same sources. If not - log message and disallow loading of module. After loading mismatched cerb, my machine started to do strange things - i was unable to modify cerb rules or unload module (device in use). Only reboot helped. This is just my sugestion. - -- Pawel Rutkowski Centauri RSC +48 22 847 68 52 http://www.rsc.pl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/VPEiaDcb2WrrB7QRAiT4AKCDQH2PtceCC2Aa/PH7vZhbxJEjHgCgtG4K UzhpBNi+VDWmiTku0aVs4ok= =0Iln -----END PGP SIGNATURE----- |
From: Pawel J. D. <ni...@ga...> - 2003-09-02 20:33:03
|
On Tue, Sep 02, 2003 at 09:36:02PM +0200, Pawel Rutkowski wrote: +> Well, i know that someone must be half brained to do such thing, but it +> happend few times to me. +> Pawel, maybe You should add some kind of checking if the cerb and kernel +> are compiled from the same sources. If not - log message and disallow lo= ading +> of module. There is such check in cbctl, look at ucerb/libcerb.c:1016. Additionally cerb.ko made some checks as well, but when I've check this last time, there is no chance to prevent module from loading - I get panic if I want to return an error (this is FreeBSD bug). So for now only warning message is logged. +> After loading mismatched cerb, my machine started to do strange things -= =20 +> i was unable to modify cerb rules or unload module (device in use). +> Only reboot helped. Are you sure this was because of kcerb/ucerb desynch? Maybe there was desynch between cerb and kernel? Or maybe there is a bug in cerb? --=20 Pawel Jakub Dawidek pa...@da... UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net |
From: Dariusz K. <ta...@ta...> - 2003-09-03 05:56:54
|
Hello Pawel, Tuesday, September 2, 2003, 1:35:00 PM, you wrote: +>> After loading mismatched cerb, my machine started to do strange things - +>> i was unable to modify cerb rules or unload module (device in use). +>> Only reboot helped. > Are you sure this was because of kcerb/ucerb desynch? > Maybe there was desynch between cerb and kernel? Or maybe there is a > bug in cerb? I think there is bug in cerb, I don't know if you readed my previous posts, but I got same error, and for sure there was no desynch between kcerb and kernel, because I still keep 4.8 kernel code, problems appeared while I recompiled new cerb. In my situation, there could be one thing, that you mentioned and I could fail. I'm not sure now if I upgraded cbctl together with kcerb. But I'm about 90% sure that I did that, also I couldn't set active rules using sysctl, so I doubt it's cbctl issue (but I don't know cerb that much) -- Best regards, Dariusz mailto:ta...@ta... SCSA, SCNA, LPI, CCNA, MCP certified |
From: Pawel R. <so...@rs...> - 2003-09-03 07:38:09
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Are you sure this was because of kcerb/ucerb desynch? No - i'm almost sure it wasn't. > Maybe there was desynch between cerb and kernel? Or maybe there is a Look at subject :) I was writing about desynch beetwen kcerb and kernel. > bug in cerb? Probably not - after reboot i've recompiled kcerb and ucerb and everything looks normal now. - -- Pawel Rutkowski Centauri RSC +48 22 847 68 52 http://www.rsc.pl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/VZpRaDcb2WrrB7QRAtu8AKCNNDIfNuqnv96epOsNDHWvm89YawCgtuve KA9BrLoSCRm5IucH7gHqLSI= =GDFY -----END PGP SIGNATURE----- |
From: Pawel J. D. <ni...@ga...> - 2003-09-03 06:20:09
|
On Tue, Sep 02, 2003 at 10:48:27PM -0700, Dariusz Kulinski wrote: +> +>> After loading mismatched cerb, my machine started to do strange thin= gs - +> +>> i was unable to modify cerb rules or unload module (device in use). +> +>> Only reboot helped. +> > Are you sure this was because of kcerb/ucerb desynch? +> > Maybe there was desynch between cerb and kernel? Or maybe there is a +> > bug in cerb? +>=20 +> I think there is bug in cerb, I don't know if you readed my previous +> posts, but I got same error, and for sure there was no desynch between +> kcerb and kernel, because I still keep 4.8 kernel code, problems +> appeared while I recompiled new cerb. I'll try to reproduce it in that case. Are you talking about HEAD branch or about RC3 branch as well? +> But I'm about 90% sure that I did that, also I couldn't set active +> rules using sysctl, so I doubt it's cbctl issue (but I don't know cerb +> that much) This is because one of my last commits. Rules cannot be loaded if cbctl is using syscall which is currently catched. So I susspect that cbctl should turn cerb off in first place and then try to load rules. I'll work on this as well. Thanks! --=20 Pawel Jakub Dawidek pa...@da... UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net |
From: Dariusz K. <ta...@ta...> - 2003-09-03 07:07:04
|
Hello Pawel, Tuesday, September 2, 2003, 11:22:13 PM, you wrote: +>> I think there is bug in cerb, I don't know if you readed my previous +>> posts, but I got same error, and for sure there was no desynch between +>> kcerb and kernel, because I still keep 4.8 kernel code, problems +>> appeared while I recompiled new cerb. > I'll try to reproduce it in that case. Are you talking about HEAD branch > or about RC3 branch as well? HEAD, I belive RC3 is ok. At first I tried to use only RC3, but then I noticed that some bugfixes were only in HEAD so I though that RC3 branch was forgotten, and tried to use HEAD. I also had issues with reading new rules, but it's possible that I didn't upgrade cbctl... +>> But I'm about 90% sure that I did that, also I couldn't set active +>> rules using sysctl, so I doubt it's cbctl issue (but I don't know cerb +>> that much) > This is because one of my last commits. > Rules cannot be loaded if cbctl is using syscall which is currently > catched. So I susspect that cbctl should turn cerb off in first place > and then try to load rules. I'll work on this as well. How should it turn it off? If you're talking about cbctl -s, I can say that this also wasn't working. I tried to unload/load cerber but that didn't solve problem, only system reboot. -- Best regards, Dariusz mailto:ta...@ta... SCSA, SCNA, LPI, CCNA, MCP certified |