Paul

 

The nvram utility writes parameters in to a configuration area of flash memory separate from the firmware and filesystem

The entire fw script is being stored in one parameter.  There are limits on the size.

Most likely the script is too big to fit in a single nvram parameter.

 

If this is the case, use a basic linux install and save the fw script to the file system.

Then modify talisman to run the script from the filesystem rather than from the nvram paramater

 

 

---------------------------------------------------------------------------

Chris Martin

m: 0419 812 371

e: chris@martin.name

---------------------------------------------------------------------------


From: fwbuilder-discussion-bounces@lists.sourceforge.net [mailto:fwbuilder-discussion-bounces@lists.sourceforge.net] On Behalf Of Vadim Kurland ?
Sent: Wednesday, 30 August 2006 6:59 AM
To: Paul
Cc: fwbuilder-discussion@lists.sourceforge.net
Subject: Re: [Fwbuilder-discussion] Help! FirewallBuilder v2.0.12"Segmantation Fault" after upgrade to Sveasoft Talisman 1.2

 

 

On Aug 29, 2006, at 12:50 PM, Paul wrote:



Hello,

I'd been successfully trying out FirewallBuilder per instructions/advice from folks at the Sveasoft Firmware forums with FWB 2.0.12 & Talisman v 1.1.

After today installing the upgrade to Talisman firmware v1.2, FWB now fails to telnet to the box, giving the "Segmentation Fault" error below.

I've tried the v2.1.5b, but that crashes every time I try to compile or save rules.

At the moment, short of downgrading to Talisman 1.1, I'm kind of stuck here.

Can someone help me get FWB to behave?

Fyi, I *can* successfully ssh/telnet into the Linksys router.

 

 

so, looking at the log ...

 

debug1: Sending command: echo '--**--**--'; mv /tmp/linksys_fw.fw /tmp/fwb; /usr/sbin/nvram unset rc_firewall; /usr/sbin/nvram set rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; /usr/sbin/nvram unset fwb; /usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip|uuencode -`" || exit 1; rm /tmp/fwb; echo "Saving data to flash memory"; /usr/sbin/nvram commit || exit 1; echo "Flash memory:"; /usr/sbin/nvram show >/dev/null; echo "Activating policy"; /usr/sbin/nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy activated')

Logged in

------------------------------------------

Sveasoft Firmware for Wireless Routers

Talisman

 

USE OF THIS FIRMWARE IS AT YOUR OWN RISK

 

http://www.sveasoft.com

 

------------------------------------------

--**--**--

Segmentation fault

debug1: client_input_channel_req: channel 0 rtype exit-status reply 0

debug1: channel 0: free: client-session, nchannels 1

 

 

as you can see, the "special" prompt "--**--**--" comes out, that is how fwbuilder tells itself that it successfully logged in. Next after that it moves iptables script /tmp/linksys_fw,fw to /tmp/fwb, this apparently worked since there were no error messages related to 'mv'. Next it tries to unset NVRAM variable rc_firewall by calling "/usr/sbin/nvram unset rc_firewall" and then assigns new value to this variable. Apparently /usr/sbin/nvram crashes during one of these operations, or during manipulation of the nvram variable fwb which is done right after that. I guess you could try to find out which one it is by executing the same commands manually; you can get the list of commands from the "Sending command:" log line. Anyway, looks like the problem caused by the crash of one of Sveasoft's tools, most likely /usr/sbin/nvram.

 

--vk

 

 

 



Thanks.

Paul


Summary:* firewall name : linksys_fw
* user name : root
* management address : 10.0.0.1
* platform : iptables
* host OS : linksys
* Loading configuration from file /var/firewall/linksys.fwb
Copying /var/firewall/linksys_fw.fw -> 10.0.0.1:/tmp
Running command 'fwbuilder2.app/Contents/MacOS/fwbuilder -X -v -l root 10.0.0.1 echo '--**--**--';cat > /tmp/linksys_fw.fw '
*+*+*+* Running sssh as : /usr/local/openssh/bin/ssh -F /etc/ssh/ssh_config -i /etc/ssh/ssh.linksys.dsa -v -l root 10.0.0.1 echo '--**--**--';cat > /tmp/linksys_fw.fw
Logged in
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for 10.0.0.1
debug1: Applying options for *
debug1: Connecting to 10.0.0.1 [10.0.0.1] port 22.
debug1: fd 14 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /etc/ssh/ssh.linksys.dsa type -1
debug1: identity file /etc/ssh/ssh.linksys.dsa type -1
debug1: Remote protocol version 2.0, remote software version dropbear_0.48
debug1: no match: dropbear_0.48
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-cbc hmac-md5 none
debug1: kex: client->server aes256-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '10.0.0.1' is known and matches the DSA host key.
debug1: Found key in /Users/blakers/.ssh/known_hosts:1
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /etc/ssh/ssh.linksys.dsa
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: echo '--**--**--';cat > /tmp/linksys_fw.fw
--**--**--
SSH session terminated, exit status: 0
Activating new policy
Running command 'fwbuilder2.app/Contents/MacOS/fwbuilder -X -t -t -v -l root 10.0.0.1 echo '--**--**--'; mv /tmp/linksys_fw.fw /tmp/fwb; /usr/sbin/nvram unset rc_firewall; /usr/sbin/nvram set rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; /usr/sbin/nvram unset fwb; /usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip|uuencode -`" || exit 1; rm /tmp/fwb; echo "Saving data to flash memory"; /usr/sbin/nvram commit || exit 1; echo "Flash memory:"; /usr/sbin/nvram show >/dev/null; echo "Activating policy"; /usr/sbin/nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy activated') '
debug1: fd 14 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /etc/ssh/ssh.linksys.dsa type -1
debug1: identity file /etc/ssh/ssh.linksys.dsa type -1
debug1: Remote protocol version 2.0, remote software version dropbear_0.48
debug1: no match: dropbear_0.48
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-cbc hmac-md5 none
debug1: kex: client->server aes256-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '10.0.0.1' is known and matches the DSA host key.
debug1: Found key in /Users/blakers/.ssh/known_hosts:1
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /etc/ssh/ssh.linksys.dsa
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: echo '--**--**--'; mv /tmp/linksys_fw.fw /tmp/fwb; /usr/sbin/nvram unset rc_firewall; /usr/sbin/nvram set rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; /usr/sbin/nvram unset fwb; /usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip|uuencode -`" || exit 1; rm /tmp/fwb; echo "Saving data to flash memory"; /usr/sbin/nvram commit || exit 1; echo "Flash memory:"; /usr/sbin/nvram show >/dev/null; echo "Activating policy"; /usr/sbin/nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy activated')
Logged in
------------------------------------------

Sveasoft Firmware for Wireless Routers

Talisman

USE OF THIS FIRMWARE IS AT YOUR OWN RISK

http://www.sveasoft.com

------------------------------------------
--**--**--
Segmentation fault
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to 10.0.0.1 closed.
debug1: Transferred: stdin 0, stdout 0, stderr 35 bytes in 0.7 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 48.2
debug1: Exit status 1
SSH session terminated, exit status: 1

-------------------------------------------------------------------------

Using Tomcat but need to do more? Need to support web services, security?

Get stuff done quickly with pre-integrated technology to make your job easier

Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo

http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

 

!DSPAM:44f49b2b194372106666491!

_______________________________________________

Fwbuilder-discussion mailing list

Fwbuilder-discussion@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion

 

 

!DSPAM:44f49b2b194372106666491!