From: UnixOS2 Archive To: "UnixOS2 Archive" Date: Tue, 25 Feb 2003 04:54:01 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600 Subject: [UnixOS2_Archive] No. 55 ************************************************** Monday 24 February 2003 Number 55 ************************************************** Subjects for today 1 Re: RSYNC and firewalls : IanM" 2 Re: RSYNC and firewalls : IanM" 3 FreeSwan : John Poltorak 4 Re: realtime chat : Maynard" 5 Re: FreeSwan : Steve Wendt 6 Re: RSYNC and firewalls : IanM" 7 Re: FreeSwan : John Poltorak 8 Re: FreeSwan : Stefan Neis 9 Re: FreeSwan : Stefan Neis 10 Re: FreeSwan : Christian Hennecke" 11 Re: realtime chat : Dave Saville" 12 Re: FreeSwan : Stefan Neis 13 Re: FreeSwan : Christian Hennecke" 14 Re: FreeSwan : Stefan Neis 15 Re: [Fwd: readline 4.1 can cause SIGFPEs] : Thomas Hoffmann **= Email 1 ==========================** Date: Tue, 25 Feb 2003 02:26:37 +1100 (EDT) From: "IanM" Subject: Re: RSYNC and firewalls Hi John >Are there any tricks to getting RSYNC working through a firewall? It doesnt seem to work if I am running FTP on the firewall, and I still cant figure out why.... I using InJoy Firewall v1.4 >A number of people have said it doesn't work. I was one of them :-) Cheers IanM http://www.os2site.com/ New Mail not found. Start whine-pout sequence? (Y/N) **= Email 2 ==========================** Date: Tue, 25 Feb 2003 02:53:14 +1100 (EDT) From: "IanM" Subject: Re: RSYNC and firewalls Hi John >Did you need to reconfigure your firewall for it to work? I did but without success, so I put the files back to normal, and it was only by accident that I discovered rsync was now working, and a little while later when I restarted the ftp server on the FW to retrieve the backup did I discover rsync nolonger worked, so after I stopped FTPServer again, and rsync worked. Cheers IanM http://www.os2site.com/ If at first you don't succeed, destroy all evidence that you tried. **= Email 3 ==========================** Date: Tue, 25 Feb 2003 09:36:38 +0000 From: John Poltorak Subject: FreeSwan Anyone heard of FreeSwan? For details see:- http://www.freeswan.org It's an implementation of IPSEC & IKE for Linux and someone has suggested it would be useful to have an OS/2 version of it. What would be involved in porting it? -- John **= Email 4 ==========================** Date: Tue, 25 Feb 2003 11:25:52 -0600 (CST) From: "Maynard" Subject: Re: realtime chat On Tue, 25 Feb 2003 16:42:56 +0000 (GMT), Dave Saville wrote: >Anyone ever on it? yes >Been empty every time I've looked :-( yes Should it be moved to the ecomstation network? [http://www.ecomstation.com/ecs_demo_view.phtml?url=content/ircnetwork.h tml] -- Maynard **= Email 5 ==========================** Date: Tue, 25 Feb 2003 12:06:50 -0800 (PST) From: Steve Wendt Subject: Re: FreeSwan On Tue, 25 Feb 2003, John Poltorak wrote: > It's an implementation of IPSEC & IKE for Linux and someone has suggested > it would be useful to have an OS/2 version of it. What would be involved FX (makes of Injoy) have already ported IKE: http://www.fx.dk/ipsec/ http://www.fx.dk/beta/ **= Email 6 ==========================** Date: Tue, 25 Feb 2003 12:38:57 +1100 (EDT) From: "IanM" Subject: Re: RSYNC and firewalls Hi John/Maynard >>Does FTPServer block the port that RSYNC uses? No, the ports should never clash, to me its like saying that someone who drove down the road in Perth WA, put a dent in a car in Melbourne, large distance between both locations. The same with Rsync and FTP (Passive or active), the ports uses are far apart. >I would expect that it is physically impossible for a server to block >local outbound traffic or inbound traffic to any port which it has not >opened and acquired inbound control over. Ditto >It remains possible however that the fx firewall gets confused by >particular packet allow/deny sequences if/while it is trying to be >"stateful" about its ftp, or other, connections. I think its safe to say its something to do with FX Firewall and that I'm running an FTPServer on it, I got SmoothWall up and running lastnight, and that causes no problems. I'll try it on FX Firewall v3.0 in the coming weeks and see how that fares. Cheers IanM http://www.os2site.com/ .. Printout - A document to verify data you know is wrong anyway. **= Email 7 ==========================** Date: Tue, 25 Feb 2003 12:40:45 +0000 From: John Poltorak Subject: Re: FreeSwan On Tue, Feb 25, 2003 at 01:34:23PM +0100, Stefan Neis wrote: > On Tue, 25 Feb 2003, John Poltorak wrote: > > > Anyone heard of FreeSwan? > > > > It's an implementation of IPSEC & IKE for Linux and someone has suggested > > it would be useful to have an OS/2 version of it. What would be involved > > in porting it? > > What features exactly are new in TCP/IP 4.1/4.2/4.3, except for "32 bit"? Firewall ?... > Is IPSEC & IKE something that really isn't included? I don't know anything about FreeSwan, but I do see an IPSEC.SYS in \mptn\protocol so I don't know if this makes it easier to port, or whether it meeans we don't need it. > > Regards, > Stefan > -- > Micro$oft is not an answer. It is a question. The answer is 'no'. > -- John **= Email 8 ==========================** Date: Tue, 25 Feb 2003 13:34:23 +0100 (CET) From: Stefan Neis Subject: Re: FreeSwan On Tue, 25 Feb 2003, John Poltorak wrote: > Anyone heard of FreeSwan? > > It's an implementation of IPSEC & IKE for Linux and someone has suggested > it would be useful to have an OS/2 version of it. What would be involved > in porting it? What features exactly are new in TCP/IP 4.1/4.2/4.3, except for "32 bit"? Is IPSEC & IKE something that really isn't included? Regards, Stefan -- Micro$oft is not an answer. It is a question. The answer is 'no'. **= Email 9 ==========================** Date: Tue, 25 Feb 2003 15:01:31 +0100 (CET) From: Stefan Neis Subject: Re: FreeSwan On Tue, 25 Feb 2003, John Poltorak wrote: > > Is IPSEC & IKE something that really isn't included? > > I don't know anything about FreeSwan, but I do see an IPSEC.SYS in > \mptn\protocol so I don't know if this makes it easier to port, or whether > it meeans we don't need it. I tend to read that as "we have it already". -- Stefan **= Email 10 ==========================** Date: Tue, 25 Feb 2003 16:33:56 +0100 (CET) From: "Christian Hennecke" Subject: Re: FreeSwan On Tue, 25 Feb 2003 15:01:31 +0100 (CET), Stefan Neis wrote: >> > Is IPSEC & IKE something that really isn't included? >> >> I don't know anything about FreeSwan, but I do see an IPSEC.SYS in >> \mptn\protocol so I don't know if this makes it easier to port, or whether >> it meeans we don't need it. > >I tend to read that as "we have it already". No, we don't really. The implementation that comes with TCP/IP 4.1 and later is very limited, e.g. you can't use dynamic IPs. For "serious" use one has to use ISDNPM currently. Christian Hennecke **= Email 11 ==========================** Date: Tue, 25 Feb 2003 16:42:56 +0000 (GMT) From: "Dave Saville" Subject: Re: realtime chat On Tue, 07 Jan 2003 18:59:19 +0100 (CET), Adrian Gschwend wrote: >I would propose to open a #unixos2 channel on irc.anduin.net. Ltning >won't have a problem with that. > >Created it now, I will join the next days and I hope I'm not the only >one :-) Anyone ever on it? Been empty every time I've looked :-( -- Regards Dave Saville **= Email 12 ==========================** Date: Tue, 25 Feb 2003 17:26:37 +0100 (CET) From: Stefan Neis Subject: Re: FreeSwan On Tue, 25 Feb 2003, Christian Hennecke wrote: > On Tue, 25 Feb 2003 15:01:31 +0100 (CET), Stefan Neis wrote: > >I tend to read that as "we have it already". > > No, we don't really. The implementation that comes with TCP/IP 4.1 and > later is very limited, e.g. you can't use dynamic IPs. For "serious" > use one has to use ISDNPM currently. s/we/I/ ;-) IsdnPM supports IPSEC? Or have you been talking about firewall functionality? Regards, Stefan -- Micro$oft is not an answer. It is a question. The answer is 'no'. **= Email 13 ==========================** Date: Tue, 25 Feb 2003 17:57:24 +0100 (CET) From: "Christian Hennecke" Subject: Re: FreeSwan On Tue, 25 Feb 2003 17:26:37 +0100 (CET), Stefan Neis wrote: >> >I tend to read that as "we have it already". >> >> No, we don't really. The implementation that comes with TCP/IP 4.1 and >> later is very limited, e.g. you can't use dynamic IPs. For "serious" >> use one has to use ISDNPM currently. > >s/we/I/ ;-) >IsdnPM supports IPSEC? Or have you been talking about firewall >functionality? Hm, I may have misunderstood something, but it *does* support PPTP: the latest feature list says (translated) "support for VPN tunnels via an existing or ISDNPM-created TCP/IP connection". And encryption is also mentioned. Christian Hennecke **= Email 14 ==========================** Date: Tue, 25 Feb 2003 18:57:26 +0100 (CET) From: Stefan Neis Subject: Re: FreeSwan On Tue, 25 Feb 2003, Christian Hennecke wrote: > Hm, I may have misunderstood something, but it *does* support PPTP: the > latest feature list says (translated) "support for VPN tunnels via an > existing or ISDNPM-created TCP/IP connection". And encryption is also > mentioned. Sounds like I missed something, but then I had no reason to specifically search for that functionality... Thanks, Stefan -- Micro$oft is not an answer. It is a question. The answer is 'no'. **= Email 15 ==========================** Date: Tue, 25 Feb 2003 21:20:32 +0100 From: Thomas Hoffmann Subject: Re: [Fwd: readline 4.1 can cause SIGFPEs] Ilya Zakharevich wrote: > On Mon, Feb 24, 2003 at 10:59:34PM +0100, Thomas Hoffmann wrote: > >>This looked rather mysterious to me: I copy/pasted "harmless" sample >>code from a Web page into the Vio window of a statistics application and >>ended up with a crash due to a SIGFPE. Because this application is >>rather complex I had to test and debug for a while until I found out that: >> >>-the crash happens only for pasted (Sh-Ins style) text, not for the same >>text keyed in and not for the same text pasted using the MB1+MB2 method, >>-after Sh-Ins the programs crashes even when I deleted this text and >>typed over it the same text: the program seemed to become "contaminated" >>by the Sh-Ins >> >>Now the above mentioned program masks floating point exceptions and uses >>IEEE style handling as provided by libcext. (But EMX by default uses the >>same masking at the start of a program.) >>I noticed that my sample input internally created a FP error which is >>normally handled by the program. >> >>To make a long story short: readline (which is used in the above >>program) uses for getting a working Sh-Ins (...which needs the Clipboard >>and has to be a PM program for this) the "morphing trick" (read older >>OS/2 archives for details). As soon as WinCreateMsgQueue() is called >>(which is necessary for getting access to the Clipboard), the "control >>word" for the FPU is reset (is this documented anywhere?) and subsequent >>FP errors can no longer be handled by the program but lead to a crash. >> >>My question: Isn't it a bit too risky to silently reset the FP status >>when using the Sh-Ins provided by readline? For now I see only two >>solutions for this problem: either remove this (convenient) clipboard >>access from readline or bracket the corresponding code with save/restore >>code for the FPU state (...are there possibly other program stati that >>get reset by "morphing" the application"?) > > > Please google for my messages concerning _control87(). This is what I > remember now: > > some IBM-produced DLLs reset 80387 flags at random moments; > > the culprits I identified definitely: > > gamesrvr.dll (sp?) of DIVE resets flags on any screen write > (at least in VIO applications). Check the .INI files (might > sit in PM_ED_HOOKS). > > tcpip32.dll (sp? one loaded by EMX for TCP/IP) resets flags > *during load time* (at least at the IAK level). > > Some (unindentified) window manipulations may also reset the flags > in some situations (I do not know the details, but this is a common > plague of OpenGL applicaitons). > > It is reasonable to suppose that some other DLLs may also reset > flags on load. > > The problem you observe may be of one of these varieties. Please > check which one it is so that I can proceed accordingly. > > On my system I get > > perl -Ilib -MOS2::Process -wle "print OS2::get_control87; print winTitle; print OS2::get_control87" > 895 > FC/2: perl -Ilib -MOS2::Process -wle "print OS2::get_control > 895 > > which basically means that "just morphing" is OK here. The difference > with the READLINE case is that (recent) Perls have safeguards against > DLL-loading changing the FP flags; so if loading PMWIN.DLL changes FP > flags, Perl will compensate for it. > > So please report the results of the above. > > Hope this helps, > Ilya > I tried to isolate the minimal C code snippet that reproduces the problem, using some lines from the morphing code used in readline. The critical line is hmq = _WinCreateMsgQueue(hab, 64); --> commenting it out, the program prints: D:\thoffman\work\R\fpustuff>fpcrash.exe 1:inf 2:inf --> leaving it uncommented, I get: D:\thoffman\work\R\fpustuff>fpcrash.exe 1:inf Process terminated by SIGFPE core dumped The test program was compiled without any flags using gcc 3.0.3, it is: #include #include #include # define INCL_PM /* I want some PM functions.. */ # define INCL_DOSPROCESS /* TIB PIB. */ # include static PPIB pib; HAB hab; HMQ hmq; HMQ (APIENTRY *_WinCreateMsgQueue)(HAB, LONG); HAB (APIENTRY *_WinInitialize)(ULONG); PTIB tib; HMODULE hMte = 0; char loadErr[260]; /* MAXPATHLEN */ double i,o; int main (int argc, char *argv[]) { i=2; printf("1:%g\n",i/0); DosGetInfoBlocks(&tib, &pib); if (DosLoadModule(loadErr, 256, "PMWIN", &hMte) != 0) return; DosQueryProcAddr(hMte, 716, 0, (PFN*)&_WinCreateMsgQueue); DosQueryProcAddr(hMte, 763, 0, (PFN*)&_WinInitialize); if (pib->pib_ultype != 3) /* 2 is VIO */ pib->pib_ultype = 3; /* 3 is PM */ hab = _WinInitialize(0); hmq = _WinCreateMsgQueue(hab, 64); printf("2:%g\n",i/0); return 0; } BTW: Can you say in short how Perl's safeguards work? Thanks, Thomas.