219919 – kern_securelevel=1 stops ipf from running

Bug 219919 - kern_securelevel=1 stops ipf from running

Summary: kern_securelevel=1 stops ipf from running

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	11.0-STABLE
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Cy Schubert

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-06-11 07:50 UTC by Aleks
Modified:	2021-02-23 14:33 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
ipf (107.79 KB, text/plain) 2017-06-17 18:52 UTC, Aleks	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Aleks 2017-06-11 07:50:53 UTC

rc.conf

kern_securelevel_enable="YES"
kern_securelevel=1

ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
#+ipfilter_flags="-D -T ipf_nattable_sz=10009,ipf_nattable_max=300000 -E"


ipf ===== Does not start

open device: No such file or directory
User/kernel version check failed

Glogs firewall does not protect.
How do other firewalls behold themselves.

Comment 1 Cy Schubert freebsd_committer

2017-06-13 00:53:24 UTC

Can you do ls -l /dev/ipl please?

Can you send me truss -f output from the ipf commend?

I am not able to reproduce the problem on a recent -CURRENT. In the mean time I will update my stable/11 partitions and VMs on my testbed to try to duplicate the problem there.

Another two things to try (after sending me truss outputs and ls -l /dev/ipl listsings) is service ipfilter stop and service ipfilter start. What do you get?

Also try ipf -y.

Do ls -l /dev/ipl before and after each of the above tests.

Comment 2 Cy Schubert freebsd_committer

2017-06-13 01:37:54 UTC

More questions:

Can you provide kldstat otuput?

Depending on output I may have more questions.

Comment 3 Aleks 2017-06-15 19:27:06 UTC

(In reply to Cy Schubert from comment #1)


:/usr/home/siuchin # ls -l /dev/ipl
crw-------  1 root  wheel  0x55 May 26 09:34 /dev/ipl

:/etc# sysctl kern.securelevel
kern.securelevel: 1

Comment 4 Aleks 2017-06-15 19:32:38 UTC

(In reply to Cy Schubert from comment #2)

pr 16 18:53:40 sshd[1186]: input_userauth_request: invalid user 1111 [preauth]
Apr 16 18:53:40 sshd[1186]: Connection closed by 31.207.47.55 port 47415 [preauth]
Apr 16 18:53:40 sshd[1188]: Connection closed by 31.207.47.55 port 55059 [preauth]
Apr 16 18:53:41 sshd[1190]: Invalid user 1234 from 31.207.47.55
Apr 16 18:53:41 sshd[1190]: input_userauth_request: invalid user 1234 [preauth]
Apr 16 18:53:41 sshd[1190]: Connection closed by 31.207.47.55 port 59676 [preauth]
Apr 16 18:53:41 sshd[1192]: Invalid user admin from 31.207.47.55
Apr 16 18:53:41 sshd[1192]: input_userauth_request: invalid user admin [preauth]
Apr 16 18:53:41 sshd[1192]: Connection closed by 31.207.47.55 port 40951 [preauth]
Apr 16 18:53:42 sshd[1194]: Invalid user admin from 31.207.47.55
Apr 16 18:53:42  sshd[1194]: input_userauth_request: invalid user admin [preauth]
Apr 16 18:53:42  sshd[1194]: Connection closed by 31.207.47.55 port 52849 [preauth]

Comment 5 Aleks 2017-06-15 19:35:17 UTC

@31 pass in quick inet proto tcp from 93.178.244.20/32 to any port = ssh group 1
@32 pass in quick inet proto tcp from 178.136.237.162/32 to any port = ssh group 1
@33 pass in quick inet proto tcp from 178.136.237.176/32 to any port = ssh group 1
@34 pass in quick inet proto tcp from 77.87.154.174/32 to any port = ssh group 1
@35 pass in quick inet proto tcp from 93.178.246.160/32 to any port = ssh group 1
@36 pass in quick inet proto tcp from 93.178.215.29/32 to any port = ssh group 1
@37 pass in quick inet proto tcp from 194.44.221.175/32 to any port = ssh group 1



*******

@85 pass in quick inet proto igmp from 224.0.0.0/4 to any group 1
@86 pass in quick inet proto igmp from any to 224.0.0.0/4 group 1
@87 pass in quick inet proto igmp from 240.0.0.0/4 to any group 1
@88 pass in quick inet proto igmp from any to 240.0.0.0/4 group 1
@89 block in log quick all group 1

Comment 6 Cy Schubert freebsd_committer

2017-06-16 01:18:06 UTC

(In reply to Aleks from comment #4)

This is not kldstat outpout.

Can you post output of kldstat please?

Can you send me truss -f output from the ipf commend?

You can do this by:

truss -f -o ipf.out ipf -ZFa -f /etc/rules.conf

Attach the file to this PR.

Comment 7 Aleks 2017-06-17 18:48:11 UTC

(In reply to Cy Schubert from comment #6)

bad packets:            in 0    out 0
 input packets:         blocked 1884048 passed 1305139262 nomatch 56 counted 0
output packets:         blocked 0 passed 227718525 nomatch 227717896 counted 0
 input packets logged:  blocked 1864634 passed 0
output packets logged:  blocked 0 passed 0
fopen(/etc/rules.conf) failed: No such file or directory


truss -f -o ipf.out ipf -ZFa -f /etc/ipf.rules

 input packets:         blocked 0 passed 110987 nomatch 110974 counted 0
output packets:         blocked 0 passed 19942 nomatch 19942 counted 0
 input packets logged:  blocked 0 passed 0
output packets logged:  blocked 0 passed 0

42022: mmap(0x0,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366361600 (0x800651000)
42022: issetugid()<----><------><------><------> = 0 (0x0)
42022: lstat("/etc",{ mode=drwxr-xr-x ,inode=54012288,size=2560,blksize=32768 }) = 0 (0x0)
42022: lstat("/etc/libmap.conf",{ mode=-rw-r--r-- ,inode=54012383,size=107,blksize=32768 }) = 0 (0x0)
42022: openat(AT_FDCWD,"/etc/libmap.conf",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
42022: fstat(3,{ mode=-rw-r--r-- ,inode=54012383,size=107,blksize=32768 }) = 0 (0x0)
42022: mmap(0x0,107,PROT_READ,MAP_PRIVATE,3,0x0) = 34366394368 (0x800659000)
42022: close(3)><------><------><------><------> = 0 (0x0)
42022: lstat("/usr",{ mode=drwxr-xr-x ,inode=61957632,size=512,blksize=32768 }) = 0 (0x0)
42022: lstat("/usr/local",{ mode=drwxr-xr-x ,inode=62037896,size=512,blksize=32768 }) = 0 (0x0)
42022: lstat("/usr/local/etc",{ mode=drwxr-xr-x ,inode=62680266,size=1024,blksize=32768 }) = 0 (0x0)
42022: lstat("/usr/local/etc/libmap.d",0x7fffffffcae8) ERR#2 'No such file or directory'
42022: munmap(0x800659000,107)<><------><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
42022: read(3,"Ehnt\^A\0\0\0\M^@\0\0\0g\0\0\0\0"...,128) = 128 (0x80)
42022: fstat(3,{ mode=-r--r--r-- ,inode=23461988,size=231,blksize=32768 }) = 0 (0x0)
42022: lseek(3,0x80,SEEK_SET)<-><------><------> = 128 (0x80)
42022: read(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,103) = 103 (0x67)
42022: close(3)><------><------><------><------> = 0 (0x0)
42022: access("/lib/libpcap.so.8",F_OK)><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/lib/libpcap.so.8",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
42022: fstat(3,{ mode=-r--r--r-- ,inode=1444634,size=308872,blksize=32768 }) = 0 (0x0)
42022: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366394368 (0x800659000)
42022: mmap(0x0,2408448,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34368462848 (0x800852000)
42022: mmap(0x800852000,303104,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34368462848 (0x800852000)
42022: mmap(0x800a9b000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x49000) = 34370859008 (0x800a9b000)
42022: mmap(0x800a9d000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34370867200 (0x800a9d000)
42022: munmap(0x800659000,4096)><------><------> = 0 (0x0)
42022: close(3)><------><------><------><------> = 0 (0x0)
42022: access("/lib/libkvm.so.7",F_OK)<><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/lib/libkvm.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
42022: fstat(3,{ mode=-r--r--r-- ,inode=1444612,size=60712,blksize=32768 }) = 0 (0x0)
42022: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366394368 (0x800659000)
42022: mmap(0x0,2154496,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34370871296 (0x800a9e000)
42022: mmap(0x800a9e000,57344,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34370871296 (0x800a9e000)
42022: mmap(0x800cab000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xd000) = 34373021696 (0x800cab000)
42022: munmap(0x800659000,4096)><------><------> = 0 (0x0)
42022: close(3)><------><------><------><------> = 0 (0x0)
42022: access("/lib/libc.so.7",F_OK)<--><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
42022: fstat(3,{ mode=-r--r--r-- ,inode=1444651,size=1744352,blksize=32768 }) = 0 (0x0)
42022: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366394368 (0x800659000)
42022: mmap(0x0,3883008,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34373025792 (0x800cac000)


42022: mmap(0x800cac000,1634304,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34373025792 (0x800cac000)
42022: mmap(0x80103a000,53248,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x18e000) = 34376753152 (0x80103a000)
42022: mmap(0x801047000,102400,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34376806400 (0x801047000)
42022: munmap(0x800659000,4096)><------><------> = 0 (0x0)
42022: close(3)><------><------><------><------> = 0 (0x0)
42022: access("/lib/libelf.so.2",F_OK)<><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/lib/libelf.so.2",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
42022: fstat(3,{ mode=-r--r--r-- ,inode=1444657,size=98136,blksize=32768 }) = 0 (0x0)
42022: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366394368 (0x800659000)
42022: mmap(0x0,2191360,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34376908800 (0x801060000)
42022: mmap(0x801060000,94208,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34376908800 (0x801060000)
42022: mmap(0x801276000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x16000) = 34379096064 (0x801276000)
42022: munmap(0x800659000,4096)><------><------> = 0 (0x0)
42022: close(3)><------><------><------><------> = 0 (0x0)
42022: mmap(0x0,40960,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366394368 (0x800659000)
42022: munmap(0x80065c000,28672)<------><------> = 0 (0x0)
42022: mmap(0x0,102400,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366406656 (0x80065c000)
42022: sysarch(AMD64_SET_FSBASE,0x7fffffffe4b8)> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: readlink("/etc/malloc.conf",0x7fffffffdbb0,1024) ERR#2 'No such file or directory'
42022: issetugid()<----><------><------><------> = 0 (0x0)
42022: __sysctl(0x7fffffffda50,0x2,0x7fffffffdaa0,0x7fffffffda98,0x800e0a51f,0xd) = 0 (0x0)
42022: __sysctl(0x7fffffffdaa0,0x2,0x7fffffffdb64,0x7fffffffdb58,0x0,0x0) = 0 (0x0)
42022: mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34379100160 (0x801277000)
42022: munmap(0x801277000,2097152)<----><------> = 0 (0x0)
42022: mmap(0x0,4190208,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34379100160 (0x801277000)
42022: munmap(0x801277000,1609728)<----><------> = 0 (0x0)
42022: munmap(0x801600000,483328)<-----><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/dev/ipl",O_RDONLY,00)<> = 3 (0x3)
42022: ioctl(3,SIOCGETFS,0xffffd740)<--><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/dev/ipl",O_RDWR,00)<--> = 4 (0x4)
42022: ioctl(4,SIOCFRZST,0xffffe3d0)<--><------> = 0 (0x0)


42022: fstat(1,{ mode=crw--w---- ,inode=102,size=0,blksize=4096 }) = 0 (0x0)
42022: mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34382807040 (0x801600000)
42022: ioctl(1,TIOCGETA,0xffffd800)<---><------> = 0 (0x0)
42022: write(1,"bad packets:\t\tin 0\tout 0\n",25) = 25 (0x19)
42022: write(1," input packets:\t\tblocked 0 pas"...,66) = 66 (0x42)
42022: write(1,"output packets:\t\tblocked 0 pas"...,64) = 64 (0x40)
42022: write(1," input packets logged:\tblocked "...,42) = 42 (0x2a)
42022: write(1,"output packets logged:\tblocked "...,42) = 42 (0x2a)
42022: ioctl(3,SIOCGETFS,0xffffdda0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCIPFFL,0xffffe430)<--><------> = 0 (0x0)
42022: ioctl(3,SIOCGETFS,0xffffdda0)<--><------> = 0 (0x0)
42022: __sysctl(0x7fffffffe3e0,0x2,0x640860,0x7fffffffe3d8,0x0,0x0) = 0 (0x0)
42022: open("/etc/ipf.rules",O_RDONLY,0666)<---> = 5 (0x5)
42022: fstat(5,{ mode=-rw-r--r-- ,inode=54012707,size=21236,blksize=32768 }) = 0 (0x0)
42022: read(5,"#ipfstat -in\n# /sbin/ipf -Fa -f"...,32768) = 21236 (0x52f4)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/nsswitch.conf",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: ioctl(6,TIOCGETA,0xffffd3f0)<---><------> ERR#25 'Inappropriate ioctl for device'
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# nsswitch.conf(5) - name ser"...,32768) = 336 (0x150)
42022: read(6,0x80167ad80,32768)<------><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: access("/lib/nss_compat.so.1",F_OK)<----> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_compat.so.1",F_OK)<> ERR#2 'No such file or directory'
42022: access("/usr/lib/compat/nss_compat.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/nss_compat.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/perl5/5.24/mach/CORE/nss_compat.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/llvm39/lib/nss_compat.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/lib/casper/nss_compat.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/lib/nss_compat.so.1",F_OK)<----> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_compat.so.1",F_OK)<> ERR#2 'No such file or directory'
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: access("/lib/nss_nis.so.1",F_OK)><------> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_nis.so.1",F_OK)<---> ERR#2 'No such file or directory'
42022: access("/usr/lib/compat/nss_nis.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/nss_nis.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/perl5/5.24/mach/CORE/nss_nis.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/llvm39/lib/nss_nis.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/lib/casper/nss_nis.so.1",F_OK)<> ERR#2 'No such file or directory'
42022: access("/lib/nss_nis.so.1",F_OK)><------> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_nis.so.1",F_OK)<---> ERR#2 'No such file or directory'


42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: access("/lib/nss_files.so.1",F_OK)<-----> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_files.so.1",F_OK)<-> ERR#2 'No such file or directory'
42022: access("/usr/lib/compat/nss_files.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/nss_files.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/perl5/5.24/mach/CORE/nss_files.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/llvm39/lib/nss_files.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/lib/casper/nss_files.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/lib/nss_files.so.1",F_OK)<-----> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_files.so.1",F_OK)<-> ERR#2 'No such file or directory'
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: access("/lib/nss_dns.so.1",F_OK)><------> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_dns.so.1",F_OK)<---> ERR#2 'No such file or directory'
42022: access("/usr/lib/compat/nss_dns.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/nss_dns.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/perl5/5.24/mach/CORE/nss_dns.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/llvm39/lib/nss_dns.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/lib/casper/nss_dns.so.1",F_OK)<> ERR#2 'No such file or directory'
42022: access("/lib/nss_dns.so.1",F_OK)><------> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_dns.so.1",F_OK)<---> ERR#2 'No such file or directory'
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: ioctl(6,TIOCGETA,0xffffd3c0)<---><------> ERR#25 'Inappropriate ioctl for device'
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)


42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)


42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)



42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/services",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012316,size=86244,blksize=32768 }) = 0 (0x0)
42022: lseek(6,0x0,SEEK_CUR)<--><------><------> = 0 (0x0)
42022: lseek(6,0x0,SEEK_SET)<--><------><------> = 0 (0x0)
42022: read(6,"#\n# Network services, Internet "...,32768) = 32768 (0x8000)
42022: read(6,"s\nnetwall\t\t533/udp\t   #for e"...,32768) = 32768 (0x8000)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)


42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/services",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012316,size=86244,blksize=32768 }) = 0 (0x0)
42022: lseek(6,0x0,SEEK_CUR)<--><------><------> = 0 (0x0)
42022: lseek(6,0x0,SEEK_SET)<--><------><------> = 0 (0x0)
42022: read(6,"#\n# Network services, Internet "...,32768) = 32768 (0x8000)
42022: read(6,"s\nnetwall\t\t533/udp\t   #for e"...,32768) = 32768 (0x8000)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)



42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/services",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012316,size=86244,blksize=32768 }) = 0 (0x0)
42022: lseek(6,0x0,SEEK_CUR)<--><------><------> = 0 (0x0)
42022: lseek(6,0x0,SEEK_SET)<--><------><------> = 0 (0x0)
42022: read(6,"#\n# Network services, Internet "...,32768) = 32768 (0x8000)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)


42022: open("/etc/services",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012316,size=86244,blksize=32768 }) = 0 (0x0)
42022: lseek(6,0x0,SEEK_CUR)<--><------><------> = 0 (0x0)
42022: lseek(6,0x0,SEEK_SET)<--><------><------> = 0 (0x0)
42022: read(6,"#\n# Network services, Internet "...,32768) = 32768 (0x8000)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/services",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012316,size=86244,blksize=32768 }) = 0 (0x0)
42022: lseek(6,0x0,SEEK_CUR)<--><------><------> = 0 (0x0)
42022: lseek(6,0x0,SEEK_SET)<--><------><------> = 0 (0x0)
42022: read(6,"#\n# Network services, Internet "...,32768) = 32768 (0x8000)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/services",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012316,size=86244,blksize=32768 }) = 0 (0x0)
42022: lseek(6,0x0,SEEK_CUR)<--><------><------> = 0 (0x0)
42022: lseek(6,0x0,SEEK_SET)<--><------><------> = 0 (0x0)
42022: read(6,"#\n# Network services, Internet "...,32768) = 32768 (0x8000)
42022: close(6)><------><------><------><------> = 0 (0x0)

Comment 8 Aleks 2017-06-17 18:52:10 UTC

Created attachment 183579 [details]
ipf

Comment 9 Cy Schubert freebsd_committer

2017-06-17 19:39:18 UTC

Your outputs look normal.

Can  you do ipfstat -ion please?

Comment 10 Cy Schubert freebsd_committer

2017-07-28 02:00:44 UTC

Ping.

Comment 11 Aleks 2017-07-28 07:53:29 UTC

(In reply to Cy Schubert from comment #9)


The answer has already been given above


Here I do not understand ??

May 26 07:37:49 1zahid sshd[44192]: Received disconnect from 116.31.116.49 port 31692:11:  [preauth]
May 26 07:37:49 1zahid sshd[44192]: Disconnected from 116.31.116.49 port 31692 [preauth]
May 26 07:42:17 1zahid sshd[44210]: Received disconnect from 121.18.238.119 port 38467:11:  [preauth]
May 26 07:42:17 1zahid sshd[44210]: Disconnected from 121.18.238.119 port 38467 [preauth]
May 26 07:42:54 1zahid sshd[44208]: Received disconnect from 116.31.116.49 port 37294:11:  [preauth]
May 26 07:42:54 1zahid sshd[44208]: Disconnected from 116.31.116.49 port 37294 [preauth]
May 26 07:50:08 1zahid sshd[44238]: Received disconnect from 116.31.116.49 port 22691:11:  [preauth]
May 26 07:50:08 1zahid sshd[44238]: Disconnected from 116.31.116.49 port 22691 [preauth]
May 26 07:51:37 1zahid sshd[44254]: Received disconnect from 116.31.116.49 port 64003:11:  [preauth]
May 26 07:51:37 1zahid sshd[44254]: Disconnected from 116.31.116.49 port 64003 [preauth]
May 26 07:57:55 1zahid sshd[44284]: reverse mapping checking getaddrinfo for 5-143-3-48.dynamic.primorye.net.ru [5.143.3.48] failed - POSSIBLE BREAK-IN ATTEMPT! [preauth]
May 26 07:57:55 1zahid sshd[44284]: reverse mapping checking getaddrinfo for 5-143-3-48.dynamic.primorye.net.ru [5.143.3.48] failed - POSSIBLE BREAK-IN ATTEMPT!
May 26 07:57:56 1zahid sshd[44284]: error: maximum authentication attempts exceeded for root from 5.143.3.48 port 46017 ssh2 [preauth]
May 26 07:57:56 1zahid sshd[44284]: Disconnecting: Too many authentication failures [preauth]
May 26 07:58:05 1zahid sshd[44282]: Received disconnect from 116.31.116.49 port 19066:11:  [preauth]
May 26 07:58:05 1zahid sshd[44282]: Disconnected from 116.31.116.49 port 19066 [preauth]
May 26 08:02:47 1zahid sshd[44315]: error: maximum authentication attempts exceeded for root from 159.226.231.12 port 36130 ssh2 [preauth]
May 26 08:02:47 1zahid sshd[44315]: Disconnecting: Too many authentication failures [preauth]
May 26 08:05:28 1zahid sshd[44317]: Received disconnect from 116.31.116.49 port 39513:11:  [preauth]
May 26 08:05:28 1zahid sshd[44317]: Disconnected from 116.31.116.49 port 39513 [preauth]
May 26 08:07:59 1zahid sshd[44333]: Received disconnect from 221.194.47.236 port 60715:11:  [preauth]
May 26 08:07:59 1zahid sshd[44333]: Disconnected from 221.194.47.236 port 60715 [preauth]
May 26 08:09:29 1zahid sshd[44335]: Received disconnect from 121.18.238.106 port 45025:11:  [preauth]
May 26 08:09:29 1zahid sshd[44335]: Disconnected from 121.18.238.106 port 45025 [preauth]
May 26 08:10:52 1zahid sshd[44351]: Received disconnect from 59.45.175.66 port 35386:11:  [preauth]
May 26 08:10:52 1zahid sshd[44351]: Disconnected from 59.45.175.66 port 35386 [preauth]
May 26 08:12:56 1zahid sshd[44367]: fatal: Unable to negotiate with 199.180.115.54 port 60064: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
May 26 08:13:22 1zahid sshd[44365]: Received disconnect from 116.31.116.49 port 15202:11:  [preauth]
May 26 08:13:22 1zahid sshd[44365]: Disconnected from 116.31.116.49 port 15202 [preauth]
May 26 08:18:37 1zahid sshd[44383]: Invalid user 0 from 91.197.232.109
May 26 08:18:37 1zahid sshd[44383]: input_userauth_request: invalid user 0 [preauth]
May 26 08:18:37 1zahid sshd[44383]: Connection closed by 91.197.232.109 port 53489 [preauth]
May 26 08:21:41 1zahid sshd[44399]: error: maximum authentication attempts exceeded for root from 71.202.166.141 port 55728 ssh2 [preauth]
May 26 08:21:41 1zahid sshd[44399]: Disconnecting: Too many authentication failures [preauth]
May 26 08:32:49 1zahid sshd[44441]: Received disconnect from 58.57.65.111 port 28595:11:  [preauth]
May 26 08:32:49 1zahid sshd[44441]: Disconnected from 58.57.65.111 port 28595 [preauth]
May 26 08:33:13 1zahid sshd[44455]: Received disconnect from 116.31.116.9 port 61067:11:  [preauth]
May 26 08:33:13 1zahid sshd[44455]: Disconnected from 116.31.116.9 port 61067 [preauth]
May 26 08:34:36 1zahid sshd[44457]: Received disconnect from 221.194.44.212 port 38861:11:  [preauth]
May 26 08:34:36 1zahid sshd[44457]: Disconnected from 221.194.44.212 port 38861 [preauth]
May 26 08:47:46 1zahid sshd[44513]: Received disconnect from 59.45.175.86 port 44622:11:  [preauth]
May 26 08:47:46 1zahid sshd[44513]: Disconnected from 59.45.175.86 port 44622 [preauth]
May 26 09:05:12 1zahid sshd[44598]: error: maximum authentication attempts exceeded for root from 176.209.199.109 port 44863 ssh2 [preauth]
May 26 09:05:12 1zahid sshd[44598]: Disconnecting: Too many authentication failures [preauth]
May 26 09:13:42 1zahid sshd[44626]: Received disconnect from 121.18.238.119 port 35512:11:  [preauth]
May 26 09:13:42 1zahid sshd[44626]: Disconnected from 121.18.238.119 port 35512 [preauth]


Here I do not understand ??
sshd     port 35512:11  35512 38861 53489 ????



19/5000
seychas ne nablyudayu
Now do not watch

Comment 12 Aleks 2017-07-28 07:53:56 UTC

(In reply to Cy Schubert from comment #10)

OPEN

Comment 13 Aleks 2017-07-28 07:57:22 UTC

 sysctl kern.securelevel
kern.securelevel: 1


root@1zad:/etc#
root@1zad:/etc# /sbin/ipf -Fa -f /etc/ipf.rules
root@1zad:/etc#

Comment 14 Cy Schubert freebsd_committer

2017-07-28 15:35:55 UTC

In comment 9 I asked for, ipfstat -ion, please. Comment #5 is only a partial list of rules. I need to see the full list. If you're afraid to list them here you can send them to me directly.

BTW. I did test locally (see comment #1) on my production firewall box. No problems. The issue must be in your config somewhere.

Comment 15 Aleks 2017-11-19 11:13:59 UTC

(In reply to Cy Schubert from comment #14)


 sysctl kern.securelevel
kern.securelevel: 1

на другой машине другой сервер  freebsd 11 история повторилась уже на php

sysctl kern.securelevel
kern.securelevel: 1

on another machine another server freebsd 11 the story was repeated already on php

Comment 16 Cy Schubert freebsd_committer

2021-02-23 03:47:47 UTC

Unable to reproduce this problem on 14-CURRENT.

Comment 17 Aleks 2021-02-23 09:52:37 UTC

rc.local
/sbin/ipf -T nat_maxbucket=4095


ip_nat.sh


#ifndef NAT_SIZE
# ifdef LARGE_NAT
//#  define<--->NAT_SIZE<------>2047
#  define<----->NAT_SIZE<------>4095
# else
//#  define<--->NAT_SIZE<------>127
#  define<----->NAT_SIZE<------>4095
# endif
#endif
#ifndef RDR_SIZE
# ifdef LARGE_NAT
//#  define<--->RDR_SIZE<------>2047
#  define<----->RDR_SIZE<------>4095
# else
//#  define<--->RDR_SIZE<------>127
#  define<----->RDR_SIZE<------>4095
# endif
#endif
#ifndef HOSTMAP_SIZE
# ifdef LARGE_NAT
//#  define<--->HOSTMAP_SIZE<-->8191
#  define<----->HOSTMAP_SIZE<-->16383
# else
//#  define<--->HOSTMAP_SIZE<-->2047
#  define<----->HOSTMAP_SIZE<-->16383
# endif
#endif
#ifndef NAT_TABLE_MAX


/*
 * This is newly introduced and for the sake of "l
 * present aren't what we'd normally use for creat
 */
# ifdef>LARGE_NAT
//#  define<--->NAT_TABLE_MAX<->18000
#  define<----->NAT_TABLE_MAX<->1000000
# else
//#  define<--->NAT_TABLE_MAX<->30000
#  define<----->NAT_TABLE_MAX<->1000000
# endif
#endif
#ifndef NAT_TABLE_SZ
# ifdef LARGE_NAT
//#  define<--->NAT_TABLE_SZ<-->16383
#  define<----->NAT_TABLE_SZ<-->32767
# else
//#  define<--->NAT_TABLE_SZ<-->2047
#  define<----->NAT_TABLE_SZ<-->32767
# endif
#endif
#ifndef>APR_LABELLEN
#define>APR_LABELLEN<-->16
#endif
#define>NAT_HW_CKSUM<--><------>0x80000000
#define>NAT_HW_CKSUM_PART<----->0x40000000

Comment 18 Cy Schubert freebsd_committer

2021-02-23 14:33:51 UTC

I don't see how LARGE_NAT has anything to do with this.