Bug 219919 - kern_securelevel=1 stops ipf from running
Summary: kern_securelevel=1 stops ipf from running
Status: Closed Overcome By Events
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 11.0-STABLE
Hardware: Any Any
: --- Affects Only Me
Assignee: Cy Schubert
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-11 07:50 UTC by Aleks
Modified: 2021-02-23 14:33 UTC (History)
2 users (show)

See Also:


Attachments
ipf (107.79 KB, text/plain)
2017-06-17 18:52 UTC, Aleks
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Aleks 2017-06-11 07:50:53 UTC
rc.conf

kern_securelevel_enable="YES"
kern_securelevel=1

ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
#+ipfilter_flags="-D -T ipf_nattable_sz=10009,ipf_nattable_max=300000 -E"


ipf ===== Does not start

open device: No such file or directory
User/kernel version check failed

Glogs firewall does not protect.
How do other firewalls behold themselves.
Comment 1 Cy Schubert freebsd_committer 2017-06-13 00:53:24 UTC
Can you do ls -l /dev/ipl please?

Can you send me truss -f output from the ipf commend?

I am not able to reproduce the problem on a recent -CURRENT. In the mean time I will update my stable/11 partitions and VMs on my testbed to try to duplicate the problem there.

Another two things to try (after sending me truss outputs and ls -l /dev/ipl listsings) is service ipfilter stop and service ipfilter start. What do you get?

Also try ipf -y.

Do ls -l /dev/ipl before and after each of the above tests.
Comment 2 Cy Schubert freebsd_committer 2017-06-13 01:37:54 UTC
More questions:

Can you provide kldstat otuput?

Depending on output I may have more questions.
Comment 3 Aleks 2017-06-15 19:27:06 UTC
(In reply to Cy Schubert from comment #1)


:/usr/home/siuchin # ls -l /dev/ipl
crw-------  1 root  wheel  0x55 May 26 09:34 /dev/ipl

:/etc# sysctl kern.securelevel
kern.securelevel: 1
Comment 4 Aleks 2017-06-15 19:32:38 UTC
(In reply to Cy Schubert from comment #2)

pr 16 18:53:40 sshd[1186]: input_userauth_request: invalid user 1111 [preauth]
Apr 16 18:53:40 sshd[1186]: Connection closed by 31.207.47.55 port 47415 [preauth]
Apr 16 18:53:40 sshd[1188]: Connection closed by 31.207.47.55 port 55059 [preauth]
Apr 16 18:53:41 sshd[1190]: Invalid user 1234 from 31.207.47.55
Apr 16 18:53:41 sshd[1190]: input_userauth_request: invalid user 1234 [preauth]
Apr 16 18:53:41 sshd[1190]: Connection closed by 31.207.47.55 port 59676 [preauth]
Apr 16 18:53:41 sshd[1192]: Invalid user admin from 31.207.47.55
Apr 16 18:53:41 sshd[1192]: input_userauth_request: invalid user admin [preauth]
Apr 16 18:53:41 sshd[1192]: Connection closed by 31.207.47.55 port 40951 [preauth]
Apr 16 18:53:42 sshd[1194]: Invalid user admin from 31.207.47.55
Apr 16 18:53:42  sshd[1194]: input_userauth_request: invalid user admin [preauth]
Apr 16 18:53:42  sshd[1194]: Connection closed by 31.207.47.55 port 52849 [preauth]
Comment 5 Aleks 2017-06-15 19:35:17 UTC
@31 pass in quick inet proto tcp from 93.178.244.20/32 to any port = ssh group 1
@32 pass in quick inet proto tcp from 178.136.237.162/32 to any port = ssh group 1
@33 pass in quick inet proto tcp from 178.136.237.176/32 to any port = ssh group 1
@34 pass in quick inet proto tcp from 77.87.154.174/32 to any port = ssh group 1
@35 pass in quick inet proto tcp from 93.178.246.160/32 to any port = ssh group 1
@36 pass in quick inet proto tcp from 93.178.215.29/32 to any port = ssh group 1
@37 pass in quick inet proto tcp from 194.44.221.175/32 to any port = ssh group 1



*******

@85 pass in quick inet proto igmp from 224.0.0.0/4 to any group 1
@86 pass in quick inet proto igmp from any to 224.0.0.0/4 group 1
@87 pass in quick inet proto igmp from 240.0.0.0/4 to any group 1
@88 pass in quick inet proto igmp from any to 240.0.0.0/4 group 1
@89 block in log quick all group 1
Comment 6 Cy Schubert freebsd_committer 2017-06-16 01:18:06 UTC
(In reply to Aleks from comment #4)

This is not kldstat outpout.

Can you post output of kldstat please?

Can you send me truss -f output from the ipf commend?

You can do this by:

truss -f -o ipf.out ipf -ZFa -f /etc/rules.conf

Attach the file to this PR.
Comment 7 Aleks 2017-06-17 18:48:11 UTC
(In reply to Cy Schubert from comment #6)

bad packets:            in 0    out 0
 input packets:         blocked 1884048 passed 1305139262 nomatch 56 counted 0
output packets:         blocked 0 passed 227718525 nomatch 227717896 counted 0
 input packets logged:  blocked 1864634 passed 0
output packets logged:  blocked 0 passed 0
fopen(/etc/rules.conf) failed: No such file or directory


truss -f -o ipf.out ipf -ZFa -f /etc/ipf.rules

 input packets:         blocked 0 passed 110987 nomatch 110974 counted 0
output packets:         blocked 0 passed 19942 nomatch 19942 counted 0
 input packets logged:  blocked 0 passed 0
output packets logged:  blocked 0 passed 0

42022: mmap(0x0,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366361600 (0x800651000)
42022: issetugid()<----><------><------><------> = 0 (0x0)
42022: lstat("/etc",{ mode=drwxr-xr-x ,inode=54012288,size=2560,blksize=32768 }) = 0 (0x0)
42022: lstat("/etc/libmap.conf",{ mode=-rw-r--r-- ,inode=54012383,size=107,blksize=32768 }) = 0 (0x0)
42022: openat(AT_FDCWD,"/etc/libmap.conf",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
42022: fstat(3,{ mode=-rw-r--r-- ,inode=54012383,size=107,blksize=32768 }) = 0 (0x0)
42022: mmap(0x0,107,PROT_READ,MAP_PRIVATE,3,0x0) = 34366394368 (0x800659000)
42022: close(3)><------><------><------><------> = 0 (0x0)
42022: lstat("/usr",{ mode=drwxr-xr-x ,inode=61957632,size=512,blksize=32768 }) = 0 (0x0)
42022: lstat("/usr/local",{ mode=drwxr-xr-x ,inode=62037896,size=512,blksize=32768 }) = 0 (0x0)
42022: lstat("/usr/local/etc",{ mode=drwxr-xr-x ,inode=62680266,size=1024,blksize=32768 }) = 0 (0x0)
42022: lstat("/usr/local/etc/libmap.d",0x7fffffffcae8) ERR#2 'No such file or directory'
42022: munmap(0x800659000,107)<><------><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
42022: read(3,"Ehnt\^A\0\0\0\M^@\0\0\0g\0\0\0\0"...,128) = 128 (0x80)
42022: fstat(3,{ mode=-r--r--r-- ,inode=23461988,size=231,blksize=32768 }) = 0 (0x0)
42022: lseek(3,0x80,SEEK_SET)<-><------><------> = 128 (0x80)
42022: read(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,103) = 103 (0x67)
42022: close(3)><------><------><------><------> = 0 (0x0)
42022: access("/lib/libpcap.so.8",F_OK)><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/lib/libpcap.so.8",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
42022: fstat(3,{ mode=-r--r--r-- ,inode=1444634,size=308872,blksize=32768 }) = 0 (0x0)
42022: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366394368 (0x800659000)
42022: mmap(0x0,2408448,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34368462848 (0x800852000)
42022: mmap(0x800852000,303104,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34368462848 (0x800852000)
42022: mmap(0x800a9b000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x49000) = 34370859008 (0x800a9b000)
42022: mmap(0x800a9d000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34370867200 (0x800a9d000)
42022: munmap(0x800659000,4096)><------><------> = 0 (0x0)
42022: close(3)><------><------><------><------> = 0 (0x0)
42022: access("/lib/libkvm.so.7",F_OK)<><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/lib/libkvm.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
42022: fstat(3,{ mode=-r--r--r-- ,inode=1444612,size=60712,blksize=32768 }) = 0 (0x0)
42022: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366394368 (0x800659000)
42022: mmap(0x0,2154496,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34370871296 (0x800a9e000)
42022: mmap(0x800a9e000,57344,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34370871296 (0x800a9e000)
42022: mmap(0x800cab000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xd000) = 34373021696 (0x800cab000)
42022: munmap(0x800659000,4096)><------><------> = 0 (0x0)
42022: close(3)><------><------><------><------> = 0 (0x0)
42022: access("/lib/libc.so.7",F_OK)<--><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
42022: fstat(3,{ mode=-r--r--r-- ,inode=1444651,size=1744352,blksize=32768 }) = 0 (0x0)
42022: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366394368 (0x800659000)
42022: mmap(0x0,3883008,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34373025792 (0x800cac000)


42022: mmap(0x800cac000,1634304,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34373025792 (0x800cac000)
42022: mmap(0x80103a000,53248,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x18e000) = 34376753152 (0x80103a000)
42022: mmap(0x801047000,102400,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34376806400 (0x801047000)
42022: munmap(0x800659000,4096)><------><------> = 0 (0x0)
42022: close(3)><------><------><------><------> = 0 (0x0)
42022: access("/lib/libelf.so.2",F_OK)<><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/lib/libelf.so.2",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
42022: fstat(3,{ mode=-r--r--r-- ,inode=1444657,size=98136,blksize=32768 }) = 0 (0x0)
42022: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366394368 (0x800659000)
42022: mmap(0x0,2191360,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34376908800 (0x801060000)
42022: mmap(0x801060000,94208,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34376908800 (0x801060000)
42022: mmap(0x801276000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x16000) = 34379096064 (0x801276000)
42022: munmap(0x800659000,4096)><------><------> = 0 (0x0)
42022: close(3)><------><------><------><------> = 0 (0x0)
42022: mmap(0x0,40960,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366394368 (0x800659000)
42022: munmap(0x80065c000,28672)<------><------> = 0 (0x0)
42022: mmap(0x0,102400,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366406656 (0x80065c000)
42022: sysarch(AMD64_SET_FSBASE,0x7fffffffe4b8)> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: readlink("/etc/malloc.conf",0x7fffffffdbb0,1024) ERR#2 'No such file or directory'
42022: issetugid()<----><------><------><------> = 0 (0x0)
42022: __sysctl(0x7fffffffda50,0x2,0x7fffffffdaa0,0x7fffffffda98,0x800e0a51f,0xd) = 0 (0x0)
42022: __sysctl(0x7fffffffdaa0,0x2,0x7fffffffdb64,0x7fffffffdb58,0x0,0x0) = 0 (0x0)
42022: mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34379100160 (0x801277000)
42022: munmap(0x801277000,2097152)<----><------> = 0 (0x0)
42022: mmap(0x0,4190208,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34379100160 (0x801277000)
42022: munmap(0x801277000,1609728)<----><------> = 0 (0x0)
42022: munmap(0x801600000,483328)<-----><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/dev/ipl",O_RDONLY,00)<> = 3 (0x3)
42022: ioctl(3,SIOCGETFS,0xffffd740)<--><------> = 0 (0x0)
42022: openat(AT_FDCWD,"/dev/ipl",O_RDWR,00)<--> = 4 (0x4)
42022: ioctl(4,SIOCFRZST,0xffffe3d0)<--><------> = 0 (0x0)


42022: fstat(1,{ mode=crw--w---- ,inode=102,size=0,blksize=4096 }) = 0 (0x0)
42022: mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34382807040 (0x801600000)
42022: ioctl(1,TIOCGETA,0xffffd800)<---><------> = 0 (0x0)
42022: write(1,"bad packets:\t\tin 0\tout 0\n",25) = 25 (0x19)
42022: write(1," input packets:\t\tblocked 0 pas"...,66) = 66 (0x42)
42022: write(1,"output packets:\t\tblocked 0 pas"...,64) = 64 (0x40)
42022: write(1," input packets logged:\tblocked "...,42) = 42 (0x2a)
42022: write(1,"output packets logged:\tblocked "...,42) = 42 (0x2a)
42022: ioctl(3,SIOCGETFS,0xffffdda0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCIPFFL,0xffffe430)<--><------> = 0 (0x0)
42022: ioctl(3,SIOCGETFS,0xffffdda0)<--><------> = 0 (0x0)
42022: __sysctl(0x7fffffffe3e0,0x2,0x640860,0x7fffffffe3d8,0x0,0x0) = 0 (0x0)
42022: open("/etc/ipf.rules",O_RDONLY,0666)<---> = 5 (0x5)
42022: fstat(5,{ mode=-rw-r--r-- ,inode=54012707,size=21236,blksize=32768 }) = 0 (0x0)
42022: read(5,"#ipfstat -in\n# /sbin/ipf -Fa -f"...,32768) = 21236 (0x52f4)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/nsswitch.conf",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: ioctl(6,TIOCGETA,0xffffd3f0)<---><------> ERR#25 'Inappropriate ioctl for device'
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# nsswitch.conf(5) - name ser"...,32768) = 336 (0x150)
42022: read(6,0x80167ad80,32768)<------><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: access("/lib/nss_compat.so.1",F_OK)<----> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_compat.so.1",F_OK)<> ERR#2 'No such file or directory'
42022: access("/usr/lib/compat/nss_compat.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/nss_compat.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/perl5/5.24/mach/CORE/nss_compat.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/llvm39/lib/nss_compat.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/lib/casper/nss_compat.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/lib/nss_compat.so.1",F_OK)<----> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_compat.so.1",F_OK)<> ERR#2 'No such file or directory'
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: access("/lib/nss_nis.so.1",F_OK)><------> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_nis.so.1",F_OK)<---> ERR#2 'No such file or directory'
42022: access("/usr/lib/compat/nss_nis.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/nss_nis.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/perl5/5.24/mach/CORE/nss_nis.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/llvm39/lib/nss_nis.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/lib/casper/nss_nis.so.1",F_OK)<> ERR#2 'No such file or directory'
42022: access("/lib/nss_nis.so.1",F_OK)><------> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_nis.so.1",F_OK)<---> ERR#2 'No such file or directory'


42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: access("/lib/nss_files.so.1",F_OK)<-----> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_files.so.1",F_OK)<-> ERR#2 'No such file or directory'
42022: access("/usr/lib/compat/nss_files.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/nss_files.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/perl5/5.24/mach/CORE/nss_files.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/llvm39/lib/nss_files.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/lib/casper/nss_files.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/lib/nss_files.so.1",F_OK)<-----> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_files.so.1",F_OK)<-> ERR#2 'No such file or directory'
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: access("/lib/nss_dns.so.1",F_OK)><------> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_dns.so.1",F_OK)<---> ERR#2 'No such file or directory'
42022: access("/usr/lib/compat/nss_dns.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/nss_dns.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/lib/perl5/5.24/mach/CORE/nss_dns.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/usr/local/llvm39/lib/nss_dns.so.1",F_OK) ERR#2 'No such file or directory'
42022: access("/lib/casper/nss_dns.so.1",F_OK)<> ERR#2 'No such file or directory'
42022: access("/lib/nss_dns.so.1",F_OK)><------> ERR#2 'No such file or directory'
42022: access("/usr/lib/nss_dns.so.1",F_OK)<---> ERR#2 'No such file or directory'
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: ioctl(6,TIOCGETA,0xffffd3c0)<---><------> ERR#25 'Inappropriate ioctl for device'
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIG
42022: sigprocmask(SIG_SETMASK,{ },0x0)><------> = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)


42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)


42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)



42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/services",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012316,size=86244,blksize=32768 }) = 0 (0x0)
42022: lseek(6,0x0,SEEK_CUR)<--><------><------> = 0 (0x0)
42022: lseek(6,0x0,SEEK_SET)<--><------><------> = 0 (0x0)
42022: read(6,"#\n# Network services, Internet "...,32768) = 32768 (0x8000)
42022: read(6,"s\nnetwall\t\t533/udp\t   #for e"...,32768) = 32768 (0x8000)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)


42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/services",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012316,size=86244,blksize=32768 }) = 0 (0x0)
42022: lseek(6,0x0,SEEK_CUR)<--><------><------> = 0 (0x0)
42022: lseek(6,0x0,SEEK_SET)<--><------><------> = 0 (0x0)
42022: read(6,"#\n# Network services, Internet "...,32768) = 32768 (0x8000)
42022: read(6,"s\nnetwall\t\t533/udp\t   #for e"...,32768) = 32768 (0x8000)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)



42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/services",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012316,size=86244,blksize=32768 }) = 0 (0x0)
42022: lseek(6,0x0,SEEK_CUR)<--><------><------> = 0 (0x0)
42022: lseek(6,0x0,SEEK_SET)<--><------><------> = 0 (0x0)
42022: read(6,"#\n# Network services, Internet "...,32768) = 32768 (0x8000)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)


42022: open("/etc/services",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012316,size=86244,blksize=32768 }) = 0 (0x0)
42022: lseek(6,0x0,SEEK_CUR)<--><------><------> = 0 (0x0)
42022: lseek(6,0x0,SEEK_SET)<--><------><------> = 0 (0x0)
42022: read(6,"#\n# Network services, Internet "...,32768) = 32768 (0x8000)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/services",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012316,size=86244,blksize=32768 }) = 0 (0x0)
42022: lseek(6,0x0,SEEK_CUR)<--><------><------> = 0 (0x0)
42022: lseek(6,0x0,SEEK_SET)<--><------><------> = 0 (0x0)
42022: read(6,"#\n# Network services, Internet "...,32768) = 32768 (0x8000)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: ioctl(4,SIOCADAFR,0xffffd6e0)<--><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/protocols",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012342,size=6452,blksize=32768 }) = 0 (0x0)
42022: read(6,"#\n# Internet protocols\n#\n# $F"...,32768) = 6452 (0x1934)
42022: close(6)><------><------><------><------> = 0 (0x0)
42022: stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=54012348,size=336,blksize=32768 }) = 0 (0x0)
42022: open("/etc/services",O_RDONLY|O_CLOEXEC,0666) = 6 (0x6)
42022: fstat(6,{ mode=-rw-r--r-- ,inode=54012316,size=86244,blksize=32768 }) = 0 (0x0)
42022: lseek(6,0x0,SEEK_CUR)<--><------><------> = 0 (0x0)
42022: lseek(6,0x0,SEEK_SET)<--><------><------> = 0 (0x0)
42022: read(6,"#\n# Network services, Internet "...,32768) = 32768 (0x8000)
42022: close(6)><------><------><------><------> = 0 (0x0)
Comment 8 Aleks 2017-06-17 18:52:10 UTC
Created attachment 183579 [details]
ipf
Comment 9 Cy Schubert freebsd_committer 2017-06-17 19:39:18 UTC
Your outputs look normal.

Can  you do ipfstat -ion please?
Comment 10 Cy Schubert freebsd_committer 2017-07-28 02:00:44 UTC
Ping.
Comment 11 Aleks 2017-07-28 07:53:29 UTC
(In reply to Cy Schubert from comment #9)


The answer has already been given above


Here I do not understand ??

May 26 07:37:49 1zahid sshd[44192]: Received disconnect from 116.31.116.49 port 31692:11:  [preauth]
May 26 07:37:49 1zahid sshd[44192]: Disconnected from 116.31.116.49 port 31692 [preauth]
May 26 07:42:17 1zahid sshd[44210]: Received disconnect from 121.18.238.119 port 38467:11:  [preauth]
May 26 07:42:17 1zahid sshd[44210]: Disconnected from 121.18.238.119 port 38467 [preauth]
May 26 07:42:54 1zahid sshd[44208]: Received disconnect from 116.31.116.49 port 37294:11:  [preauth]
May 26 07:42:54 1zahid sshd[44208]: Disconnected from 116.31.116.49 port 37294 [preauth]
May 26 07:50:08 1zahid sshd[44238]: Received disconnect from 116.31.116.49 port 22691:11:  [preauth]
May 26 07:50:08 1zahid sshd[44238]: Disconnected from 116.31.116.49 port 22691 [preauth]
May 26 07:51:37 1zahid sshd[44254]: Received disconnect from 116.31.116.49 port 64003:11:  [preauth]
May 26 07:51:37 1zahid sshd[44254]: Disconnected from 116.31.116.49 port 64003 [preauth]
May 26 07:57:55 1zahid sshd[44284]: reverse mapping checking getaddrinfo for 5-143-3-48.dynamic.primorye.net.ru [5.143.3.48] failed - POSSIBLE BREAK-IN ATTEMPT! [preauth]
May 26 07:57:55 1zahid sshd[44284]: reverse mapping checking getaddrinfo for 5-143-3-48.dynamic.primorye.net.ru [5.143.3.48] failed - POSSIBLE BREAK-IN ATTEMPT!
May 26 07:57:56 1zahid sshd[44284]: error: maximum authentication attempts exceeded for root from 5.143.3.48 port 46017 ssh2 [preauth]
May 26 07:57:56 1zahid sshd[44284]: Disconnecting: Too many authentication failures [preauth]
May 26 07:58:05 1zahid sshd[44282]: Received disconnect from 116.31.116.49 port 19066:11:  [preauth]
May 26 07:58:05 1zahid sshd[44282]: Disconnected from 116.31.116.49 port 19066 [preauth]
May 26 08:02:47 1zahid sshd[44315]: error: maximum authentication attempts exceeded for root from 159.226.231.12 port 36130 ssh2 [preauth]
May 26 08:02:47 1zahid sshd[44315]: Disconnecting: Too many authentication failures [preauth]
May 26 08:05:28 1zahid sshd[44317]: Received disconnect from 116.31.116.49 port 39513:11:  [preauth]
May 26 08:05:28 1zahid sshd[44317]: Disconnected from 116.31.116.49 port 39513 [preauth]
May 26 08:07:59 1zahid sshd[44333]: Received disconnect from 221.194.47.236 port 60715:11:  [preauth]
May 26 08:07:59 1zahid sshd[44333]: Disconnected from 221.194.47.236 port 60715 [preauth]
May 26 08:09:29 1zahid sshd[44335]: Received disconnect from 121.18.238.106 port 45025:11:  [preauth]
May 26 08:09:29 1zahid sshd[44335]: Disconnected from 121.18.238.106 port 45025 [preauth]
May 26 08:10:52 1zahid sshd[44351]: Received disconnect from 59.45.175.66 port 35386:11:  [preauth]
May 26 08:10:52 1zahid sshd[44351]: Disconnected from 59.45.175.66 port 35386 [preauth]
May 26 08:12:56 1zahid sshd[44367]: fatal: Unable to negotiate with 199.180.115.54 port 60064: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
May 26 08:13:22 1zahid sshd[44365]: Received disconnect from 116.31.116.49 port 15202:11:  [preauth]
May 26 08:13:22 1zahid sshd[44365]: Disconnected from 116.31.116.49 port 15202 [preauth]
May 26 08:18:37 1zahid sshd[44383]: Invalid user 0 from 91.197.232.109
May 26 08:18:37 1zahid sshd[44383]: input_userauth_request: invalid user 0 [preauth]
May 26 08:18:37 1zahid sshd[44383]: Connection closed by 91.197.232.109 port 53489 [preauth]
May 26 08:21:41 1zahid sshd[44399]: error: maximum authentication attempts exceeded for root from 71.202.166.141 port 55728 ssh2 [preauth]
May 26 08:21:41 1zahid sshd[44399]: Disconnecting: Too many authentication failures [preauth]
May 26 08:32:49 1zahid sshd[44441]: Received disconnect from 58.57.65.111 port 28595:11:  [preauth]
May 26 08:32:49 1zahid sshd[44441]: Disconnected from 58.57.65.111 port 28595 [preauth]
May 26 08:33:13 1zahid sshd[44455]: Received disconnect from 116.31.116.9 port 61067:11:  [preauth]
May 26 08:33:13 1zahid sshd[44455]: Disconnected from 116.31.116.9 port 61067 [preauth]
May 26 08:34:36 1zahid sshd[44457]: Received disconnect from 221.194.44.212 port 38861:11:  [preauth]
May 26 08:34:36 1zahid sshd[44457]: Disconnected from 221.194.44.212 port 38861 [preauth]
May 26 08:47:46 1zahid sshd[44513]: Received disconnect from 59.45.175.86 port 44622:11:  [preauth]
May 26 08:47:46 1zahid sshd[44513]: Disconnected from 59.45.175.86 port 44622 [preauth]
May 26 09:05:12 1zahid sshd[44598]: error: maximum authentication attempts exceeded for root from 176.209.199.109 port 44863 ssh2 [preauth]
May 26 09:05:12 1zahid sshd[44598]: Disconnecting: Too many authentication failures [preauth]
May 26 09:13:42 1zahid sshd[44626]: Received disconnect from 121.18.238.119 port 35512:11:  [preauth]
May 26 09:13:42 1zahid sshd[44626]: Disconnected from 121.18.238.119 port 35512 [preauth]


Here I do not understand ??
sshd     port 35512:11  35512 38861 53489 ????



19/5000
seychas ne nablyudayu
Now do not watch
Comment 12 Aleks 2017-07-28 07:53:56 UTC
(In reply to Cy Schubert from comment #10)

OPEN
Comment 13 Aleks 2017-07-28 07:57:22 UTC
 sysctl kern.securelevel
kern.securelevel: 1


root@1zad:/etc#
root@1zad:/etc# /sbin/ipf -Fa -f /etc/ipf.rules
root@1zad:/etc#
Comment 14 Cy Schubert freebsd_committer 2017-07-28 15:35:55 UTC
In comment 9 I asked for, ipfstat -ion, please. Comment #5 is only a partial list of rules. I need to see the full list. If you're afraid to list them here you can send them to me directly.

BTW. I did test locally (see comment #1) on my production firewall box. No problems. The issue must be in your config somewhere.
Comment 15 Aleks 2017-11-19 11:13:59 UTC
(In reply to Cy Schubert from comment #14)


 sysctl kern.securelevel
kern.securelevel: 1

на другой машине другой сервер  freebsd 11 история повторилась уже на php

sysctl kern.securelevel
kern.securelevel: 1

on another machine another server freebsd 11 the story was repeated already on php
Comment 16 Cy Schubert freebsd_committer 2021-02-23 03:47:47 UTC
Unable to reproduce this problem on 14-CURRENT.
Comment 17 Aleks 2021-02-23 09:52:37 UTC
rc.local
/sbin/ipf -T nat_maxbucket=4095


ip_nat.sh


#ifndef NAT_SIZE
# ifdef LARGE_NAT
//#  define<--->NAT_SIZE<------>2047
#  define<----->NAT_SIZE<------>4095
# else
//#  define<--->NAT_SIZE<------>127
#  define<----->NAT_SIZE<------>4095
# endif
#endif
#ifndef RDR_SIZE
# ifdef LARGE_NAT
//#  define<--->RDR_SIZE<------>2047
#  define<----->RDR_SIZE<------>4095
# else
//#  define<--->RDR_SIZE<------>127
#  define<----->RDR_SIZE<------>4095
# endif
#endif
#ifndef HOSTMAP_SIZE
# ifdef LARGE_NAT
//#  define<--->HOSTMAP_SIZE<-->8191
#  define<----->HOSTMAP_SIZE<-->16383
# else
//#  define<--->HOSTMAP_SIZE<-->2047
#  define<----->HOSTMAP_SIZE<-->16383
# endif
#endif
#ifndef NAT_TABLE_MAX


/*
 * This is newly introduced and for the sake of "l
 * present aren't what we'd normally use for creat
 */
# ifdef>LARGE_NAT
//#  define<--->NAT_TABLE_MAX<->18000
#  define<----->NAT_TABLE_MAX<->1000000
# else
//#  define<--->NAT_TABLE_MAX<->30000
#  define<----->NAT_TABLE_MAX<->1000000
# endif
#endif
#ifndef NAT_TABLE_SZ
# ifdef LARGE_NAT
//#  define<--->NAT_TABLE_SZ<-->16383
#  define<----->NAT_TABLE_SZ<-->32767
# else
//#  define<--->NAT_TABLE_SZ<-->2047
#  define<----->NAT_TABLE_SZ<-->32767
# endif
#endif
#ifndef>APR_LABELLEN
#define>APR_LABELLEN<-->16
#endif
#define>NAT_HW_CKSUM<--><------>0x80000000
#define>NAT_HW_CKSUM_PART<----->0x40000000
Comment 18 Cy Schubert freebsd_committer 2021-02-23 14:33:51 UTC
I don't see how LARGE_NAT has anything to do with this.