[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Denying connections from 255.255.255.255
From: |
Arnold Troeger |
Subject: |
Re: Denying connections from 255.255.255.255 |
Date: |
Tue, 16 Sep 2003 08:18:07 +0700 |
User-agent: |
Mozilla/5.0 (X11; U; IRIX64 IP30; en-US; rv:1.4a) Gecko/20030410 |
Anthony Veale wrote:
Hello,
I'm trying to set up cfengine version 2 for the first time. I used to
use version 1 several years ago, so I'm effectively a newbie again.
The problem that I am having is with getting a remote copy to
function.
The server logs a message like:
cfservd: Denying connection from non-authorized IP 255.255.255.255
I have no idea why the client would be identifying itself with the
global broadcast address. That just seems bizarre.
The server and clients involved are:
Server: IRIX 6.5, cfengine 2.0.8, db 4.1.25, openssl 0.9.7b
Note: cfengine, db and openssl compiled by hand
Client: Linux, SuSE 8.2, cfengine 2.0.3, db 4.0.14, openssl 0.8.6i
Note: cfengine, db, openssl all from the SuSE distribution, with
any patches supplied by SuSE.
What compiler did you use to compile cfengine on the SGI? If it was gcc, try
using the MIPSpro compilers instead. There's this note about mips and IRIX 6 in
the gcc docs
GCC does not correctly pass/return structures which are smaller than
16 bytes and which are not 8 bytes. The problem is very involved and
difficult to fix. It affects a number of other targets also, but IRIX
6 is affected the most, because it is a 64-bit target, and 4 byte
structures are common. The exact problem is that structures are being
padded at the wrong end, e.g. a 4 byte structure is loaded into the
lower 4 bytes of the register when it should be loaded into the upper
4 bytes of the register.
GCC is consistent with itself, but not consistent with the SGI C
compiler (and the SGI supplied runtime libraries), so the only
failures that can happen are when there are library functions that
take/return such structures. There are very few such library
functions. Currently this is known to affect inet_ntoa, inet_lnaof,
inet_netof, inet_makeaddr, and semctl. Until the bug is fixed, GCC
contains workarounds for the known affected functions.
I've had this problem too, both with cfengine and OpenSSH. Recompiling with the
mipspro compiler works fine.
--
Arnold Troeger Unocal Thailand
Phone: 011-66-2-545-5456 5th Floor, Tower 3, SCB Park Plaza
FAX: 011-66-2-545-5374 19 Ratchadapisek Road, Chatuchak
Email: Arnold.Troeger@bkk.unocal.com Bangkok 10900, Thailand
------------------------------------------------------------------------