Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 76514 Details for
Bug 118282
net-misc/iputils-021109-r3 fails with USE="doc"
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
full emerge log
iputils_emerge.txt (text/plain), 41.45 KB, created by
Stephane Loeuillet
on 2006-01-08 05:16:32 UTC
(
hide
)
Description:
full emerge log
Filename:
MIME Type:
Creator:
Stephane Loeuillet
Created:
2006-01-08 05:16:32 UTC
Size:
41.45 KB
patch
obsolete
>Calculating dependencies >>> Unpacking source... >>>> Unpacking iputils-ss021109-try.tar.bz2 to /var/tmp/portage/iputils-021109-r3/work > [32;01m*[0m Applying iputils-021109-gcc34.patch ... >[A[150G [34;01m[ [32;01mok[34;01m ][0m > [32;01m*[0m Applying 021109-no-pfkey-search.patch ... >[A[150G [34;01m[ [32;01mok[34;01m ][0m > [32;01m*[0m Applying 021109-ipg-linux-2.6.patch ... >[A[150G [34;01m[ [32;01mok[34;01m ][0m > [32;01m*[0m Applying 021109-syserror.patch ... >[A[150G [34;01m[ [32;01mok[34;01m ][0m > [32;01m*[0m Applying 021109-uclibc-no-ether_ntohost.patch ... >[A[150G [34;01m[ [32;01mok[34;01m ][0m > [32;01m*[0m Applying iputils-021109-bindnow.patch ... >[A[150G [34;01m[ [32;01mok[34;01m ][0m > [32;01m*[0m Applying iputils-021109-linux-udp-header.patch ... >[A[150G [34;01m[ [32;01mok[34;01m ][0m >>>> Source unpacked. >>>> Compiling source in /var/tmp//portage/iputils-021109-r3/work/iputils ... >i686-pc-linux-gnu-gcc -D_GNU_SOURCE -O3 -march=athlon-xp -pipe -Wstrict-prototypes -Wall -g -Iinclude-glibc -include include-glibc/glibc-bugs.h -I../include tracepath.c -lresolv -o tracepath >i686-pc-linux-gnu-gcc -D_GNU_SOURCE -O3 -march=athlon-xp -pipe -Wstrict-prototypes -Wall -g -Iinclude-glibc -include include-glibc/glibc-bugs.h -I../include -c -o ping.o ping.c >i686-pc-linux-gnu-gcc -D_GNU_SOURCE -O3 -march=athlon-xp -pipe -Wstrict-prototypes -Wall -g -Iinclude-glibc -include include-glibc/glibc-bugs.h -I../include -c -o ping_common.o ping_common.c >i686-pc-linux-gnu-gcc ping.o ping_common.o -lresolv -o ping -Wl,-z,now -Wl,-z,relro >i686-pc-linux-gnu-gcc -D_GNU_SOURCE -O3 -march=athlon-xp -pipe -Wstrict-prototypes -Wall -g -Iinclude-glibc -include include-glibc/glibc-bugs.h -I../include clockdiff.c -lresolv -o clockdiff >i686-pc-linux-gnu-gcc -D_GNU_SOURCE -O3 -march=athlon-xp -pipe -Wstrict-prototypes -Wall -g -Iinclude-glibc -include include-glibc/glibc-bugs.h -I../include rdisc.c -lresolv -o rdisc >i686-pc-linux-gnu-gcc -D_GNU_SOURCE -O3 -march=athlon-xp -pipe -Wstrict-prototypes -Wall -g -Iinclude-glibc -include include-glibc/glibc-bugs.h -I../include arping.c -lresolv -o arping >i686-pc-linux-gnu-gcc -D_GNU_SOURCE -O3 -march=athlon-xp -pipe -Wstrict-prototypes -Wall -g -Iinclude-glibc -include include-glibc/glibc-bugs.h -I../include -c -o tftpd.o tftpd.c >i686-pc-linux-gnu-gcc -D_GNU_SOURCE -O3 -march=athlon-xp -pipe -Wstrict-prototypes -Wall -g -Iinclude-glibc -include include-glibc/glibc-bugs.h -I../include -c -o tftpsubs.o tftpsubs.c >i686-pc-linux-gnu-gcc tftpd.o tftpsubs.o -lresolv -o tftpd >i686-pc-linux-gnu-gcc -D_GNU_SOURCE -O3 -march=athlon-xp -pipe -Wstrict-prototypes -Wall -g -Iinclude-glibc -include include-glibc/glibc-bugs.h -I../include rarpd.c -lresolv -o rarpd >/usr/bin/docbook2html >make -C doc html >make[1]: Entering directory `/var/tmp/portage/iputils-021109-r3/work/iputils/doc' >Using catalogs: /etc/sgml/sgml-docbook-3.1.cat >Using stylesheet: /usr/share/sgml/docbook/utils-0.6.14/docbook-utils.dsl#html >Working on: /var/tmp/portage/iputils-021109-r3/work/iputils/doc/tmp.db2html/../index.db >jade:/usr/share/sgml/docbook/utils-0.6.14/docbook-utils.dsl:9:96:W: cannot generate system identifier for public text "-//Norman Walsh//DOCUMENT DocBook HTML Stylesheet//EN" >jade:/usr/share/sgml/docbook/utils-0.6.14/docbook-utils.dsl:19:39:E: no style-specification or external-specification with ID "DOCBOOK" >System Manager's Manual: iputilsping8iputils-021109ping, ping6send ICMP ECHO_REQUEST to network hostsping-LRUbdfnqrvVaAB-c count-i interval-l preload-p pattern-s packetsize-t ttl-w deadline-F flowlabel-I interface-M hint-P policy-Q tos-S sndbuf-T timestamp option-W timeouthopdestinationDESCRIPTIONping uses the ICMP protocol's mandatory ECHO_REQUEST >datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. >ECHO_REQUEST datagrams (``pings'') have an IP and ICMP >header, followed by a struct timeval and then an arbitrary >number of ``pad'' bytes used to fill out the packet.OPTIONS-aAudible ping. > -AAdaptive ping. Interpacket interval adapts to round-trip time, so that >effectively not more than one (or more, if preload is set) unanswered probes >present in the network. Minimal interval is 200msec for not super-user. >On networks with low rtt this mode is essentially equivalent to flood mode. > -bAllow pinging a broadcast address. > -BDo not allow ping to change source address of probes. >The address is bound to one selected when ping starts. > -c countStop after sending count ECHO_REQUEST >packets. With >deadline >option, ping waits for >count ECHO_REPLY packets, until the timeout expires. > -dSet the SO_DEBUG option on the socket being used. >Essentially, this socket option is not used by Linux kernel. > -F flow labelAllocate and set 20 bit flow label on echo request packets. >(Only ping6). If value is zero, kernel allocates random flow label. > -fFlood ping. For every ECHO_REQUEST sent a period ``.'' is printed, >while for ever ECHO_REPLY received a backspace is printed. >This provides a rapid display of how many packets are being dropped. >If interval is not given, it sets interval to zero and >outputs packets as fast as they come back or one hundred times per second, >whichever is more. >Only the super-user may use this option with zero interval. > -i intervalWait interval seconds between sending each packet. >The default is to wait for one second between each packet normally, >or not to wait in flood mode. Only super-user may set interval >to values less 0.2 seconds. > -I interface addressSet source address to specified interface address. Argument >may be numeric IP address or name of device. When pinging IPv6 >link-local address this option is required. > -l preloadIf preload is specified, >ping sends that many packets not waiting for reply. >Only the super-user may select preload more than 3. > -LSuppress loopback of multicast packets. This flag only applies if the ping >destination is a multicast address. > -nNumeric output only. >No attempt will be made to lookup symbolic names for host addresses. > -P policyOverride system-wide IPsec policy. Argument is a string of format described >in ipsec_set_policy(3). Couple of examples: "out bypass" requests to bypass >system-wide defaults, "out ipsec esp/transport//require" demands to send >ping packets using ESP in transport mode. > -p patternYou may specify up to 16 ``pad'' bytes to fill out the packet you send. >This is useful for diagnosing data-dependent problems in a network. >For example, -p ff will cause the sent packet >to be filled with all ones. > -Q tosSet Quality of Service -related bits in ICMP datagrams. >tos can be either decimal or hex number. >Traditionally (RFC1349), these have been interpreted as: 0 for reserved >(currently being redefined as congestion control), 1-4 for Type of Service >and 5-7 for Precedence. >Possible settings for Type of Service are: minimal cost: 0x02, >reliability: 0x04, throughput: 0x08, low delay: 0x10. Multiple TOS bits >should not be set simultaneously. Possible settings for >special Precedence range from priority (0x20) to net control (0xe0). You >must be root (CAP_NET_ADMIN capability) to use Critical or >higher precedence value. You cannot set >bit 0x01 (reserved) unless ECN has been enabled in the kernel. >In RFC2474, these fields has been redefined as 8-bit Differentiated >Services (DS), consisting of: bits 0-1 of separate data (ECN will be used, >here), and bits 2-7 of Differentiated Services Codepoint (DSCP). > -qQuiet output. >Nothing is displayed except the summary lines at startup time and >when finished. > -RRecord route. >Includes the RECORD_ROUTE option in the ECHO_REQUEST >packet and displays the route buffer on returned packets. >Note that the IP header is only large enough for nine such routes. >Many hosts ignore or discard this option. > -rBypass the normal routing tables and send directly to a host on an attached >interface. >If the host is not on a directly-attached network, an error is returned. >This option can be used to ping a local host through an interface >that has no route through it provided the option -I is also >used. > -s packetsizeSpecifies the number of data bytes to be sent. >The default is 56, which translates into 64 ICMP >data bytes when combined with the 8 bytes of ICMP header data. > -S sndbufSet socket sndbuf. If not specified, it is selected to buffer >not more than one packet. > -t ttlSet the IP Time to Live. > -T timestamp optionSet special IP timestamp options. >timestamp option may be either >tsonly (only timestamps), >tsandaddr (timestamps and addresses) or >tsprespec host1 [host2 [host3 [host4]]] >(timestamp prespecified hops). > -M hintSelect Path MTU Discovery strategy. >hint may be either do >(prohibit fragmentation, even local one), >want (do PMTU discovery, fragment locally when packet size >is large), or dont (do not set DF flag). > -UPrint full user-to-user latency (the old behaviour). Normally >ping >prints network round trip time, which can be different >f.e. due to DNS failures. > -vVerbose output. > -VShow version and exit. > -w deadlineSpecify a timeout, in seconds, before >ping >exits regardless of how many >packets have been sent or received. In this case >ping >does not stop after >count >packet are sent, it waits either for >deadline >expire or until >count >probes are answered or for some error notification from network. > -W timeoutTime to wait for a response, in seconds. The option affects only timeout >in absense of any responses, otherwise ping waits for two RTTs. > When using ping for fault isolation, it should first be run >on the local host, to verify that the local network interface is up >and running. Then, hosts and gateways further and further away should be >``pinged''. Round-trip times and packet loss statistics are computed. >If duplicate packets are received, they are not included in the packet >loss calculation, although the round trip time of these packets is used >in calculating the minimum/average/maximum round-trip time numbers. >When the specified number of packets have been sent (and received) or >if the program is terminated with a >SIGINT, a brief summary is displayed. Shorter current statistics >can be obtained without termination of process with signal >SIGQUIT.If ping does not receive any reply packets at all it will >exit with code 1. If a packet >count >and >deadline >are both specified, and fewer than >count >packets are received by the time the >deadline >has arrived, it will also exit with code 1. >On other error it exits with code 2. Otherwise it exits with code 0. This >makes it possible to use the exit code to see if a host is alive or >not.This program is intended for use in network testing, measurement and >management. >Because of the load it can impose on the network, it is unwise to use >ping during normal operations or from automated scripts.ICMP PACKET DETAILSAn IP header without options is 20 bytes. >An ICMP ECHO_REQUEST packet contains an additional 8 bytes worth >of ICMP header followed by an arbitrary amount of data. >When a packetsize is given, this indicated the size of this >extra piece of data (the default is 56). Thus the amount of data received >inside of an IP packet of type ICMP ECHO_REPLY will always be 8 bytes >more than the requested data space (the ICMP header).If the data space is at least of size of struct timeval >ping uses the beginning bytes of this space to include >a timestamp which it uses in the computation of round trip times. >If the data space is shorter, no round trip times are given.DUPLICATE AND DAMAGED PACKETSping will report duplicate and damaged packets. >Duplicate packets should never occur, and seem to be caused by >inappropriate link-level retransmissions. >Duplicates may occur in many situations and are rarely (if ever) a >good sign, although the presence of low levels of duplicates may not >always be cause for alarm.Damaged packets are obviously serious cause for alarm and often >indicate broken hardware somewhere in the >ping packet's path (in the network or in the hosts).TRYING DIFFERENT DATA PATTERNSThe (inter)network layer should never treat packets differently depending >on the data contained in the data portion. >Unfortunately, data-dependent problems have been known to sneak into >networks and remain undetected for long periods of time. >In many cases the particular pattern that will have problems is something >that doesn't have sufficient ``transitions'', such as all ones or all >zeros, or a pattern right at the edge, such as almost all zeros. >It isn't necessarily enough to specify a data pattern of all zeros (for >example) on the command line because the pattern that is of interest is >at the data link level, and the relationship between what you type and >what the controllers transmit can be complicated.This means that if you have a data-dependent problem you will probably >have to do a lot of testing to find it. >If you are lucky, you may manage to find a file that either can't be sent >across your network or that takes much longer to transfer than other >similar length files. >You can then examine this file for repeated patterns that you can test >using the -p option of ping.TTL DETAILSThe TTL value of an IP packet represents the maximum number of IP routers >that the packet can go through before being thrown away. >In current practice you can expect each router in the Internet to decrement >the TTL field by exactly one.The TCP/IP specification states that the TTL field for TCP >packets should be set to 60, but many systems use smaller values >(4.3 BSD uses 30, 4.2 used 15).The maximum possible value of this field is 255, and most Unix systems set >the TTL field of ICMP ECHO_REQUEST packets to 255. >This is why you will find you can ``ping'' some hosts, but not reach them >with >telnet1 >or >ftp1.In normal operation ping prints the ttl value from the packet it receives. >When a remote system receives a ping packet, it can do one of three things >with the TTL field in its response:Not change it; this is what Berkeley Unix systems did before the >4.3BSD Tahoe release. In this case the TTL value in the received packet >will be 255 minus the number of routers in the round-trip path. > Set it to 255; this is what current Berkeley Unix systems do. >In this case the TTL value in the received packet will be 255 minus the >number of routers in the path from >the remote system to the pinging host. > Set it to some other value. Some machines use the same value for >ICMP packets that they use for TCP packets, for example either 30 or 60. >Others may use completely wild values. > BUGSMany Hosts and Gateways ignore the RECORD_ROUTE option. > The maximum IP header length is too small for options like >RECORD_ROUTE to be completely useful. >There's not much that that can be done about this, however. > Flood pinging is not recommended in general, and flood pinging the >broadcast address should only be done under very controlled conditions. > SEE ALSOnetstat1, >ifconfig8.HISTORYThe ping command appeared in 4.3BSD.The version described here is its descendant specific to Linux.SECURITYping requires CAP_NET_RAWIO capability >to be executed. It may be used as set-uid root.AVAILABILITYping is part of iputils package >and the latest versions are available in source form for anonymous ftp >ftp://ftp.inr.ac.ru/ip-routing/iputils-current.tar.gz.arping8iputils-021109arpingsend ARP REQUEST to a neighbour hostarping-AbDfhqUV-c count-w deadline-s source-I interfacedestinationDESCRIPTIONPing destination on device interface by ARP packets, >using source address source.OPTIONS-AThe same as -U, but ARP REPLY packets used instead >of ARP REQUEST. > -bSend only MAC level broadcasts. Normally arping starts >from sending broadcast, and switch to unicast after reply received. > -c countStop after sending count ARP REQUEST >packets. With >deadline >option, arping waits for >count ARP REPLY packets, until the timeout expires. > -DDuplicate address detection mode (DAD). See >RFC2131, 4.4.1. >Returns 0, if DAD succeeded i.e. no replies are received > -fFinish after the first reply confirming that target is alive. > -I interfaceName of network device where to send ARP REQUEST packets. This option >is required. > -hPrint help page and exit. > -qQuiet output. Nothing is displayed. > -s sourceIP source address to use in ARP packets. >If this option is absent, source address is: > In DAD mode (with option -D) set to 0.0.0.0. > In Unsolicited ARP mode (with options -U or -A) >set to destination. > Otherwise, it is calculated from routing tables. > > -UUnsolicited ARP mode to update neighbours' ARP caches. >No replies are expected. > -VPrint version of the program and exit. > -w deadlineSpecify a timeout, in seconds, before >arping >exits regardless of how many >packets have been sent or received. In this case >arping >does not stop after >count >packet are sent, it waits either for >deadline >expire or until >count >probes are answered. > SEE ALSOping8, >clockdiff8, >tracepath8.AUTHORarping was written by >Alexey Kuznetsov ><kuznet@ms2.inr.ac.ru>.SECURITYarping requires CAP_NET_RAWIO capability >to be executed. It is not recommended to be used as set-uid root, >because it allows user to modify ARP caches of neighbour hosts.AVAILABILITYarping is part of iputils package >and the latest versions are available in source form for anonymous ftp >ftp://ftp.inr.ac.ru/ip-routing/iputils-current.tar.gz.clockdiff8iputils-021109clockdiffmeasure clock difference between hostsclockdiff-o-o1destinationDESCRIPTIONclockdiff Measures clock difference between us and >destination with 1 msec resolution using ICMP TIMESTAMP >[2] >packets or, optionally, IP TIMESTAMP option >[3] >option added to ICMP ECHO. >[1]OPTIONS-oUse IP TIMESTAMP with ICMP ECHO instead of ICMP TIMESTAMP >messages. It is useful with some destinations, which do not support >ICMP TIMESTAMP (f.e. Solaris <2.4). > -o1Slightly different form of -o, namely it uses three-term >IP TIMESTAMP with prespecified hop addresses instead of four term one. >What flavor works better depends on target host. Particularly, >-o is better for Linux. > WARNINGSSome nodes (Cisco) use non-standard timestamps, which is allowed >by RFC, but makes timestamps mostly useless. > Some nodes generate messed timestamps (Solaris>2.4), when >run xntpd. Seems, its IP stack uses a corrupted clock source, >which is synchronized to time-of-day clock periodically and jumps >randomly making timestamps mostly useless. Good news is that you can >use NTP in this case, which is even better. > clockdiff shows difference in time modulo 24 days. > SEE ALSOping8, >arping8, >tracepath8.REFERENCES[1] ICMP ECHO, >RFC0792, page 14.[2] ICMP TIMESTAMP, >RFC0792, page 16.[3] IP TIMESTAMP option, >RFC0791, 3.1, page 16.AUTHORclockdiff was compiled by >Alexey Kuznetsov ><kuznet@ms2.inr.ac.ru>. It was based on code borrowed >from BSD timed daemon.SECURITYclockdiff requires CAP_NET_RAWIO capability >to be executed. It is safe to be used as set-uid root.AVAILABILITYclockdiff is part of iputils package >and the latest versions are available in source form for anonymous ftp >ftp://ftp.inr.ac.ru/ip-routing/iputils-current.tar.gz.rarpd8iputils-021109rarpdanswer RARP REQUESTsarping-aAvde-b bootdirinterfaceDESCRIPTIONListens >RARP >requests from clients. Provided MAC address of client >is found in /etc/ethers database and >obtained host name is resolvable to an IP address appropriate >for attached network, rarpd answers to client with RARPD >reply carrying an IP address.To allow multiple boot servers on the network rarpd >optionally checks for presence Sun-like bootable image in TFTP directory. >It should have form Hexadecimal_IP.ARCH, f.e. to load >sparc 193.233.7.98 C1E90762.SUN4M is linked to >an image appropriate for SUM4M in directory /etc/tftpboot.WARNINGThis facility is deeply obsoleted by >BOOTP >and later >DHCP protocols. >However, some clients really still need this to boot.OPTIONS-aListen on all the interfaces. Currently it is an internal >option, its function is overridden with interface >argument. It should not be used. > -AListen not only RARP but also ARP messages, some rare clients >use ARP by some unknown reason. > -vBe verbose. > -dDebug mode. Do not go to background. > -eDo not check for presence of a boot image, reply if MAC address >resolves to a valid IP address using /etc/ethers >database and DNS. > -b bootdirTFTP boot directory. Default is /etc/tftpboot > SEE ALSOarping8, >tftpd8.AUTHORrarpd was written by >Alexey Kuznetsov ><kuznet@ms2.inr.ac.ru>.SECURITYrarpd requires CAP_NET_RAWIO capability >to listen and send RARP and ARP packets. It also needs CAP_NET_ADMIN >to give to kernel hint for ARP resolution; this is not strictly required, >but some (most of, to be more exact) clients are so badly broken that >are not able to answer ARP before they are finally booted. This is >not wonderful taking into account that clients using RARPD in 2002 >are all unsupported relic creatures of 90's and even earlier.AVAILABILITYrarpd is part of iputils package >and the latest versions are available in source form for anonymous ftp >ftp://ftp.inr.ac.ru/ip-routing/iputils-current.tar.gz.tracepath8iputils-021109tracepath, tracepath6traces path to a network host discovering MTU along this pathtracepathdestinationportDESCRIPTIONIt traces path to destination discovering MTU along this path. >It uses UDP port port or some random port. >It is similar to traceroute, only does not not require superuser >privileges and has no fancy options.tracepath6 is good replacement for traceroute6 >and classic example of application of Linux error queues. >The situation with tracepath is worse, because commercial >IP routers do not return enough information in icmp error messages. >Probably, it will change, when they will be updated. >For now it uses Van Jacobson's trick, sweeping a range >of UDP ports to maintain trace history.OUTPUTroot@mops:~ # tracepath6 3ffe:2400:0:109::2 > 1?: [LOCALHOST] pmtu 1500 > 1: dust.inr.ac.ru 0.411ms > 2: dust.inr.ac.ru asymm 1 0.390ms pmtu 1480 > 2: 3ffe:2400:0:109::2 463.514ms reached > Resume: pmtu 1480 hops 2 back 2The first column shows TTL of the probe, followed by colon. >Usually value of TTL is obtained from reply from network, >but sometimes reply does not contain necessary information and >we have to guess it. In this case the number is followed by ?.The second column shows the network hop, which replied to the probe. >It is either address of router or word [LOCALHOST], if >the probe was not sent to the network.The rest of line shows miscellaneous information about path to >the correspinding hetwork hop. As rule it contains value of RTT. >Additionally, it can show Path MTU, when it changes. >If the path is asymmetric >or the probe finishes before it reach prescribed hop, difference >between number of hops in forward and backward direction is shown >folloing keyword async. This information is not reliable. >F.e. the third line shows asymmetry of 1, it is because the first probe >with TTL of 2 was rejected at the first hop due to Path MTU Discovery.Te last line summarizes information about all the path to the destination, >it shows detected Path MTU, amount of hops to the destination and our >guess about amount of hops from the destination to us, which can be >different when the path is asymmetric.SEE ALSOtraceroute8, >traceroute68, >ping8.AUTHORtracepath was written by >Alexey Kuznetsov ><kuznet@ms2.inr.ac.ru>.SECURITYNo security issues.This lapidary deserves to be elaborated. >tracepath is not a privileged program, unlike >traceroute, ping and other beasts of this kind. >tracepath may be executed by everyone who has some access >to network, enough to send UDP datagrams to investigated destination >using given port.AVAILABILITYtracepath is part of iputils package >and the latest versions are available in source form from anonymous ftp >ftp://ftp.inr.ac.ru/ip-routing/iputils-current.tar.gz.traceroute68iputils-021109traceroute6traces path to a network hosttraceroute6-dnrvV-i interface-m max_ttl-p port-q max_probes-s source-w wait timedestinationsizeDESCRIPTIONDescription can be found in >traceroute8, >all the references to IP replaced to IPv6. It is needless to copy >the description from there.SEE ALSOtraceroute8, >tracepath8, >ping8.HISTORYThis program has long history. Author of traceroute >is Van Jacobson and it first appeared in 1988. This clone is >based on a port of traceroute to IPv6 published >in NRL IPv6 distribution in 1996. In turn, it was ported >to Linux by Pedro Roque. After this it was kept in sync by >Alexey Kuznetsov ><kuznet@ms2.inr.ac.ru>. And eventually entered >iputils package.SECURITYtracepath6 requires CAP_NET_RAWIO capability >to be executed. It is safe to be used as set-uid root.AVAILABILITYtraceroute6 is part of iputils package >and the latest versions are available in source form for anonymous ftp >ftp://ftp.inr.ac.ru/ip-routing/iputils-current.tar.gz.tftpd8iputils-021109tftpdTrivial File Transfer Protocol servertftpddirectoryDESCRIPTIONtftpd is a server which supports the DARPA >Trivial File Transfer Protocol >(RFC1350). >The TFTP server is started >by inetd8.directory is required argument; if it is not given >tftpd aborts. This path is prepended to any file name requested >via TFTP protocol, effectively chrooting tftpd to this directory. >File names are validated not to escape out of this directory, however >administrator may configure such escape using symbolic links.It is in difference of variants of tftpd usually distributed >with unix-like systems, which take a list of directories and match >file names to start from one of given prefixes or to some random >default, when no arguments were given. There are two reasons not to >behave in this way: first, it is inconvenient, clients are not expected >to know something about layout of filesystem on server host. >And second, TFTP protocol is not a tool for browsing of server's filesystem, >it is just an agent allowing to boot dumb clients. In the case when tftpd is used together with >rarpd8, >tftp directories in these services should coincide and it is expected >that each client booted via TFTP has boot image corresponding >its IP address with an architecture suffix following Sun Microsystems >conventions. See >rarpd8 >for more details.SECURITYTFTP protocol does not provide any authentication. >Due to this capital flaw tftpd is not able to restrict >access to files and will allow only publically readable >files to be accessed. Files may be written only if they already >exist and are publically writable.Impact is evident, directory exported via TFTP must not >contain sensitive information of any kind, everyone is allowed >to read it as soon as a client is allowed. Boot images do not contain >such information as rule, however you should think twice before >publishing f.e. Cisco IOS config files via TFTP, they contain >unencrypted passwords and may contain some information >about the network, which you were not going to make public.The tftpd server should be executed by inetd >with dropped root privileges, namely with a user ID giving minimal >access to files published in tftp directory. If it is executed >as superuser occasionally, tftpd drops its UID and GID >to 65534, which is most likely not the thing which you expect. >However, this is not very essential; remember, only files accessible >for everyone can be read or written via TFTP.SEE ALSOrarpd8, >tftp1, >inetd8.HISTORYThe tftpd command appeared in 4.2BSD. The source in iputils >is cleaned up both syntactically (ANSIized) and semantically (UDP socket IO).It is distributed with iputils mostly as good demo of an interesting feature >(MSG_CONFIRM) allowing to boot long images by dumb clients >not answering ARP requests until they are finally booted. >However, this is full functional and can be used in production.AVAILABILITYtftpd is part of iputils package >and the latest versions are available in source form for anonymous ftp >ftp://ftp.inr.ac.ru/ip-routing/iputils-current.tar.gz.rdisc8iputils-021109rdiscnetwork router discovery daemonrdisc-abdfstvVsend_addressreceive_addressDESCRIPTIONrdisc implements client side of the ICMP router discover protocol. >rdisc is invoked at boot time to populate the network >routing tables with default routes. rdisc listens on the ALL_HOSTS (224.0.0.1) multicast address >(or receive_address provided it is given) >for ROUTER_ADVERTISE messages from routers. The received >messages are handled by first ignoring those listed router addresses >with which the host does not share a network. Among the remaining addresses >the ones with the highest preference are selected as default routers >and a default route is entered in the kernel routing table >for each one of them.Optionally, rdisc can avoid waiting for routers to announce >themselves by sending out a few ROUTER_SOLICITATION messages >to the ALL_ROUTERS (224.0.0.2) multicast address >(or send_address provided it is given) >when it is started.A timer is associated with each router address and the address will >no longer be considered for inclusion in the the routing tables if the >timer expires before a new >advertise message is received from the router. >The address will also be excluded from consideration if the host receives an >advertise >message with the preference being maximally negative.Server side of router discovery protocol is supported by Cisco IOS >and by any more or less complete UNIX routing daemon, f.e gated.OPTIONS-aAccept all routers independently of the preference they have in their >advertise messages. >Normally rdisc only accepts (and enters in the kernel routing >tables) the router or routers with the highest preference. > -bOpposite to -a, i.e. install only router with the best >preference value. It is default behaviour. > -dSend debugging messages to syslog. > -fRun rdisc forever even if no routers are found. >Normally rdisc gives up if it has not received any >advertise message after after soliciting three times, >in which case it exits with a non-zero exit code. >If -f is not specified in the first form then >-s must be specified. > -sSend three solicitation messages initially to quickly discover >the routers when the system is booted. >When -s is specified rdisc >exits with a non-zero exit code if it can not find any routers. >This can be overridden with the -f option. > -tTest mode. Do not go to background. > -vBe verbose i.e. send lots of debugging messages to syslog. > -VPrint version and exit. > HISTORYThis program was developed by Sun Microsystems (see copyright >notice in source file). It was ported to Linux by >Alexey Kuznetsov ><kuznet@ms2.inr.ac.ru>.SEE ALSOicmp7, >inet7, >ping8.REFERENCESDeering, S.E.,ed "ICMP Router Discovery Messages", >RFC1256, Network Information Center, SRI International, >Menlo Park, Calif., September 1991.SECURITYrdisc requires CAP_NET_RAWIO to listen >and send ICMP messages and capability CAP_NET_ADMIN >to update routing tables. AVAILABILITYrdisc is part of iputils package >and the latest versions are available in source form for anonymous ftp >ftp://ftp.inr.ac.ru/ip-routing/iputils-current.tar.gz.pg38iputils-021109pg3, ipg, pgsetsend stream of UDP packetssource ipgpgpgsetCOMMANDDESCRIPTIONipg is not a program, it is script which should be sourced >to bash. When sourced it loads module pg3 and >exports a few of functions accessible from parent shell. These macros >are pg to start packet injection and to get the results of run; >and pgset to setup packet generator.pgset can send the following commands to module pg3:COMMANDodev DEVICEName of Ethernet device to test. See >warning below. > pkt_size BYTESSize of packet to generate. The size includes all the headers: UDP, IP, >MAC, but does not account for overhead internal to medium, i.e. FCS >and various paddings. > frags NUMBEREach packet will contain NUMBER of fragments. >Maximal amount for linux-2.4 is 6. Far not all the devices support >fragmented buffers. > count NUMBERSend stream of NUMBER of packets and stop after this. > ipg TIMEIntroduce artificial delay between packets of TIME >microseconds. > dst IP_ADDRESSSelect IP destination where the stream is sent to. >Beware, never set this address at random. pg3 is not a toy, >it creates really tough stream. Default value is 0.0.0.0. > dst MAC_ADDRESSSelect MAC destination where the stream is sent to. >Default value is 00:00:00:00:00:00 in hope that this will not be received >by any node on LAN. > stopAbort packet injection. > WARNINGWhen output device is set to some random device different >of hardware Ethernet device, pg3 will crash kernel.Do not use it on VLAN, ethertap, VTUN and other devices, >which emulate Ethernet not being real Ethernet in fact.AUTHORpg3 was written by Robert Olsson <robert.olsson@its.uu.se>.SECURITYThis can be used only by superuser.This tool creates floods of packets which is unlikely to be handled >even by high-end machines. For example, it saturates gigabit link with >60 byte packets when used with Intel's e1000. In face of such stream >switches, routers and end hosts may deadlock, crash, explode. >Use only in test lab environment.AVAILABILITYpg3 is part of iputils package >and the latest versions are available in source form for anonymous ftp >ftp://ftp.inr.ac.ru/ip-routing/iputils-current.tar.gz.setkey8iputils-021109setkeymanually manipulate the IPsec SA/SP databasesetkey-dv-csetkey-dv-ffilenamesetkey-adPlv-Dsetkey-dPv-Fsetkey-h-xDESCRIPTIONsetkey adds, updates, dumps, or flushes >Security Association Database (SAD) entries >as well as Security Policy Database (SPD) entries in the kernel.setkey takes a series of operations from the standard input >(if invoked with -c) or the file named filename >(if invoked with -f filename).-DDump the SAD entries. If with -P, the SPD entries are dumped. > -FFlush the SAD entries. If with -P, the SPD entries are flushed. > -asetkey usually does not display dead SAD entries with >-D. If with -a, the dead SAD entries will be displayed >as well. A dead SAD entry means that it has been expired but remains >because it is referenced by SPD entries. > -dEnable to print debugging messages for command parser, without talking >to kernel. It is not used usually. > -xLoop forever and dump all the messages transmitted to >PF_KEY socket. -xx makes each timestamps unformatted. > -hAdd hexadecimal dump on -x mode. > -lLoop forever with short output on -D. > -vBe verbose. The program will dump messages exchanged on >PF_KEY socket, including messages sent from other processes >to the kernel. > Operations have the following grammar. Note that lines starting with >hashmarks ('#') are treated as comment lines. add > src > dst > protocol > spi > extensions > algorithm... > ; > Add an SAD entry. > get > src > dst > protocol > spi > ; > Show an SAD entry. > delete > src > dst > protocol > spi > ; > Remove an SAD entry. > deleteall > src > dst > protocol > ; > Remove all SAD entries that match the specification. > flush > protocol > ; > Clear all SAD entries matched by the options. > dump > protocol > ; > Dump all SAD entries matched by the options. > spdadd > src_range > dst_range > upperspec > policy > ; > Add an SPD entry. > spddelete > src_range > dst_range > upperspec > -P direction > ; > Delete an SPD entry. > spdflush > ; > Clear all SPD entries. > spddump > ; > Dump all SPD entries. > Meta-arguments are as follows: src, > dst > Source/destination of the secure communication is specified as >IPv4/v6 address. setkey does not consult hostname-to-address >for arguments src and dst. >They must be in numeric form. > protocol > protocol is one of following: > espESP based on rfc2405 > ahAH based on rfc2402 > > spi > Security Parameter Index (SPI) for the SAD and the SPD. >It must be decimal number or hexadecimal number >(with 0x attached). >You cannot use the set of SPI values in the range 0 through 255. > extensions > takes some of the following: > -m modeSpecify a security protocol mode for use. mode >is one of following: transport or tunnel. >The default value is transport. > NOTE: it is a difference of KAME. Our implemenation does not allow >to use single SA both for transport and tunnel mode via IPsec >interface. Tunneled frames still can be encapsulated in transport >mode SA, provided you use tunnel devices and apply transport mode >IPsec to IPIP protocol. > -r sizeSpecify window size of bytes for replay prevention. >size must be decimal number in the range 0 ... 32. >If size is zero, replay check doesn't take place. >If size is not specified, replay window is 32 for >AH and authenticated ESP, and disabled for unauthenticated ESP. > NOTE: it is a difference of KAME. Default value must be reasonable before all. > -lh time, > -ls time > Specify hard/soft life time duration of the SA. > > algorithm > -E ealgo key > Specify an encryption algorithm. > -A aalgo key > Specify an authentication algorithm. >If -A is used with protocol esp, >it will be treated as ESP payload authentication algorithm. > > >protocol esp accepts -E and -A. >protocol ah >accepts -A only.key must be double-quoted character string or series >of hexadecimal digits.Possible values for >ealgo and aalgo >are specified in separate section. > src_range, dst_range > These are selections of the secure communication specified as >IPv4/v6 address or IPv4/v6 address range, and it may accompany >TCP/UDP port specification. This takes the following form: > address > address/prefixlen > address[port] > address/prefixlen[port] > prefixlen and port must be decimal numbers. >The square bracket around port is really necessary. >They are not manpage metacharacters. >setkey does not consult hostname-to-address for arguments >src and dst. They must be in numeric form. > > upperspec > Upper-layer protocol to be used. You can use one of words in >/etc/protocols as upperspec. >Or icmp6, ip4, and any >can be specified. any stands for any protocol. >Also you can use the protocol number.NOTE: upperspec is not advised against forwarding case >at this moment, as it requires extra reassembly at forwarding node >(not implemented at this moment). We have many protocols in >/etc/protocols, but protocols except of TCP, UDP and >ICMP may not be suitable to use with IPSec. You have to consider and >be careful to use them. > policy > policy is the one of following: > -P direction discard > -P direction none > -P direction ipsec > protocol/mode/src-dst/level > You must specify the direction of its policy as direction. >Either out or in or fwd >are used.discard means the packet matching indexes will be discarded. >none means that IPsec operation will not take place onto the packet. >ipsec means that IPsec operation will take place onto the packet. >Either ah or esp >is to be set as protocol.mode is either transport or tunnel. >If mode is tunnel, you must specify the end-points >addresses of the SA as src and dst >with - between these addresses which is used to specify >the SA to use. If mode is transport, both >src and dst can be omited.level is to be one of the following: >use or require. >If the SA is not available in every level, the kernel will request >getting SA to the key exchange daemon. >use means that the kernel use a SA if it's available, >otherwise the kernel keeps normal operation. >require means SA is required whenever the kernel sends >a packet matched with the policy. >Note that >discard and none are not in the syntax described in >ipsec_set_policy(3). There are little differences in the syntax. >See ipsec_set_policy(3) for detail. > ALGORITHMSThe following list shows the supported algorithms. >protocol and algorithm >are almost orthogonal. Followings are the list of authentication >algorithms that can be used as aalgo >in -A aalgo of protocol >parameter:algorithmkeylen (bits)commenthmac-md5128ah: rfc2403hmac-sha1160ah: rfc2401Followings are the list of encryption algorithms that can be used as >ealgo in -E ealgo of >protocol parameter:algorithmkeylen (bits)commentdes-cbc64esp: rfc24053des-cbc192esp: rfc2451EXAMPLESadd 10.0.11.41 10.0.11.33 esp 123457 > -m tunnel -E des-cbc "ESP SA!!" ; > >add 10.0.11.41 10.0.11.33 ah 123456 > -m transport -A hmac-sha1 "AH SA configuration!" ; > >add 10.0.11.41 10.0.11.34 esp 0x10001 > -m tunnel > -E des-cbc "ESP with" > -A hmac-md5 "authentication!!" ; > >get 10.0.11.41 10.0.11.33 ah 123456 ; > >flush ; > >dump esp ; >Encapsulate output of telnetd in ESP tunnel encrypted with DES >and authenticated with MD5. >spdadd 192.168.0.1/32[23] 192.168.0.2/32[any] any > -P out ipsec esp/tunnel/10.0.11.41-10.0.11.34/require ; >Or alternatively, encapsulate output of telnetd in ESP tunnel >encrypted with DES, but with stronger authentication of whole >encapsulated packet with MD5. >spdadd 192.168.0.1/32[23] 192.168.0.2/32[any] any > -P out ipsec > esp/tunnel/10.0.11.41-10.0.11.33/require > ah/transport//require ; >RETURN VALUESThe command exits with 0 on success, and non-zero on errors.SEE ALSOipsec_set_policy(3), >racoon(8), >sysctl(8)HISTORYThe setkey command first appeared in WIDE Hydrangea IPv6 protocol >stack kit. The command was completely re-designed in June 1998.This port to Linux was made on November 2002.Done. >mv: ne peut évaluer `*.html': Aucun fichier ou répertoire de ce type >make[1]: *** [arping.html] Erreur 1 >make[1]: Leaving directory `/var/tmp/portage/iputils-021109-r3/work/iputils/doc' >make: *** [html] Erreur 2 > >!!! ERROR: net-misc/iputils-021109-r3 failed. >!!! Function src_compile, Line 60, Exitcode 2 >!!! (no error message) >!!! If you need support, post the topmost build error, NOT this status message. > > ...done! >>>> emerge (1 of 1) net-misc/iputils-021109-r3 to / >>>> checksums files ;-) iputils-021109-r3.ebuild >>>> checksums files ;-) files/021109-ipg-linux-2.6.patch >>>> checksums files ;-) files/digest-iputils-021109-r3 >>>> checksums files ;-) files/021109-uclibc-no-ether_ntohost.patch >>>> checksums files ;-) files/iputils-021109-linux-udp-header.patch >>>> checksums files ;-) files/iputils-021109-gcc34.patch >>>> checksums files ;-) files/021109-syserror.patch >>>> checksums files ;-) files/021109-no-pfkey-search.patch >>>> checksums files ;-) files/iputils-021109-bindnow.patch >>>> checksums src_uri ;-) iputils-ss021109-try.tar.bz2
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 118282
: 76514