<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "CIPE-list" <cipe-l,AT,inka,DOT,de>
Subject: Re: kxchg: Operation not permitted
From: "Hans Steegers" <hsx,AT,dds,DOT,nl>
Date: Wed, 17 Sep 2003 10:48:19 +0200
Reply-to: "Hans Steegers" <steegers,AT,steegers,DOT,nl>

Berend,
I searched my log files, but couldn't find a trace of such an error message.

The error message "kxchg: send: .." is generated by ciped (in kxchg(), after
a send(2) returns an error, while sending  NK_REQ, NK_ACK or NK_IND).
The error code EPERM "Operation not permitted" is probably orginating from
the ip-layer IP(7):  "User doesn't have permission to set high priority,
change  configuration, or send signals to the requested process or group."

* It is NOT related to connectionless UDP traffic (send(2) assumes a
connection).
* If you are running PKCIPE, see section 4.3 of the manual: "The pkcipe
program must be run as root. (Do not make it setuid.)"....
*** Verify if PKCIPE's TCP (!) connection with the remote PKCIPE is allowed
and not blocked by a firewall!!
* DEBUG: Run PKCIPE with -D debug; Run cipcb in debug mode, or better: run a
debug version (configured without --disable_debug).

My guess is that cipe is working with the static key and that pkcipe is
causing the messages because ciped isn't able to exchange (dynamic) keys.
But it's only a wild guess, based on a minimum of information....

If you are NOT using pkcipe: a minor mismatch between the cipcb module and
your kernel MAY cause this kind of erratic behaviour: the module must have
been built using the same compiler and (identical configured) source tree as
used to build you running kernel.

I hope this is of any help or use.

Hans Steegers.

-----Original Message-----
From: Berend Veldkamp <berend.veldkamp,AT,aris,DOT,nl>
To: Cipe Mailing List <cipe-l,AT,inka,DOT,de>
Date: Tuesday, September 16, 2003 3:44 PM
Subject: Re: kxchg: Operation not permitted

>So,
>
>Can anyone tell me what rule to add to allow kxchg? I have searched
>the archives, but I can't find this specific problem.
>Let me repeat that cipe is already working, it's just that I want to
>get rid of the messages in /var/log/messages.
>
>Thanks, Berend
>
>
>
>Perl,AT,smk-gmbh,DOT,de wrote:
>>
>> yes,
>>
>> i have similar problem while testing with cipe at the moment.
>> i brought down my firewall and then it worked, so you have to
>> establish iptables rules for it.
>> i guess to find information how to in the inka archives or at the
>> web.
>> i have to do same soon.
>>
>> regards, wolf
>
>--
>____________________________
>
>Berend Veldkamp - ARIS
>http://www.aris.nl/
>____________________________
>
>--
>Message sent by the cipe-l,AT,inka,DOT,de mailing list.
>Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
>Other commands available with "help" in body to the same address.
>CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>


<< | Thread Index | >> ]    [ << | Date Index | >> ]