problem with Proc32 and the "-L2" option

I want to restrict inbound network access only to a QNX node. According to
the documentation for Proc32, the “-L2” option does the trick.

When I rebuild the boot image to use the “-L2” option with Proc32, it
disables outbound network access instead of inbound network access. It
seems like the “-L2” option is the same as the “-L” option.

Here is the actual line in my boot image for Proc32:

$ /boot/sys/Proc32 -l 14 -L2

I’ve tried the “-L” and “-L1” options and they do what the documentation
states.

Is option “-L2” just a typo??

Len

Len Melo <lmelo@neptec.com> wrote:

I want to restrict inbound network access only to a QNX node. According to
the documentation for Proc32, the “-L2” option does the trick.

Oddly, the documentation and the usemessage for Proc32 disagree on this:

Docs say:

-L2 Disallow inbound network access, but allow unrestricted
outbound access.

Use message says:
-L2 Only allow inbound network access.

Which is the exact opposite of what the docs say.

I’m not sure which is the actual intention of the code.

(In a quick look through the code, -L2 sets a different flag from -L, so
it shouldn’t give the same behaviour. But, I haven’t yet found where this
is checked.)

BTW, when reporting something like this, it is VERY important to tell us
what version of Proc32 you are running – the output from “sin ver”, the
line for Proc32, is a very good idea to post. If I’m looking at source
to a later version than you’re running, it won’t do either of us much good.

When I rebuild the boot image to use the “-L2” option with Proc32, it
disables outbound network access instead of inbound network access. It
seems like the “-L2” option is the same as the “-L” option.

Here is the actual line in my boot image for Proc32:

$ /boot/sys/Proc32 -l 14 -L2

I’ve tried the “-L” and “-L1” options and they do what the documentation
states.

Is option “-L2” just a typo??

Don’t know yet.

-David

QNX Training Services
dagibbs@qnx.com

Here is the version of Proc32 I’m using:

PROGRAM NAME VERSION DATE
/boot/sys/Proc32 Proc 4.25J Sep 09 1999

David Gibbs wrote in message <96eep1$bv$1@nntp.qnx.com>…

Len Melo <> lmelo@neptec.com> > wrote:
I want to restrict inbound network access only to a QNX node. According
to
the documentation for Proc32, the “-L2” option does the trick.

Oddly, the documentation and the usemessage for Proc32 disagree on this:

Docs say:

-L2 Disallow inbound network access, but allow unrestricted
outbound access.

Use message says:
-L2 Only allow inbound network access.

Which is the exact opposite of what the docs say.

I’m not sure which is the actual intention of the code.

(In a quick look through the code, -L2 sets a different flag from -L, so
it shouldn’t give the same behaviour. But, I haven’t yet found where this
is checked.)

BTW, when reporting something like this, it is VERY important to tell us
what version of Proc32 you are running – the output from “sin ver”, the
line for Proc32, is a very good idea to post. If I’m looking at source
to a later version than you’re running, it won’t do either of us much good.

When I rebuild the boot image to use the “-L2” option with Proc32, it
disables outbound network access instead of inbound network access. It
seems like the “-L2” option is the same as the “-L” option.

Here is the actual line in my boot image for Proc32:

$ /boot/sys/Proc32 -l 14 -L2

I’ve tried the “-L” and “-L1” options and they do what the documentation
states.

Is option “-L2” just a typo??

Don’t know yet.

-David

QNX Training Services
dagibbs@qnx.com

Len Melo <lmelo@neptec.com> wrote:

Here is the version of Proc32 I’m using:

PROGRAM NAME VERSION DATE
/boot/sys/Proc32 Proc 4.25J Sep 09 1999

Thanks, I’ve tested with Proc 4.25I, 4.25J, and 4.25K.

(In a quick look through the code, -L2 sets a different flag from -L, so
it shouldn’t give the same behaviour. But, I haven’t yet found where this
is checked.)

Under testing, I see no appreciable difference in behaviour between having
specified -L2 and not having done so. That is, on the node I can do a
"sin -n " other node to get information as both root & non-root, and from
outside that node, I can do a “sin -n node” to get information about it.
(If I ran with -L, then I could do a “sin -n node” to get information, but
from node, “sin -n other_node” failed.)

When I rebuild the boot image to use the “-L2” option with Proc32, it
disables outbound network access instead of inbound network access. It
seems like the “-L2” option is the same as the “-L” option.

I was unable to reproduce this behaviour. What I observed was that -L2
was the same as not setting any -L option at all. (Which matches what
was in the code.)

This seems to suggest that the documentation got ahead of the implementation.

-David

QNX Training Services
dagibbs@qnx.com

David Gibbs <dagibbs@qnx.com> wrote:

Len Melo <> lmelo@neptec.com> > wrote:

When I rebuild the boot image to use the “-L2” option with Proc32, it
disables outbound network access instead of inbound network access. It
seems like the “-L2” option is the same as the “-L” option.

I was unable to reproduce this behaviour. What I observed was that -L2
was the same as not setting any -L option at all. (Which matches what
was in the code.)

This seems to suggest that the documentation got ahead of the implementation.

I’ve now implemented this in an internal version. Hopefully it will be
coming in beta soon.

-David

QNX Training Services
dagibbs@qnx.com

Wow, thanks Dave! I’ll be waiting for that BETA version of Proc32.

David Gibbs wrote in message <96eq8l$6j8$1@nntp.qnx.com>…

David Gibbs <> dagibbs@qnx.com> > wrote:

I’ve now implemented this in an internal version. Hopefully it will be
coming in beta soon.

-David

QNX Training Services
dagibbs@qnx.com