CVS to cvs.qnx.com; grief. Suggestions?

Hi folks,

I’m having a little bit of grief accessing the QSSL cvs server, and am wondering what
I’m doing wrong. I’ve asked a few of my friends, and they couldn’t see anything obviously
wrong with what I’m doing, so I figured I’d ask “out loud” :slight_smile:

I set up the “CVSROOT” environment variable to contain “:pserver:anoncvs@cvs.qnx.com:/cvs”
as outlined in the docs.

Then I logged in, and it looks like it accepted my password.

I created “/source/qssl/cvs”, as that’s where I wanted the stuff to go.

Then I typed “cvs checkout nto”, and it hung for a long time (I killed it after 5 minutes
with no files being created).

Now, there are a few “twists” (of course) :slight_smile:

  1. I’m behind a firewall, but I have allowed port 2401 to go through.

  2. I can get a few individual files out “by hand” (i.e., if I type the full
    pathname of the file, I can get it, for example:
    [columbia@ttyp5] cvs checkout nto/drivers/devc/ser8250/Makefile
    U nto/drivers/devc/ser8250/Makefile
    seems to work just fine – BUT checking out “init.c” doesn’t work!!!)

Any suggestions? It must just be my machine(s) because I tried it under openBSD
with the same results :frowning: (I tried it as root and as non-root, as well).

HELP!!! :slight_smile:

Thanks in advance!
-RK


Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Consulting and Training at www.parse.com

nospam94@parse.com wrote:

  1. I’m behind a firewall, but I have allowed port 2401 to go through.

Both UDP and TCP allowed to go through?

  1. I can get a few individual files out “by hand” (i.e., if I type the full
    pathname of the file, I can get it, for example:
    [columbia@ttyp5] cvs checkout nto/drivers/devc/ser8250/Makefile
    U nto/drivers/devc/ser8250/Makefile
    seems to work just fine – BUT checking out “init.c” doesn’t work!!!)

Any suggestions? It must just be my machine(s) because I tried it under openBSD
with the same results > :frowning: > (I tried it as root and as non-root, as well).

HELP!!! > :slight_smile:

I know that checking out CVS code from behind a firewall has been an issue for
many people (not just QNX, but in general). Some people use a SOCKS proxy to get
arround the issue, others use SSH tunneling (not really of help in this case).

Check out http://www.cvshome.org/docs/infonetsecurity.html for some more ideas
that may help out your particular situation/network setup.

-Adam

Operating System for Tech Supp <os@qnx.com> wrote:

nospam94@parse.com > wrote:

  1. I’m behind a firewall, but I have allowed port 2401 to go through.

Both UDP and TCP allowed to go through?

Now they do, yes. Still no change, though :frowning:

  1. I can get a few individual files out “by hand” (i.e., if I type the full
    pathname of the file, I can get it, for example:
    [columbia@ttyp5] cvs checkout nto/drivers/devc/ser8250/Makefile
    U nto/drivers/devc/ser8250/Makefile
    seems to work just fine – BUT checking out “init.c” doesn’t work!!!)

Any suggestions? It must just be my machine(s) because I tried it under openBSD
with the same results > :frowning: > (I tried it as root and as non-root, as well).

HELP!!! > :slight_smile:

I know that checking out CVS code from behind a firewall has been an issue for
many people (not just QNX, but in general). Some people use a SOCKS proxy to get
arround the issue, others use SSH tunneling (not really of help in this case).

Check out > http://www.cvshome.org/docs/infonetsecurity.html > for some more ideas
that may help out your particular situation/network setup.

I took a look, but nothing there seemed to jump out at me as an obvious solution.
I guess if it was obvious … :slight_smile:

Still stuck…

Thanks,
-RK


Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Consulting and Training at www.parse.com

nospam94@parse.com wrote:

Operating System for Tech Supp <> os@qnx.com> > wrote:
nospam94@parse.com > wrote:

  1. I’m behind a firewall, but I have allowed port 2401 to go through.

Both UDP and TCP allowed to go through?

Now they do, yes. Still no change, though > :frowning:

Also, another datapoint. I can telnet to cvs.qnx.com 2401, and it appears
that I get the response that the cvs website sez I should get.

When I turn on “trace” on CVS, here’s what I get:

[columbia@ttyp0] cvs -t checkout nto
cvs checkout: notice: main loop with CVSROOT=:pserver:anoncvs@cvs.qnx.com:/cvs
S-> do_module (nto, Updating, , )

And this is where it hangs…

Thanks,
-RK

  1. I can get a few individual files out “by hand” (i.e., if I type the full
    pathname of the file, I can get it, for example:
    [columbia@ttyp5] cvs checkout nto/drivers/devc/ser8250/Makefile
    U nto/drivers/devc/ser8250/Makefile
    seems to work just fine – BUT checking out “init.c” doesn’t work!!!)

Any suggestions? It must just be my machine(s) because I tried it under openBSD
with the same results > :frowning: > (I tried it as root and as non-root, as well).

HELP!!! > :slight_smile:

I know that checking out CVS code from behind a firewall has been an issue for
many people (not just QNX, but in general). Some people use a SOCKS proxy to get
arround the issue, others use SSH tunneling (not really of help in this case).

Check out > http://www.cvshome.org/docs/infonetsecurity.html > for some more ideas
that may help out your particular situation/network setup.

I took a look, but nothing there seemed to jump out at me as an obvious solution.
I guess if it was obvious … > :slight_smile:

Still stuck…

Thanks,
-RK


Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Consulting and Training at > www.parse.com


Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Consulting and Training at www.parse.com

nospam94@parse.com wrote:

nospam94@parse.com > wrote:
Operating System for Tech Supp <> os@qnx.com> > wrote:
nospam94@parse.com > wrote:

  1. I’m behind a firewall, but I have allowed port 2401 to go through.

Both UDP and TCP allowed to go through?

Now they do, yes. Still no change, though > :frowning:

Also, another datapoint. I can telnet to cvs.qnx.com 2401, and it appears
that I get the response that the cvs website sez I should get.

When I turn on “trace” on CVS, here’s what I get:

[columbia@ttyp0] cvs -t checkout nto
cvs checkout: notice: main loop with CVSROOT=:pserver:> anoncvs@cvs.qnx.com> :/cvs
S-> do_module (nto, Updating, , )

And this is where it hangs…

Ok, ok, tacky to reply to my own posts, I know :slight_smile:

But! CVS works just fine to sourceforge – I pulled the “ts10” project with
no grief whatsoever…

Is anyone else having grief with cvs.qnx.com or is it just me???

Thanks,
-RK

  1. I can get a few individual files out “by hand” (i.e., if I type the full
    pathname of the file, I can get it, for example:
    [columbia@ttyp5] cvs checkout nto/drivers/devc/ser8250/Makefile
    U nto/drivers/devc/ser8250/Makefile
    seems to work just fine – BUT checking out “init.c” doesn’t work!!!)

Any suggestions? It must just be my machine(s) because I tried it under openBSD
with the same results > :frowning: > (I tried it as root and as non-root, as well).

HELP!!! > :slight_smile:

I know that checking out CVS code from behind a firewall has been an issue for
many people (not just QNX, but in general). Some people use a SOCKS proxy to get
arround the issue, others use SSH tunneling (not really of help in this case).

Check out > http://www.cvshome.org/docs/infonetsecurity.html > for some more ideas
that may help out your particular situation/network setup.

I took a look, but nothing there seemed to jump out at me as an obvious solution.
I guess if it was obvious … > :slight_smile:

Still stuck…

Thanks,
-RK


Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Consulting and Training at > www.parse.com


Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Consulting and Training at > www.parse.com


Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Consulting and Training at www.parse.com

nospam94@parse.com wrote:

I took a look, but nothing there seemed to jump out at me as an obvious solution.
I guess if it was obvious … > :slight_smile:

Still stuck…

One thing to try is to download with compression on, but I’ll check with the IT guys
to see if they know a solution to the problem for you

-Adam

Operating System for Tech Supp <os@qnx.com> wrote:

nospam94@parse.com > wrote:

I took a look, but nothing there seemed to jump out at me as an obvious solution.
I guess if it was obvious … > :slight_smile:

Still stuck…

One thing to try is to download with compression on, but I’ll check with the IT guys
to see if they know a solution to the problem for you

Tried that (you mean the “-z3” thing, right?) No luck.

Thanks,
-RK

Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Consulting and Training at www.parse.com

<nospam94@parse.com> wrote in message news:9q1gk6$dr2$1@inn.qnx.com

Operating System for Tech Supp <> os@qnx.com> > wrote:
nospam94@parse.com > wrote:

Tried that (you mean the “-z3” thing, right?) No luck.

One last thing you can try is using a different tcp/ip stack, and see if you
get the same results.

Q: does the same behaviour occur under QNX4 (if you have a QNX4 machine).
I’m curious if it might be the combo of CVS server version and CVS client
version.

-Adam

Operating System Tech Support <os@qnx.com> wrote:

nospam94@parse.com> > wrote in message news:9q1gk6$dr2$> 1@inn.qnx.com> …
Operating System for Tech Supp <> os@qnx.com> > wrote:
nospam94@parse.com > wrote:

Tried that (you mean the “-z3” thing, right?) No luck.

One last thing you can try is using a different tcp/ip stack, and see if you
get the same results.

No luck – tried it with openBSD.

Q: does the same behaviour occur under QNX4 (if you have a QNX4 machine).

QNX 4 CVS that I have doesn’t even allow the “login” keyword, so it must be
an antique version…

I’m curious if it might be the combo of CVS server version and CVS client
version.

This is the QRTP CVS that came with 6.1.0 as updated with “A”…

Cheers,
-RK


Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Consulting and Training at www.parse.com

nospam94@parse.com wrote:

Operating System Tech Support <> os@qnx.com> > wrote:
nospam94@parse.com> > wrote in message news:9q1gk6$dr2$> 1@inn.qnx.com> …
Operating System for Tech Supp <> os@qnx.com> > wrote:
nospam94@parse.com > wrote:

Tried that (you mean the “-z3” thing, right?) No luck.

One last thing you can try is using a different tcp/ip stack, and see if you
get the same results.

No luck – tried it with openBSD.

Q: does the same behaviour occur under QNX4 (if you have a QNX4 machine).

QNX 4 CVS that I have doesn’t even allow the “login” keyword, so it must be
an antique version…

I’m curious if it might be the combo of CVS server version and CVS client
version.

This is the QRTP CVS that came with 6.1.0 as updated with “A”…

Also, it appears to be sensitive to the amount of compression. With -z0,
it works “best”, although it still doesn’t do anything…

Here’s a log, generated with “-t -z0”:

[columbia@ttyp0] cvs -t -T/tmp checkout lib
cvs checkout: notice: main loop with CVSROOT=:pserver:anoncvs@cvs.qnx.com:/cvs
S-> do_module (lib, Updating, , )
S-> do_module (lib, Updating, , )
S-> Create_Admin (., lib, /cvs/lib, , , 0, 0)
S-> unlink(./CVS/Tag)
→ ParseInfo(/cvs/CVSROOT/rcsinfo, lib, ALL)
S<- Create_Admin
S-> fopen(/cvs/CVSROOT/history,a)
S-> unlink(./CVS/Entries.Static)
S-> checkout (/cvs/lib/Makefile,v, 1.1.1.1, , (function))
S-> server_register(Makefile, 1.1.1.1, , , , , )
S-> Register(Makefile, 1.1.1.1, , , )
S-> Create_Admin (c, lib/c, /cvs/lib/c, , , 0, 0)
S-> unlink(c/CVS/Tag)
→ ParseInfo(/cvs/CVSROOT/rcsinfo, lib/c, ALL)
S<- Create_Admin
S-> unlink(c/CVS/Entries.Static)
S-> checkout (/cvs/lib/c/Makefile,v, 1.1.1.1, , (function))
S-> server_register(Makefile, 1.1.1.1, , , , , )
S-> Register(Makefile, 1.1.1.1, , , )
S-> checkout (/cvs/lib/c/asmoff.c,v, 1.1.1.1, , (function))
S-> server_register(asmoff.c, 1.1.1.1, , , , , )
S-> Register(asmoff.c, 1.1.1.1, , , )
S-> checkout (/cvs/lib/c/common.mk,v, 1.1.1.1, , (function))
S-> server_register(common.mk, 1.1.1.1, , , , , )

That’s as far as it gets with -z0. With -z1 … -z9, it only gets this far:

[columbia@ttyp0] cvs -t -T/tmp -z1 checkout lib
cvs checkout: notice: main loop with CVSROOT=:pserver:anoncvs@cvs.qnx.com:/cvs
S-> do_module (lib, Updating, , )
cvs [checkout aborted]: received interrupt signal

(-z2 through -z9 were the same)

Cheers,
-RK

Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Consulting and Training at www.parse.com

Operating System Tech Support <os@qnx.com> wrote:

nospam94@parse.com> > wrote in message news:9qn7si$opl$> 1@inn.qnx.com> …
nospam94@parse.com > wrote:
Operating System Tech Support <> os@qnx.com> > wrote:
nospam94@parse.com> > wrote in message news:9q1gk6$dr2$> 1@inn.qnx.com> …
Operating System for Tech Supp <> os@qnx.com> > wrote:
nospam94@parse.com > wrote:

Also, it appears to be sensitive to the amount of compression. With -z0,
it works “best”, although it still doesn’t do anything…

Just a quick sanity check, have you opened port 2401 for outgoing traffic?

Yuppers. Like I said in a this thread (way back when we first started it :slight_smile:)
I was able to get a few files “manually” by specifying their full names.

What kind of firewall do you have (brand or OS+firewalling technique). I
have a “hunch” it may have something to do with FIN timing.

openBSD, with ipfrules set to log all outgoing and incoming 2401 access. Here’s
an example of logs from the “-z0” case and the corresponding log from the openBSD
box. I’ve marked the “CVS” logs with “CVS>”, the QNX 6 commands with “QNX6>”,
and the openBSD logs with “BSD>”

QNX6> [columbia@ttyp2] export CVSROOT=":pserver:anoncvs@cvs.qnx.com:/cvs"
QNX6> [columbia@ttyp2] cvs login
CVS> (Logging in to anoncvs@cvs.qnx.com)
CVS> CVS password:

At this point I entered “anoncvs” and hit return. Switching quickly to the openBSD
box, I noticed the following IPF logs:

BSD> Oct 19 15:06:14 gateway ipmon[21281]: 15:06:13.909833 tun0 @0:32 p 206.191.28.128,10765 → 209.226.137.124,2401 PR tcp len 20 60 -S OUT
BSD> Oct 19 15:06:14 gateway ipmon[21281]: 15:06:13.974683 tun0 @0:59 p 209.226.137.124,2401 → 10.0.0.5,1599 PR tcp len 20 60 -AS IN
BSD> Oct 19 15:06:14 gateway ipmon[21281]: 15:06:13.975073 tun0 @0:32 p 206.191.28.128,10765 → 209.226.137.124,2401 PR tcp len 20 52 -A OUT
BSD> Oct 19 15:06:14 gateway ipmon[21281]: 15:06:13.975183 tun0 @0:32 p 206.191.28.128,10765 → 209.226.137.124,2401 PR tcp len 20 79 -AP OUT
BSD> Oct 19 15:06:14 gateway ipmon[21281]: 15:06:14.026106 tun0 @0:59 p 209.226.137.124,2401 → 10.0.0.5,1599 PR tcp len 20 52 -A IN

Then, a pwd to show the current source location:

QNX6> [columbia@ttyp2] pwd
QNX6> /source/qssl/cvs

Finally, a “checkout” command with logging to illustrate the problem:

QNX6> [columbia@ttyp2] cvs -z0 -t checkout lib
CVS> cvs checkout: notice: main loop with CVSROOT=:pserver:anoncvs@cvs.qnx.com:/cvs
CVS> S-> do_module (lib, Updating, , )
CVS> S-> Create_Admin (., lib, /cvs/lib, , , 0, 0)
CVS> S-> unlink(./CVS/Tag)
CVS> → ParseInfo(/cvs/CVSROOT/rcsinfo, lib, ALL)
CVS> S<- Create_Admin
CVS> S-> fopen(/cvs/CVSROOT/history,a)
CVS> S-> unlink(./CVS/Entries.Static)
CVS> S-> checkout (/cvs/lib/Makefile,v, 1.1.1.1, , (function))
CVS> S-> server_register(Makefile, 1.1.1.1, , , , , )
CVS> S-> Register(Makefile, 1.1.1.1, , , )
CVS> S-> Create_Admin (c, lib/c, /cvs/lib/c, , , 0, 0)
CVS> S-> unlink(c/CVS/Tag)
CVS> → ParseInfo(/cvs/CVSROOT/rcsinfo, lib/c, ALL)
CVS> S<- Create_Admin
CVS> S-> unlink(c/CVS/Entries.Static)
CVS> S-> checkout (/cvs/lib/c/Makefile,v, 1.1.1.1, , (function))
CVS> S-> server_register(Makefile, 1.1.1.1, , , , , )
CVS> S-> Register(Makefile, 1.1.1.1, , , )
CVS> S-> checkout (/cvs/lib/c/asmoff.c,v, 1.1.1.1, , (function))
CVS> S-> server_register(asmoff.c, 1.1.1.1, , , , , )
CVS> S-> Register(asmoff.c, 1.1.1.1, , , )
CVS> S-> checkout (/cvs/lib/c/common.mk,v, 1.1.1.1, , (function))
CVS> S-> server_register(common.mk, 1.1.1.1, , , , , )

At this point, it hangs. Switching to the BSD box shows:

BSD> Oct 19 15:07:06 gateway ipmon[21281]: 15:07:05.728352 tun0 @0:32 p 206.191.28.128,10766 → 209.226.137.124,2401 PR tcp len 20 60 -S OUT
BSD> Oct 19 15:07:06 gateway ipmon[21281]: 15:07:05.767476 tun0 @0:59 p 209.226.137.124,2401 → 10.0.0.5,1603 PR tcp len 20 60 -AS IN
BSD> Oct 19 15:07:06 gateway ipmon[21281]: 15:07:05.767899 tun0 @0:32 p 206.191.28.128,10766 → 209.226.137.124,2401 PR tcp len 20 52 -A OUT
BSD> Oct 19 15:07:06 gateway ipmon[21281]: 15:07:05.769172 tun0 @0:32 p 206.191.28.128,10766 → 209.226.137.124,2401 PR tcp len 20 71 -AP OUT
BSD> Oct 19 15:07:06 gateway ipmon[21281]: 15:07:05.806366 tun0 @0:59 p 209.226.137.124,2401 → 10.0.0.5,1603 PR tcp len 20 52 -A IN

After the novelty wore off, I hit ^C:

CVS> cvs [checkout aborted]: received interrupt signal

And got this traffic on the BSD box:

BSD> Oct 19 15:07:15 gateway ipmon[21281]: 15:07:14.667589 tun0 @0:32 p 206.191.28.128,10766 → 209.226.137.124,2401 PR tcp len 20 52 -AF OUT
BSD> Oct 19 15:07:15 gateway ipmon[21281]: 15:07:14.832825 tun0 @0:59 p 209.226.137.124,2401 → 10.0.0.5,1603 PR tcp len 20 52 -A IN

Do you folks have the ability to check the logs on your end to see if there’s anything funny being reported?
My IP address is 206.191.28.128 if you can see that in the logs…

Do you have the same problem, without the firewall in place (or if your box
is in a “DMZ”)

Kirk Russell and I tried it with the IPF rules allowing everything to go everywhere (i.e.,
no firewall at all) on the openBSD box, and got the same results…

Other than that, I can’t try it without the firewall 'cuz it’s my PPPoE server :frowning:

Weird, huh?

-RK

Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Consulting and Training at www.parse.com

<nospam94@parse.com> wrote in message news:9qn7si$opl$1@inn.qnx.com

nospam94@parse.com > wrote:
Operating System Tech Support <> os@qnx.com> > wrote:
nospam94@parse.com> > wrote in message news:9q1gk6$dr2$> 1@inn.qnx.com> …
Operating System for Tech Supp <> os@qnx.com> > wrote:
nospam94@parse.com > wrote:

Also, it appears to be sensitive to the amount of compression. With -z0,
it works “best”, although it still doesn’t do anything…

Just a quick sanity check, have you opened port 2401 for outgoing traffic?

What kind of firewall do you have (brand or OS+firewalling technique). I
have a “hunch” it may have something to do with FIN timing.

Do you have the same problem, without the firewall in place (or if your box
is in a “DMZ”)

-Adam