Ip_tables: owner match: bad hook_mask 0xa/0x18

Hello
I'd like to restrict acces to a openvpn connection.
Only the user with uid 1000 should have access.
I put a # in front of the line that causes trouble in the code below.
the trouble is that iptables-restore says:
iptables-restore: line 33 failed
and dmesg says:
ip_tables: owner match: bad hook_mask 0xa/0x18
Does anyone know a way how to fix this?
James
# Generated by iptables-save v1.4.3.1 on Fri Apr 17 18:11:38 2009
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:AdapterCheck - [0:0]
:InputExternal - [0:0]
:InputLocal - [0:0]
:OpenVPN - [0:0]
:OutputExternal - [0:0]
:OutputLocal - [0:0]
-A INPUT -i lo -j InputLocal
-A INPUT -i ! lo -j InputExternal
-A OUTPUT -o lo -j OutputLocal
-A OUTPUT -o ! lo -j OutputExternal
-A AdapterCheck -i tap+ -j RETURN
#-A AdapterCheck -o tap+ -g OpenVPN
-A AdapterCheck -i eth+ -j RETURN
-A AdapterCheck -o eth+ -j RETURN
-A AdapterCheck -j DROP
-A InputExternal -j AdapterCheck
-A InputExternal -m state --state RELATED,ESTABLISHED -j ACCEPT
-A InputExternal -j DROP
-A InputLocal -j ACCEPT
-A InputLocal -j DROP
-A OpenVPN -m owner --uid-owner 1000 -j RETURN
-A OpenVPN -j DROP
-A OutputExternal -j AdapterCheck
-A OutputExternal -j ACCEPT
-A OutputExternal -j DROP
-A OutputLocal -j ACCEPT
-A OutputLocal -j DROP
COMMIT
# Completed on Fri Apr 17 18:11:38 2009

darkcoder wrote:... Anyway after those changes I was able to mount windoze floppies as a normal user with # mount /mnt/fl
What about the ext3 floppies? I have no problem with vfat ones, I can mount them as you mention but when I try to mount ext3 floppies as a regular user I get:
[florin@guns /mnt]$ mount /mnt/floppy
mount: wrong fs type, bad option, bad superblock on /dev/fd0,
or too many mounted file systems
[florin@guns ~]$ mount /dev/fd0 /mnt/floppy
mount: only root can do that
[florin@guns ~]$ mount -t ext3 /dev/fd0 /mnt/floppy
mount: only root can do that
I can mount an ext3 floppy as root:
[root@guns /mnt]# mount /mnt/floppy
mount: wrong fs type, bad option, bad superblock on /dev/fd0,
or too many mounted file systems
[root@guns /mnt]# mount /dev/fd0 /mnt/floppy
[root@guns /mnt]# cd floppy/
[root@guns /mnt/floppy]# ls
lost+found test
What am I missing here? What should I do to be able to mount ext3 floppies as a regular user too?
Info:
fstab entry:
/dev/fd0 /mnt/floppy vfat,ext3 rw,user,noauto 0 0
User Id:
[root@guns /etc]# id florin
uid=1002(florin) gid=1002(users3) groups=1002(users3),92(audio)
udev.permissions line:
# floppy devices
fd[01]*:root:users3:0660

Similar Messages

PPC QUAD Owners -- Got Bad Fan Noise w/Logic (or just in general)?

I'm having a terrific noise problem with my Quad's (now) overactive fans. When I first got the Quad this was not a problem. Seems to have started after an update from 10.4.3 to 10.4.4 or 10.4.5. With respect to Logic, the fans go into hyperdrive (blowing relatively cool air) after I launch Logic, even when it's sitting idle with a bare-bones autoload song loaded (no plugs at all). When I quit Logic, the fans start to calm down but it takes sveral minutes to settle down completely.
Even accessing the dock or loading up this forum on Safari will cause the fans to rev, but Logic is the thing that seems to trigger this behavior the most -- and the worst.
Anyone else with a Quad is experiencing the same thing? Particularly with Logic running?
I'd be grateful if anyone can offer offer troubleshooting advice. Here's some info:
- reinstalled the system software numerous times, no change
- all Apple RAM installed (6 G)
- running 2 monitors, but with only one connected, no difference
- using wall current or UPS current makes no difference

Thanks for the continued feedback/replies. Will be living with the computer/hair dryer combo for another week as the Apple store techs in my area are all booked up until after Labor Day. Gotta say, tho, that the $100 to be a ProCare member gets ya good attention from those guys.
Would still appreciate hearing about other Quad owner's experiences with their fans/noise level of their systems, just for comparison sake.
Tele, glad to hear your fans are well-behaved. Wanna trade? ;-)
Thanks again everyone.

How to focus owner of stage?

Hi,
I have an application and I've created a transparent stage on top of main stage and initialise the main stage as its owner. Then I create an additional visible stage and then close the visible stage. The focus goes back to my transparent stage. I must click on my main stage first to get the focus on the main stage or alternative I can ALT+F4 to close my transparent stage.
I want my transparent stage to never receive focus. If it would receive focus, I would like the focus to be sent to its owner. I though the following would work (Scala):
class SpyScopeGlass(owner: Window) extends Stage(StageStyle.TRANSPARENT) {
this.focusedProperty().addChangeListener { (_, _, newValue) =>
println("--> spy stage focussed: " + newValue)
owner.setFocused(true)
owner.requestFocus()
println("--> forward focussed: " + owner)
The println runs as expected, but the focus never goes back to the owner. Any ideas why the owner doesn't focus?
Cheers,
-John

888641 wrote:
Hi Narayan,
Thanks for your reply. I am still somewhat confused though. I tried to call toFront on the owner stage and it neither goes to the front (which I didn't want anyway) nor gets the focus.
this.focusedProperty().addChangeListener { (_, _, newValue) =>
this.owner match {
case ownerStage: Stage => {
ownerStage.toFront()
ownerStage.setFocused(true)
}Do you by any chance know why focus doesn't transfer as expected?
Cheers,
-John
Edited by: 888641 on Oct 1, 2011 2:05 AMHello user,
Have you tried to use some toBack() function too??
The toFront() actually makes your windows at front but the javafx automatically handles the focus windows so to explicitly make other windows not to be focused , TRY WITH toBack() function. You can see in the code of my previous thread comment that I've used toBack() too.
Thanks.
Narayan

OIM 9.1 AD Account Provisioning

Has anyone ran into the scenario where you go to provision an AD account and the process fails because the account already exist on the target which results in the resource status remaining as "provisioning". I expected that status to change to "provisioned" once a recon was ran which would link the account to the OIM user but it didn't. The recon linked the account but from the user's resource profile you can see that it didn't.

first of all when the account with the same id is found on Ad, it may necessarily not be that of the user unless you have ascertained that. If you want the adapter to return a success what you should have done is mapping the user_already exists retrun code to C for completed instead of an R for rejected, which is why the resource is going into a provisioning status.
BTW does your create user task or whatever task last gets executed before the provisioning is deemed as complete have the task to object status mapping set to C=Provisioned?
What you will need to do is, revoke the AD resource from the user's resource profile list and then run the recon, the account should now be linked to the user if the owner matching rules match up to the identity in oim.

My iMac sorrows... #1, #2, #3, #4 and now maybe #5

Well, for those who have read my other posts regarding my horrific experiences of iMac terror, I do truly hope this is the last.
iMac #1: 24" Aluminum iMac 2.4Ghz had original and common freezing problem, was replaced on day #88 after 11 days of sitting in AppleCare where replacing the logic board did not resolve the issue. (Bad timing, 2 days later the patch came out that fixed it)
iMac #2: They replaced my first iMac with a 2.8Ghz at my request and with my credit card for the difference. Unfortunately, I was back in the Apple Store the next morning because the backlight within the screen was bleeding bright light whenever the screen was black (screen savers, front row, image editing).
iMac #3: The second iMac was replaced without hesitation and I confirmed everything was functioning fine and operating well before I left the store. I gave it a full run through. Was very happy.
iMac #4: Yesterday, I returned to the Apple Store with my broken iMac in it's poor little box because after 3 weeks of use the hard drive fan was apparently going out and sounded like a playing card in bicycle spokes. Horrible, but what am I suppose to do. They offered to repair, but didn't have the part in stock so they replaced it AGAIN.
At this point I am really losing my sense of humor and tolerance here, if you can imagine.
NOW: You'd think that iMac #4 is the end... Well not necessarily. I am heading in to the Apple Store in a little less than 3 hours to bring in iMac #4 because the right internal speaker is blown (or at least sounds this way) and you cannot bring the volume up past 1/2 way or all sound from the right speaker is garbled.
Apple Care this morning confirmed that it is in-fact a bad speaker and it will need to be repaired, or in my case replaced.
I am not happy with what has happened, although I can see that reality suggests I have extremely bad luck or the rest of this planets iMac owners have bad eye sight and bad hearing. I know there are working iMac's out there. I just can't find one.
I really don't think I am being picky at the least. I haven't had an iMac that is working as intended for 110 days. Just simply rough.
Anyway, I am going to shut this audible distortion mechanism down and box it up and hopefully I can get a solution real quick as I haven't slept at all while reloading, troubleshooting, AppleCar'ing, etc.
-- Oh, and my aversion to repairing and preference for replacements stems from them damaging the case of the first Aluminum iMac on 3 corners when I took it in the very first time. I don't want a Brand New "Repaired" iMac...

Update:
I walked in within just hours of the posts below, asked for the local Apple Store manager and explained the entire scenario. She was already aware of me as exchanges apparently require her signature.
She was absolutely wonderful, apologetic and empathetic to my situation as a small business owner and having such a bad run with these iMac's.
She didn't even want to check the iMac I brought in, she simply had it replaced, my memory swapped and allowed me to sit for 20 to 30 minutes checking everything to make sure it was good to go.
They even reassured me once again, that if this in fact happen to be bad as well, they would replace it again.
For my troubles (not necessary at all), they also offered me a nice price break on anything Apple the next time I come in.
Thanks Apple, and note this machine is running perfectly.

A last minute suggestion to Find My Mac

The newly introduced (yet to come, but we suppose it comes out along with iOS5 on OCT 4) Find My Mac power is a strong defense against lost Macs. But here comes one trivial question:
Such a measure, to be effective, should be working "backwards", not "forwards", should't it?
By saying backwards, I mean, the mechanism should be able to protect it self, override current settings and let you Find YOUR Mac after you realized your Mac has been stolen. To make it a really effective method, Find My Mac functionality should be activated by default, not by Prompting!
Here comes a hilarious picture. Even if you got luck, enabling "Find My Mac" beforehand it's stolen, the thief can readily reinstall OS and "don't allow" Find My Mac to even start to function. What's the point of "Find My Mac" then? Or is Apple assuming all thieves are as stupid thus forgetting to refreshing your whole HDD?
This is totally not professional. As I know, all the "recovery" softwares for mac, they work in the same "forwards" way. Assuming you managed to Enable them beforehand, and hope for the luck that those thieves are stupid enough not to erase your HDD and yet smart enough to know your password to log in in the first place.
A real world Effective "Find My Mac" should be working backwards, Apple technicians should think about realistic situations "rather than fatasy":
1, Activates automatically, or can be activated remotely under authorization (like, from Apple or Police Department) AFTER you found your computer is stolen or deactivated/restored by the thief.
2, Binds Serial Number. S/N is the only reliable identification for a Mac, since usually thieves will not replace your mother board. It should work in the way that once you knows your S/N and you have registered it under your Apple ID (the whole meaning of ever registered it, isn't it?), you should be able to know where the Mac with the same S/N are.
3, It's totally OK that is uses Internet to locate, given our macs don't have GPS or SIM Card. You see I won't raise far-fetched expectations.
That is one of the only logical way that Find My Mac could ever be useful in a case of theft. And that's what all the customers really wanted, being victims for stolen Macs for years. I know and understand Apple totally doesn't have to do any of these. But isn't it nice we can use Apple Community, Serial Number and its Registration database to protect ourselves. Only Apple can do this. You had direct access to all your devices. I don't see why you can't do this while you can boldly "report, or steal" people's whereabouts for business benifitials in your ios.
Is it beacause after weighing in and out, you find it's not worth it? Is it not worth it to protect your own betrusted consumers against their largest threat to their products: theft? (Note, not all theft are indebted to the owner himself. Break in, Robbery).
If you do love your consumers, it really takes nothing to build a defence within the Apple system. I see "Find My Mac" is a huge step forward. But i hope it can really work to solve real life problems.
Just my last minute suggestions. I am waiting to find my lost Mac one day. I will wait to that day. Because it's not technically impossible. It's just some guy, they don't do it.

The new "possessor" does not need to erase or reinstall. All he needs to do is boot to Recovery HD (single user mode for OS 10.6.8 or earlier), and reset the password–> http://osxdaily.com/2011/08/24/reset-mac-os-x-10-7-lion-password/
For "almost" thief-proof option, you must use your iPad or iPhone to activate firmware password as soon as possible after the Mac goes missing or have already activated a firmware password login. For Macs built 2011 or later, that can only be bypassed at an authorized Apple service shop that SHOULD request ID from the possessor.
A firmware password prompt will appear at the next restart, and no optional boot is available. That means no option to reset admin password, or erase, or boot to single user mode, or reset NVRAM / PRAM, until the firmware is reset using a special digital key only available to the shop. Even a new storage mechanism (new HDD, etc.) cannot turn off the firmware prompt. The digital key is canceled and a new key provided periodically, thus twarting any useful distribution outside of official channels.
Apple does not take a pro-active stance on using firmware password, because for the owners with bad memories, it can become a huge headache and will cause ill will.

Send tcp using thread

MyRcon2.java
package rconed;
import rconed.Rcon;
import rconed.SourceRcon;
public void run() {
 try {
 String stringShow = null;
 SourceRcon R = new SourceRcon();
 stringShow = R.send(this.ip, this.port, this.password, this.command);
 System.out.println(stringShow);
 }catch (Exception e) {}
public void startServer(int portNumber)
 try
 byte[] buf = new byte[1000];
 DatagramSocket ss = new DatagramSocket(portNumber);
 while (true)
 DatagramPacket ip = new DatagramPacket(buf, buf.length);
 ss.receive(ip);
 String rev=new String(buf,0,ip.getLength());
 StringTokenizer st = new StringTokenizer(rev, "/****/");
 MyRcon2 Send = new MyRcon2();
 Send.ip = st.nextToken();
 Send.port = Integer.parseInt(st.nextToken());
 Send.password = st.nextToken();
 Send.command = st.nextToken();
 Thread t =new Thread(Send);
 t.start();
 }catch (IOException e){}
}SourceRcon.java
package rconed;
import rconed.exception.BadRcon;
import rconed.exception.ResponseEmpty;
import java.io.*;
import java.net.*;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
* User: oscahie (aka PiTaGoRaS) 
* Date: 03-jan-2005 
* Time: 19:11:40 
* version: 0.4 
* Rcon library for Source Engine based games 
public class SourceRcon {
 final static int SERVERDATA_EXECCOMMAND = 2;
 final static int SERVERDATA_AUTH = 3;
 final static int SERVERDATA_RESPONSE_VALUE = 0;
 final static int SERVERDATA_AUTH_RESPONSE = 2;
 final static int RESPONSE_TIMEOUT = 2000;
 final static int MULTIPLE_PACKETS_TIMEOUT = 300;
 static Socket rconSocket = null;
 static InputStream in = null;
 static OutputStream out = null;
 * Send the RCON command to the game server (must have been previously authed with the correct rcon_password)
 * @param ipStr The IP (as a String) of the machine where the RCON command will go.
 * @param port The port of the machine where the RCON command will go.
 * @param password The RCON password.
 * @param command The RCON command (without the rcon prefix).
 * @return The reponse text from the server after trying the RCON command.
 * @throws SocketTimeoutException when there is any problem communicating with the server.
 public static String send(String ipStr, int port, String password, String command) throws SocketTimeoutException, BadRcon, ResponseEmpty {
 return send(ipStr, port, password, command, 0);
 * Send the RCON command to the game server (must have been previously authed with the correct rcon_password)
 * @param ipStr The IP (as a String) of the machine where the RCON command will go.
 * @param port The port of the machine where the RCON command will go.
 * @param password The RCON password.
 * @param command The RCON command (without the rcon prefix).
 * @param localPort The port of the local machine to use for sending out the RCON request.
 * @return The reponse text from the server after trying the RCON command.
 * @throws SocketTimeoutException when there is any problem communicating with the server.
 public static String send(String ipStr, int port, String password, String command, int localPort) throws SocketTimeoutException, BadRcon, ResponseEmpty {
 String response = "";
 try {
 rconSocket = new Socket();
 InetAddress addr = InetAddress.getLocalHost();
 byte[] ipAddr = addr.getAddress();
 InetAddress inetLocal = InetAddress.getByAddress(ipAddr);
 rconSocket.bind(new InetSocketAddress(inetLocal, localPort));
 rconSocket.connect(new InetSocketAddress(ipStr, port), 1000);
 out = rconSocket.getOutputStream();
 in = rconSocket.getInputStream();
 rconSocket.setSoTimeout(RESPONSE_TIMEOUT);
 if (rcon_auth(password)) {
 // We are now authed
 ByteBuffer[] resp = sendCommand(command);
 // Close socket handlers, we don't need them more
 out.close(); in.close(); rconSocket.close();
 if (resp != null) {
 response = assemblePackets(resp);
 if (response.length() == 0) {
 throw new ResponseEmpty();
 else {
 throw new BadRcon();
 } catch (SocketTimeoutException timeout) {
 throw timeout;
 } catch (UnknownHostException e) {
 System.err.println("UnknownHostException: " + e.getCause());
 } catch (IOException e) {
 System.err.println("Couldn't get I/O for the connection: "+ e.getCause());
 return response;
 private static ByteBuffer[] sendCommand(String command) throws SocketTimeoutException {
 byte[] request = contructPacket(2, SERVERDATA_EXECCOMMAND, command);
 ByteBuffer[] resp = new ByteBuffer[128];
 int i = 0;
 try {
 out.write(request);
 resp[i] = receivePacket(); // First and maybe the unique response packet
 try {
 // We don't know how many packets will return in response, so we'll
 // read() the socket until TimeoutException occurs.
 rconSocket.setSoTimeout(MULTIPLE_PACKETS_TIMEOUT);
 while (true) {
 resp[++i] = receivePacket();
 } catch (SocketTimeoutException e) {
 // No more packets in the response, go on
 return resp;
 } catch (SocketTimeoutException timeout) {
 // Timeout while connecting to the server
 throw timeout;
 } catch (Exception e2) {
 System.err.println("I/O error on socket\n");
 return null;
 private static byte[] contructPacket(int id, int cmdtype, String s1) {
 ByteBuffer p = ByteBuffer.allocate(s1.length() + 16);
 p.order(ByteOrder.LITTLE_ENDIAN);
 // length of the packet
 p.putInt(s1.length() + 12);
 // request id
 p.putInt(id);
 // type of command
 p.putInt(cmdtype);
 // the command itself
 p.put(s1.getBytes());
 // two null bytes at the end
 p.put((byte) 0x00);
 p.put((byte) 0x00);
 // null string2 (see Source protocol)
 p.put((byte) 0x00);
 p.put((byte) 0x00);
 return p.array();
 private static ByteBuffer receivePacket() throws Exception {
 ByteBuffer p = ByteBuffer.allocate(4120);
 p.order(ByteOrder.LITTLE_ENDIAN);
 byte[] length = new byte[4];
 if (in.read(length, 0, 4) == 4) {
 // Now we've the length of the packet, let's go read the bytes
 p.put(length);
 int i = 0;
 while (i < p.getInt(0)) {
 p.put((byte) in.read());
 i++;
 return p;
 else {
 return null;
 private static String assemblePackets(ByteBuffer[] packets) {
 // Return the text from all the response packets together
 String response = "";
 for (int i = 0; i < packets.length; i++) {
 if (packets[i] != null) {
 response = response.concat(new String(packets.array(), 12, packets[i].position()-14));
return response;
private static boolean rcon_auth(String rcon_password) throws SocketTimeoutException {
byte[] authRequest = contructPacket(1337, SERVERDATA_AUTH, rcon_password);
ByteBuffer response = ByteBuffer.allocate(64);
try {
out.write(authRequest);
response = receivePacket(); // junk response packet
response = receivePacket();
// Lets see if the received request_id is leet enougth ;)
if ((response.getInt(4) == 1337) && (response.getInt(8) == SERVERDATA_AUTH_RESPONSE)) {
return true;
} catch (SocketTimeoutException timeout) {
throw timeout;
} catch (Exception e) {
System.err.println("I/O error on socket\n");
return false;
}Rcon.java package rconed;
import java.io.IOException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.net.SocketTimeoutException;
import rconed.exception.BadRcon;
import rconed.exception.ResponseEmpty;
* Rcon is a simple Java library for issuing RCON commands to game servers.
* 
* This has currently only been used with HalfLife based servers.
* 
* Example:
* 
* response = Rcon.send(27778, "127.0.0.1", 27015, rconPassword, "log on");
* 
* PiTaGoRas - 21/12/2004 
* Now also supports responses divided into multiple packets, bad rcon password
* detection and other minor fixes/improvements.
* 
* @author DeadEd
* @version 1.1
public abstract class Rcon {
private static final int RESPONSE_TIMEOUT = 2000;
private static final int MULTIPLE_PACKETS_TIMEOUT = 300;
* Send the RCON request. Sends the command to the game server. A port
* (localPort must be opened to send the command through.
* @param localPort The port on the local machine where the RCON request can be made from.
* @param ipStr The IP (as a String) of the machine where the RCON command will go.
* @param port The port of the machine where the RCON command will go.
* @param password The RCON password.
* @param command The RCON command (without the rcon prefix).
* @return The reponse text from the server after trying the RCON command.
* @throws SocketTimeoutException when there is any problem communicating with the server.
public static String send(int localPort, String ipStr, int port, String password, String command)
throws SocketTimeoutException, BadRcon, ResponseEmpty {
RconPacket[] requested = sendRequest(localPort, ipStr, port, password, command);
String response = assemblePacket(requested);
if (response.matches("Bad rcon_password.\n")) {
throw new BadRcon();
if (response.length() == 0) {
throw new ResponseEmpty();
return response;
private static DatagramPacket getDatagramPacket(String request, InetAddress inet, int port) {
byte first = -1;
byte last = 0;
byte[] buffer = request.getBytes();
byte[] commandBytes = new byte[buffer.length + 5];
commandBytes[0] = first;
commandBytes[1] = first;
commandBytes[2] = first;
commandBytes[3] = first;
for (int i = 0; i < buffer.length; i++) {
commandBytes[i + 4] = buffer[i];
commandBytes[buffer.length + 4] = last;
return new DatagramPacket(commandBytes, commandBytes.length, inet, port);
private static RconPacket[] sendRequest(int localPort, String ipStr, int port, String password,
String command) throws SocketTimeoutException {
DatagramSocket socket = null;
RconPacket[] resp = new RconPacket[128];
try {
socket = new DatagramSocket(localPort);
int packetSize = 1400;
InetAddress address = InetAddress.getByName(ipStr);
byte[] ip = address.getAddress();
InetAddress inet = InetAddress.getByAddress(ip);
String msg = "challenge rcon\n";
DatagramPacket out = getDatagramPacket(msg, inet, port);
socket.send(out);
// get the challenge
byte[] data = new byte[packetSize];
DatagramPacket inPacket = new DatagramPacket(data, packetSize);
socket.setSoTimeout(RESPONSE_TIMEOUT);
socket.receive(inPacket);
// compose the final command and send to the server
String challenge = parseResponse(inPacket.getData());
String challengeNumber = challenge.substring(challenge.indexOf("rcon") + 5).trim();
String commandStr = "rcon " + challengeNumber + " \"" + password + "\" " + command;
DatagramPacket out2 = getDatagramPacket(commandStr, inet, port);
socket.send(out2);
// get the response
byte[] data2 = new byte[packetSize];
DatagramPacket inPacket2 = new DatagramPacket(data2, packetSize);
socket.setSoTimeout(RESPONSE_TIMEOUT);
socket.receive(inPacket2);
resp[0] = new RconPacket(inPacket2);
try {
// Wait for a possible multiple packets response
socket.setSoTimeout(MULTIPLE_PACKETS_TIMEOUT);
int i = 1;
while (true) {
socket.receive(inPacket2);
resp[i++] = new RconPacket(inPacket2);
} catch (SocketTimeoutException sex) {
// Server didn't send more packets
} catch (SocketTimeoutException sex) {
throw sex;
} catch (IOException ex) {
ex.printStackTrace();
} finally {
if (socket != null) {
socket.close();
return resp;
private static String parseResponse(byte[] buf) {
String retVal = "";
if (buf[0] != -1 || buf[1] != -1 || buf[2] != -1 || buf[3] != -1) {
retVal = "ERROR";
} else {
int off = 5;
StringBuffer challenge = new StringBuffer(20);
while (buf[off] != 0) {
challenge.append((char) (buf[off++] & 255));
retVal = challenge.toString();
return retVal;
private static String assemblePacket(RconPacket[] respPacket) {
String resp = "";
// TODO: inspect the headers to decide the correct order
for (int i = 0; i < respPacket.length; i++) {
if (respPacket[i] != null) {
resp = resp.concat(respPacket[i].data);
return resp;
class RconPacket {
* ASCII representation of the full packet received (header included)
public String ascii = "";
* The data included in the packet, header removed
public String data = "";
* The full packet received (header included) in bytes
public byte[] bytes = new byte[1400];
* Length of the packet
public int length = 0;
* Represents a rcon response packet from the game server. A response may be split
* into multiple packets, so an array of RconPackets should be used.
* @param packet One DatagramPacket returned by the server
public RconPacket(DatagramPacket packet) {
this.ascii = new String(packet.getData(), 0, packet.getLength());
this.bytes = ascii.getBytes();
this.length = packet.getLength();
// Now we remove the headers from the packet to have just the text
if (bytes[0] == -2) {
// this response comes divided into two packets
if (bytes[13] == 108) {
this.data = new String(packet.getData(), 14, packet.getLength() - 16);
} else {
this.data = new String(packet.getData(), 11, packet.getLength() - 13);
} else {
// Single packet
this.data = new String(packet.getData(), 5, packet.getLength() - 7);
MyRcon2.java receive command is
127.0.0.1/****/54321/****/password****/command"
if there are more than 1 commands receive at the same time,
SourceRcon.java line 96 will get error
"Couldn't get I/O for the connection: null"
if i change line 96 to
System.err.println("Couldn't get I/O for the connection: "+ e.getMessage());
it display
Couldn't get I/O for the connection: Invalid argument: JVM_Bind

InetAddress addr = InetAddress.getLocalHost();
byte[] ipAddr = addr.getAddress();
InetAddress inetLocal = InetAddress.getByAddress(ipAddr);
rconSocket.bind(new InetSocketAddress(inetLocal, localPort));Remove those four lines, or at least save yourself some trouble and set inetLocal to null and localPort to zero.
Why do you want to specify a local bind-address and port? It's not usually done.

OIM - iPlanet User Recon

I am using OIM 9.1 connectors. I was trying to reconcile users from iPlanet.
The following are the details from Task Scheduler ( iPlanet User Recon Task)
IsIPlanetTarget     true
TrustedSource     false
Role     Contractor
Organization     Xellerate Users
ITResourceName     iPlanet User
ResourceObjectName     Xellerate Users
XLDeleteUsersAllowed     true
UserContainer     ou=People,dc=test,dc=com
NumberOfBatches     All Available
BatchSize     0
StartRecord     1
Xellerate Type     End-User Administrator
And when I check my Reconiliation Manager I see the status as "Event received" for Xellerate User and "No Match Found" for iPlanet User.
And in one of the form USR_IPNT_RL
I have given a default value for USR_IPNT_RL_Role_Name : Contractor
And also i have checked the mapping in Resource Object , Process Definition for Xellerate Users
Thanks in advance.

First of all I see some initial problems here:
1) looks like you are trying to run a trusted recon but the value in your scheduled task attribute Trusted Source is set to false.
2) Role must be set to "Consultant" In ootb create user form there is no role as "Contractor"
3) I think IsIplanetTarget must be set to False. (i think thats for app recon)
Have you also defined owner matching rules i nthe design console. also you need to set the recon action rule as No match found-> create User.
One entity Match found->establish link
Message was edited by:
user621551
Message was edited by:
user621551

Why there is a error in this query ?

why there is a error in this query ?
declare
v_exist pls_integer;
v_search varchar2(255) := '175';
v_sql varchar2(255);
begin
for s in
(select table_name, column_name
from user_tab_columns
where data_type like '%CHAR%'
order by table_name, column_name)
loop
v_sql := 'select count(*) from '||s.table_name||
' where instr('||s.column_name||',' || CHR(39)|| v_search|| CHR(39) ||') > 0';
execute immediate v_sql into v_exist;
if v_exist > 0 then
dbms_output.put_line(s.table_name||'.'||s.column_name||' matches the string.');
end if;
end loop;
end;
Error:
The following error has occurred:
ORA-00933: SQL command not properly ended
ORA-06512: at line 14
Edited by: user575089 on Dec 23, 2009 4:14 AM
Edited by: user575089 on Dec 23, 2009 4:14 AM

See, Right now i am in schema and see below :
set serveroutput on;
declare
v_exist pls_integer;
v_search varchar2(255) := 'SCOTT';
v_sql varchar2(255);
begin
for s in
(select '"'||table_name||'"' table_name,'"'||column_name||'"' column_name
from user_tab_columns
where data_type like '%CHAR%'
and table_name not like '%$%'
order by table_name, column_name)
loop
v_sql := 'select count(*) from '||s.table_name||' where instr('||s.column_name||',' || CHR(39)|| v_search|| CHR(39)||') > 0';
--dbms_output.put_line(v_sql);
--execute immediate v_sql;
execute immediate v_sql into v_exist;
if v_exist > 0 then
dbms_output.put_line(s.table_name||'.'||s.column_name||' matches the string.');
end if;
end loop;
end;
"EMP"."ENAME" matches the string.
"EXCEPTIONS"."OWNER" matches the string.
"FLOW_TABLE"."OBJECT_OWNER" matches the string.
"MYEMP"."ENAME" matches the string.
PL/SQL procedure successfully completed.
I am getting output; that i search "SCOTT" word in my search string.

Using regular expressions in content dictionaries

I need to create a content dictionary containing regular expressions. I also need to use the "\" to escape some characters that would otherwise be regex meta-characters. When using a regex in a message filter, the "\" must be doubled because of parsing issues. This is clearly documented in the manual. What isn't documented is whether this must be done when the regex is within a content dictionary.
Here's an example:
if (mail-from == "@bad-domain\\.com$") { drop(); }
I want to change this filter to:
if (mail-from-dictionary-match("bad-domains")) { drop(); }
So what do I put in the content dictionary, "@bad-domain\.com$" or "@bad-domain\\.com$"?
Thanks,

You should use this:
"@bad-domain\.com$"
The above tells the system to deference the "." (any character) to mean a literal period.
If you used this,
@bad-domain\\.com$
What the system would match is "@bad-domain\.com", because the first backslash would dereference the second backslash, to be taken literally. So, the double backslashes is the wrong format.
The only reason you see it in the final results when you've committed changes is that the system adds the backslash for you so that there's no error when it gets compiled.
Also, you could have left the single backslash out completely too and it would probably work.
"@bad-domain.com$"
If you sed that as your pattern in the dictionary, it would match against these:
@bad-domain.com
@bad-domainncom
@bad-domain1com
@bad-domain&com
basically, the "." means any character. But to be precise, you should only add one backslash in front of special characters. Here is a list of special characters:
| ( ) [ { ^ $ * + ? .
For a detailed explanation about special characters and how to use them, please see the Advanced User Guide.
[https://supportportal.ironport.com/irppcnctr/srvcd?u=http://secure-support.soma.ironport.com/subproducts/x-c_series&sid=900001]

Creating new PCR Scenario in ABAP Workbench

Hi everyone,
I'm trying a lot to create a new scenario for the PCR functionality of Manager Self Service but I'm having some problems.
I enter in the transaction QISRSCENARIO and create a new adobe form from scratch. I created some characteristic and made a bind with some texts fields that I have created in the Adobe forms. But, here is the problem, only the PERNR characteristic it's displayed. Others like ENAME, ORGEH isn't working. Is that any other thing that I need to do to be able do display this characteristic??
Thanks,
Daniel Kiel

Hi Daniel,
Yes that's right. ISRs provide a generic framework for form processing, but you still have to add any form-specific processing such as:
Data reads
Validations
Additional functions/buttons
You may be able to reuse (by adding your scenario to the BADI filter) or copy the code from the standard scenario of course. Just check out the matching BADI implementation for the standard scenario.
Regards,
Jocelyn
P.S. Please assign points if it helped...

Shorewall/Iptables REDIRECT error

Hello to all,
I have a Shorewall Machine installed with 2 nics...
But i cant use REDIRECT on /etc/shorewall/rules nor i can use mac address ( ex. loc:~00-A0-C9-15-39-78 ) .. it gaves me an error .....
$uname -a
Linux Pride 3.2.8-1-ARCH #1 SMP PREEMPT Mon Feb 27 22:13:59 UTC 2012 i686 Intel(R) Celeron(R) CPU 2.66GHz GenuineIntel GNU/Linux
$shorewall version -a
shorewall-core: 4.5.1.1
shorewall: 4.5.1.1
$Shorewall debug restart
Processing /etc/shorewall/init ...
Processing /etc/shorewall/tcclear ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Proxy ARP...
Setting up Traffic Control...
Preparing iptables-restore input...
Running debug_restore_input...
iptables: No chain/target/match by that name.
ERROR: Command "/usr/sbin/iptables -A loc_dnat -p 6 --dport 80 -j REDIRECT --to-port 3128" Failed
Processing /etc/shorewall/stop ...
Processing /etc/shorewall/tcclear ...
Running /usr/sbin/iptables-restore...
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped ...
/usr/share/shorewall/lib.common: line 112: 11336 Terminated $SHOREWALL_SHELL $script $options $@
$shorewall show capabilities
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Extended Connection Tracking Match Support: Available
Packet Type Match: Not available
Policy Match: Not available
Physdev Match: Not available
Physdev-is-bridged Support: Not available
Packet length Match: Available
IP range Match: Not available
Recent Match: Not available
Owner Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Available
Rawpost Table: Not available
IPP2P Match: Not available
CLASSIFY Target: Not available
Extended REJECT: Available
Repeat match: Not available
MARK Target: Available
Extended MARK Target: Available
Extended MARK Target 2: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Not available
Hashlimit Match: Not available
NFQUEUE Target: Not available
Realm Match: Not available
Helper Match: Not available
Connlimit Match: Not available
Time Match: Not available
Goto Support: Available
LOGMARK Target: Not available
IPMARK Target: Not available
LOG Target: Available
ULOG Target: Available
NFLOG Target: Not available
Persistent SNAT: Available
TPROXY Target: Not available
FLOW Classifier: Available
fwmark route mask: Available
Mark in any table: Available
Header Match: Not available
ACCOUNT Target: Not available
AUDIT Target: Not available
ipset V5: Not available
Condition Match: Not available
Statistic Match: Not available
IMQ Target: Not available
DSCP Match: Not available
DSCP Target: Not available
iptables -S: Available
Basic Filter: Available
CT Target: Not available
Ty for ur time even readin this, waitin for ur help I m sure i mmissing smth on kernel...
John
Last edited by CoMfUcIoS (2012-03-28 14:58:41)

http://forums.sun.com/thread.jspa?threadID=5392079&messageID=10739096#10739096

Do you recognize the effects that's been used, when you see movies, music videos etc immediately?

From AE and its presets for instance?

Spider scene: look at all the bad matting and mismatched black levels.
Balrog scene: bad compositing (esp. transparency where it shouldn't be), mismatched black and white levels.
I think those were the worst moments, but the whole movie had very visible compositing mistakes, plus more than a few 3D CGI mistakes (bad motion match, bad camera match, bad lighting match, bad level of detail matches, etc.).
When you work on this stuff every day, the mistakes just jump out (kind of like having perfect pitch and listening to a poorly tuned orchestra).

Shorewall & iptables/netfilter capabilities

I have VPS (OpenVZ & Arch Linuz 2010.05) and I try to use shorewall. Problem is that I need 'Recent Match', but that is not available. I don't know why.
$ shorewall show capabilities
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Not available
Packet Type Match: Not available
Policy Match: Not available
Physdev Match: Not available
Physdev-is-bridged Support: Not available
Packet length Match: Available
IP range Match: Not available
Recent Match: Not available
Owner Match: Available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Not available
I tried to reinstall the kernel, but that did not work.
$ pacman -S kernel
warning: linux-3.2.2-1 is up to date -- reinstalling
resolving dependencies...
looking for inter-conflicts...
Targets (1): linux-3.2.2-1
Total Installed Size: 57.90 MiB
Net Upgrade Size: 0.00 MiB
Proceed with installation? [Y/n] y
(1/1) checking package integrity [#############################################################] 100%
(1/1) loading package files [#############################################################] 100%
(1/1) checking for file conflicts [#############################################################] 100%
(1/1) checking available disk space [#############################################################] 100%
(1/1) upgrading linux [#############################################################] 100%
>>> Updating module dependencies. Please wait ...
>>> Generating initial ramdisk, using mkinitcpio. Please wait...
==> ERROR: /proc must be mounted!
error: command failed to execute correctly
$ mount
/dev/simfs on / type simfs (rw,relatime,usrquota,grpquota)
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
/run on /run type tmpfs (rw,nosuid,nodev,relatime)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,relatime)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime)
Any ideas how to fix this?

netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.
iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists out of a number of classifiers (iptables matches) and one connected action (iptables target).
netfilter, iptables and the connection tracking as well as the NAT subsystem together build the whole framework.

5.1 Error

Can BT have a look at the 5,1 sound on BT SPORT 1 HD right now for the FA Cup replay.
Its messed up and half the channels are not working!
(Im only getting LFE & Center)

gomezz wrote:
It was fixed about five minutes before kick off (19:40). Sound engineer must have been on an extended comfort break before settling down for the match - bad prawn curry?
Ooooooh.
I though could hear something weird.....
No, sorry, that was infact Michael Owen!

Ip_tables: owner match: bad hook_mask 0xa/0x18

Similar Messages

Maybe you are looking for