From owner-freebsd-current@FreeBSD.ORG Fri Dec 12 10:54:24 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EABE816A4CE for ; Fri, 12 Dec 2003 10:54:23 -0800 (PST) Received: from storming.org (MG035035.user.veloxzone.com.br [200.165.35.35]) by mx1.FreeBSD.org (Postfix) with SMTP id EE10F43D48 for ; Fri, 12 Dec 2003 10:54:11 -0800 (PST) (envelope-from fred@storming.org) Received: (qmail 22896 invoked by uid 1000); 12 Dec 2003 16:54:10 -0200 Date: Fri, 12 Dec 2003 16:54:10 -0200 From: Fred Souza To: current@freebsd.org Message-ID: <20031212185410.GB22739@torment.storming.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mojUlQ0s9EVzWg2t" Content-Disposition: inline X-Sender: fred@storming.org Subject: Bug in recent kernel's ipmon? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: fred@storming.org List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 18:54:24 -0000 --mojUlQ0s9EVzWg2t Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, I just upgraded my system this night, with fresh sources. And I just noticed a strange change in the way ipmon logs stuff. I installed and booted the new kernel at about 3:50am, and then proceeded to recompiling world. Note how this weird change happens exactly when I boot the new kernel. At about noon today, I rebooted the system once again, and the strange logging behaviour is still there. Here's the output: Dec 12 00:50:48 torment ipmon[253]: 00:50:48.129245 tun0 @1:19 b 68.122.5.6= 4,1642 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20 Dec 12 00:50:51 torment ipmon[253]: 00:50:51.036378 tun0 @1:19 b 68.122.5.6= 4,1642 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20 Dec 12 00:50:57 torment ipmon[253]: 00:50:56.759340 tun0 @1:19 b 68.122.5.6= 4,1642 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20 [snip] Dec 12 00:57:18 torment ipmon[253]: 00:57:17.953080 tun0 @1:19 b 68.122.5.6= 4,1753 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20 Dec 12 00:57:21 torment ipmon[253]: 00:57:20.892857 tun0 @1:19 b 68.122.5.6= 4,1753 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20 Dec 12 00:57:25 torment ipmon[253]: 00:57:24.179407 tun0 @1:19 b 68.122.5.6= 4,1670 -> a.b.c.d,12140 PR tcp len 20 40 -AR IN=20 Dec 12 00:57:27 torment ipmon[253]: 00:57:26.774064 tun0 @1:19 b 68.122.5.6= 4,1753 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20 Dec 12 00:57:39 torment ipmon[253]: 00:57:38.962248 tun0 @1:19 b 68.122.5.6= 4,1753 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20 [snip - the new kernel is booted up here. Take a look at the interface's (tun0) name] Dec 12 04:00:04 torment ipmon[268]: 04:00:04.084573 tun056069 @1:19 b 200.1= 65.143.85,1025 -> a.b.c.d,1499 PR tcp len 20 40 -AR IN=20 Dec 12 04:03:05 torment ipmon[268]: 04:03:05.138846 tun03228173440 @2:8 b 2= 20.97.211.160,3872 -> a.b.c.d,1434 PR udp len 20 404 IN=20 Dec 12 04:11:25 torment ipmon[268]: 04:11:25.125725 tun03228173440 @1:19 b = 200.165.143.85,1025 -> a.b.c.d,1987 PR tcp len 20 40 -AR IN=20 Dec 12 04:20:42 torment ipmon[268]: 04:20:42.321850 tun03228173440 @1:19 b = 200.165.143.85,1025 -> a.b.c.d,1159 PR tcp len 20 40 -AR IN=20 Dec 12 11:52:27 torment ipmon[268]: 11:52:26.272993 tun078315520 @1:19 b 20= 0.165.143.85,1025 -> a.b.c.d,1292 PR tcp len 20 40 -AR IN=20 Dec 12 11:55:15 torment ipmon[268]: 11:55:15.177658 tun034055 @1:19 b 200.1= 65.219.199,1025 -> a.b.c.d,1925 PR tcp len 20 40 -AR IN=20 Dec 12 12:08:03 torment ipmon[268]: 12:08:03.582678 tun018553 @1:19 b 200.2= 08.28.213,80 -> a.b.c.d,31048 PR tcp len 20 40 -AR IN=20 Dec 12 12:08:16 torment ipmon[268]: 12:08:16.514720 tun05895 @1:19 b 200.16= 5.143.85,1025 -> a.b.c.d,1815 PR tcp len 20 40 -AR IN=20 Dec 12 12:14:05 torment ipmon[268]: 12:14:04.350558 tun03228173440 @1:19 b = 64.48.134.14,0 -> a.b.c.d,8000 PR tcp len 20 40 -S IN=20 Dec 12 12:14:48 torment ipmon[268]: 12:14:48.121531 tun03228173440 @1:19 b = 200.165.219.199,1025 -> a.b.c.d,1438 PR tcp len 20 40 -AR IN=20 Dec 12 12:19:02 torment ipmon[268]: 12:19:02.406130 tun03228173440 @1:19 b = 64.48.134.14,0 -> a.b.c.d,8080 PR tcp len 20 40 -S IN=20 Dec 12 12:24:46 torment ipmon[268]: 12:24:45.470273 tun03228173440 @1:19 b = 200.165.219.199,1025 -> a.b.c.d,1910 PR tcp len 20 40 -AR IN=20 Dec 12 12:27:55 torment ipmon[268]: 12:27:54.571752 tun03228173440 @1:19 b = 200.165.219.199,1025 -> a.b.c.d,1140 PR tcp len 20 40 -AR IN=20 Dec 12 15:26:41 torment ipmon[255]: 15:26:40.945140 tun011137 @1:19 b 218.8= 9.171.57,8868 -> a.b.c.d,33067 PR tcp len 20 44 -AS IN=20 Dec 12 15:26:44 torment ipmon[255]: 15:26:44.212810 tun011137 @1:19 b 218.8= 9.171.57,8868 -> a.b.c.d,33067 PR tcp len 20 44 -AS IN=20 Dec 12 15:28:32 torment ipmon[255]: 15:28:31.753987 tun016646 @1:19 b 200.1= 65.143.85,1025 -> a.b.c.d,1601 PR tcp len 20 40 -AR IN=20 Also notice how sometimes the (apparently random) number after tun0 duplicates. And that it even "returned" once. I tried finding the error under src/contrib/ipfilter, but couldn't seem to find it. Maybe it's something in the kernel-side ipfilter code? Thanks in advance, Fred =20 --=20 "idiot box, n: The part of the envelope that tells a person where to place the stamp when they can't quite figure it out for themselves." -- "Sniglets", Rich Hall & Friends --mojUlQ0s9EVzWg2t Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/2g7SZNmEsrl+ROERAtveAKC33+dhkhTZx8/3QPD/aRZGQhAdFQCglXG0 Cjc/QgtInTCL558xHuTNjv4= =nzcV -----END PGP SIGNATURE----- --mojUlQ0s9EVzWg2t--