Date: Fri, 12 Dec 2003 16:54:10 -0200 From: Fred Souza <fred@storming.org> To: current@freebsd.org Subject: Bug in recent kernel's ipmon? Message-ID: <20031212185410.GB22739@torment.storming.org>
next in thread | raw e-mail | index | archive | help
--mojUlQ0s9EVzWg2t
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello,
I just upgraded my system this night, with fresh sources. And I just
noticed a strange change in the way ipmon logs stuff. I installed and
booted the new kernel at about 3:50am, and then proceeded to
recompiling world. Note how this weird change happens exactly when I
boot the new kernel. At about noon today, I rebooted the system once
again, and the strange logging behaviour is still there. Here's the
output:
Dec 12 00:50:48 torment ipmon[253]: 00:50:48.129245 tun0 @1:19 b 68.122.5.6=
4,1642 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20
Dec 12 00:50:51 torment ipmon[253]: 00:50:51.036378 tun0 @1:19 b 68.122.5.6=
4,1642 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20
Dec 12 00:50:57 torment ipmon[253]: 00:50:56.759340 tun0 @1:19 b 68.122.5.6=
4,1642 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20
[snip]
Dec 12 00:57:18 torment ipmon[253]: 00:57:17.953080 tun0 @1:19 b 68.122.5.6=
4,1753 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20
Dec 12 00:57:21 torment ipmon[253]: 00:57:20.892857 tun0 @1:19 b 68.122.5.6=
4,1753 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20
Dec 12 00:57:25 torment ipmon[253]: 00:57:24.179407 tun0 @1:19 b 68.122.5.6=
4,1670 -> a.b.c.d,12140 PR tcp len 20 40 -AR IN=20
Dec 12 00:57:27 torment ipmon[253]: 00:57:26.774064 tun0 @1:19 b 68.122.5.6=
4,1753 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20
Dec 12 00:57:39 torment ipmon[253]: 00:57:38.962248 tun0 @1:19 b 68.122.5.6=
4,1753 -> a.b.c.d,12140 PR tcp len 20 48 -S IN=20
[snip - the new kernel is booted up here. Take a look at the
interface's (tun0) name]
Dec 12 04:00:04 torment ipmon[268]: 04:00:04.084573 tun056069 @1:19 b 200.1=
65.143.85,1025 -> a.b.c.d,1499 PR tcp len 20 40 -AR IN=20
Dec 12 04:03:05 torment ipmon[268]: 04:03:05.138846 tun03228173440 @2:8 b 2=
20.97.211.160,3872 -> a.b.c.d,1434 PR udp len 20 404 IN=20
Dec 12 04:11:25 torment ipmon[268]: 04:11:25.125725 tun03228173440 @1:19 b =
200.165.143.85,1025 -> a.b.c.d,1987 PR tcp len 20 40 -AR IN=20
Dec 12 04:20:42 torment ipmon[268]: 04:20:42.321850 tun03228173440 @1:19 b =
200.165.143.85,1025 -> a.b.c.d,1159 PR tcp len 20 40 -AR IN=20
Dec 12 11:52:27 torment ipmon[268]: 11:52:26.272993 tun078315520 @1:19 b 20=
0.165.143.85,1025 -> a.b.c.d,1292 PR tcp len 20 40 -AR IN=20
Dec 12 11:55:15 torment ipmon[268]: 11:55:15.177658 tun034055 @1:19 b 200.1=
65.219.199,1025 -> a.b.c.d,1925 PR tcp len 20 40 -AR IN=20
Dec 12 12:08:03 torment ipmon[268]: 12:08:03.582678 tun018553 @1:19 b 200.2=
08.28.213,80 -> a.b.c.d,31048 PR tcp len 20 40 -AR IN=20
Dec 12 12:08:16 torment ipmon[268]: 12:08:16.514720 tun05895 @1:19 b 200.16=
5.143.85,1025 -> a.b.c.d,1815 PR tcp len 20 40 -AR IN=20
Dec 12 12:14:05 torment ipmon[268]: 12:14:04.350558 tun03228173440 @1:19 b =
64.48.134.14,0 -> a.b.c.d,8000 PR tcp len 20 40 -S IN=20
Dec 12 12:14:48 torment ipmon[268]: 12:14:48.121531 tun03228173440 @1:19 b =
200.165.219.199,1025 -> a.b.c.d,1438 PR tcp len 20 40 -AR IN=20
Dec 12 12:19:02 torment ipmon[268]: 12:19:02.406130 tun03228173440 @1:19 b =
64.48.134.14,0 -> a.b.c.d,8080 PR tcp len 20 40 -S IN=20
Dec 12 12:24:46 torment ipmon[268]: 12:24:45.470273 tun03228173440 @1:19 b =
200.165.219.199,1025 -> a.b.c.d,1910 PR tcp len 20 40 -AR IN=20
Dec 12 12:27:55 torment ipmon[268]: 12:27:54.571752 tun03228173440 @1:19 b =
200.165.219.199,1025 -> a.b.c.d,1140 PR tcp len 20 40 -AR IN=20
Dec 12 15:26:41 torment ipmon[255]: 15:26:40.945140 tun011137 @1:19 b 218.8=
9.171.57,8868 -> a.b.c.d,33067 PR tcp len 20 44 -AS IN=20
Dec 12 15:26:44 torment ipmon[255]: 15:26:44.212810 tun011137 @1:19 b 218.8=
9.171.57,8868 -> a.b.c.d,33067 PR tcp len 20 44 -AS IN=20
Dec 12 15:28:32 torment ipmon[255]: 15:28:31.753987 tun016646 @1:19 b 200.1=
65.143.85,1025 -> a.b.c.d,1601 PR tcp len 20 40 -AR IN=20
Also notice how sometimes the (apparently random) number after tun0
duplicates. And that it even "returned" once. I tried finding the
error under src/contrib/ipfilter, but couldn't seem to find it. Maybe
it's something in the kernel-side ipfilter code?
Thanks in advance,
Fred
=20
--=20
"idiot box, n:
The part of the envelope that tells a person where to place
the stamp when they can't quite figure it out for themselves."
-- "Sniglets", Rich Hall & Friends
--mojUlQ0s9EVzWg2t
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/2g7SZNmEsrl+ROERAtveAKC33+dhkhTZx8/3QPD/aRZGQhAdFQCglXG0
Cjc/QgtInTCL558xHuTNjv4=
=nzcV
-----END PGP SIGNATURE-----
--mojUlQ0s9EVzWg2t--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031212185410.GB22739>