From owner-freebsd-stable@FreeBSD.ORG Wed Oct 13 10:25:58 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 56D0B106564A for ; Wed, 13 Oct 2010 10:25:58 +0000 (UTC) (envelope-from rizzo.unipi@gmail.com) Received: from mail-qy0-f182.google.com (mail-qy0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 0705B8FC18 for ; Wed, 13 Oct 2010 10:25:57 +0000 (UTC) Received: by qyk30 with SMTP id 30so573417qyk.13 for ; Wed, 13 Oct 2010 03:25:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=JJKmnP4sA9ThglkdtBMmETzeOyiO+iWE2abUMMmwFUc=; b=h9VyvpNMFvhqb5ZgBO7U37qX394/RBpaTyiQkPwD5SRnlOHVERD+9P4RBSV9iULCmp qtBvWT7ITDmtn+ZQ+jzWeDtZ0MTHeBmGmf4M7euD6Iachm3woCvoucxresiXMEbz+dd6 qsyoLjg+PDwPsYwXgB2DKpl2EjYJFt3KLzYbg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=djqvqfAOnbLjFEjJ/YY95aqNRGqz9SDCfDgxqaEeDZ5Y9qZ/FWwuEgjaQ/vgtXGmtC eFvGwojCbiGjTlsnCyCdH/mcxu1NJEF4YtMRmmetA8sXevIthbd60ljLyTwEgM4sBitH bNSRGrDcsYeWIGjDZpzJ8GSDGd7x2P1BEnISU= MIME-Version: 1.0 Received: by 10.229.28.140 with SMTP id m12mr7359361qcc.93.1286963719423; Wed, 13 Oct 2010 02:55:19 -0700 (PDT) Sender: rizzo.unipi@gmail.com Received: by 10.229.88.148 with HTTP; Wed, 13 Oct 2010 02:55:19 -0700 (PDT) In-Reply-To: <20101013092345.GA54174@icarus.home.lan> References: <20101013081758.GA52870@icarus.home.lan> <20101013092345.GA54174@icarus.home.lan> Date: Wed, 13 Oct 2010 11:55:19 +0200 X-Google-Sender-Auth: W7KwgkZ0yfLspvN5xX-s_CI6tSE Message-ID: From: Luigi Rizzo To: Jeremy Chadwick Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Marcin , freebsd-stable@freebsd.org Subject: Re: Problem with security log X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Oct 2010 10:25:58 -0000 On Wed, Oct 13, 2010 at 11:23 AM, Jeremy Chadwick wrote: > On Wed, Oct 13, 2010 at 11:03:36AM +0200, Marcin wrote: >> 2010/10/13 Jeremy Chadwick : >> > On Tue, Oct 12, 2010 at 10:50:28PM +0200, Marcin wrote: >> >> Hi folks, >> >> >> >> For some time in the file / var / log / security appear illegible ent= ries: >> >> kernel: ipfw: 200 Deny UDiPp f1w9:2 .168.10.5:5230503 D22e4n.y0 >> >> .U0D.P25 1:15923.5136 o8.u10t. 5va5 3r5e03 224.0.0.251:5353 in via re= 0 >> >> >> >> How to get rid of it? Please help... >> > >> > There isn't a 100% reliable way to get rid of this problem. =A0I've be= en >> > harping about this for years (sorry to sound like a jerk, but this >> > really is a major problem that keeps coming up and annoys users/admins >> > to no end. =A0There are solutions -- Linux solved it by implementing a >> > lockless circular ring buffer[1] used by kmsg). >> > >> > The """workaround""" -- which again, does not solve the problem, only >> > decreases the regularity of it happening (and when it does happen, can >> > sometimes decrease how much interspersed output there is) -- is to add >> > the following line to your kernel config and rebuild/reinstall your >> > kernel: >> > >> > options =A0 =A0 =A0 =A0 PRINTF_BUFR_SIZE=3D128 =A0 =A0# Prevent printf= output being interspersed. >> > >> > This option became part of the GENERIC kernel configuration file at th= e >> > following times: >> > >> > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/amd64/conf/GENERIC#rev1.= 529 >> > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/i386/conf/GENERIC#rev1.5= 17 >> > >> > Depending on what release/tag you follow, you may or may not find the >> > above commit/change in your GENERIC file. =A0I can't be bothered to tr= ack >> > down what time the CVS tagging was done, for multiple architectures, >> > etc... >> > >> > [1]: http://www.mjmwired.net/kernel/Documentation/trace/ring-buffer-de= sign.txt >> >> Hi Jeremy, >> I have compiled kernel with this option and unfortunately problem still = exist... >> Do you have another idea how can i improve my log file? :) > > I was incorrect in my understanding/prognosis, so as Andriy pointed out, > the option won't solve your problem. > > It sounds like the only way to solve this issue is to improve/fix the > msgbuf code. =A0Alternatively, you could consider moving from ipfw to > pf(4) and use pflog(4) / pflogd(8). or you can use the log option of ipfw and run tcpdump on the "ipfw0" pseudo interface which will give you all the traffic that matches a 'log' rule (there is a sysctl variable that controls whether log goes to syslog or to the ipfw pseudo interface) cheers luigi > -- > | Jeremy Chadwick =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 jdc@parodius.com | > | Parodius Networking =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 http://= www.parodius.com/ | > | UNIX Systems Administrator =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Mountain = View, CA, USA | > | Making life hard for others since 1977. =A0 =A0 =A0 =A0 =A0 =A0 =A0PGP:= 4BD6C0CB | > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >