From owner-freebsd-net@FreeBSD.ORG Mon Oct 13 17:49:13 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2833E16A4B3 for ; Mon, 13 Oct 2003 17:49:13 -0700 (PDT) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADFF643FB1 for ; Mon, 13 Oct 2003 17:49:10 -0700 (PDT) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id B7E7091CDD for ; Mon, 13 Oct 2003 20:43:31 -0400 (EDT) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53579-01 for ; Mon, 13 Oct 2003 20:43:31 -0400 (EDT) Received: from alice (alice.ericx.net [204.128.227.62]) by vineyard.net (Postfix) with SMTP id 6B2DD91971 for ; Mon, 13 Oct 2003 20:43:31 -0400 (EDT) Message-ID: <02df01c391ec$ce67bbc0$3ee380cc@alice> From: "Eric W. Bates" To: Date: Mon, 13 Oct 2003 20:47:55 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by AMaViS at Vineyard.NET Subject: Where do ipfw kern:emerg logs come from? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 00:49:13 -0000 4.8-RELEASE-p10 ipfw2 I have a firewall which appears to be behaving well. I have quite a few 'log' instructions for the sake of debugging. However, I seem to be generating quite a few kern:emerg messages as well as security:info messages. Oct 13 14:11:26 brock /kernel: .132:80 out via de0 Oct 13 14:11:26 brock /kernel: 00 UNKNOWN TCP 208.172.16.132:80 192.168.1.91:1104 in via de0 Oct 13 14:11:26 brock /kernel: 00 UNKNOWN TCP 192.168.1.91:1104 208.172.16.132:80 out via de0 Oct 13 14:11:27 brock /kernel: in via de0 Oct 13 14:11:28 brock /kernel: pfw: 65000 Accept TCP 208.172.16.132:80 192.168.1.91:1104 in via de0 Oct 13 14:11:29 brock /kernel: 300 Divert 8668 TCP 208.172.16.132:80 207.218.155.34:1104 in via de0 The messages actually appear to be truncated versions of the security.info messages: Oct 13 14:11:26 brock /kernel: ipfw: 400 UNKNOWN TCP 192.168.1.91:1104 208.172.16.132:80 out via de0 Oct 13 14:11:26 brock /kernel: ipfw: 500 SkipTo 10000 TCP 192.168.1.91:1104 208.172.16.132:80 out via de0 Oct 13 14:11:26 brock /kernel: ipfw: 10000 Divert 8668 TCP 192.168.1.91:1104 208.172.16.132:80 out via de0 I found ipfw logging code sys/netinet/in ip_fw.c; but there doesn't seem to be anything using LOG_KERN or LOG_EMERG. Is this a bug? -- ericx