From owner-freebsd-stable Sun Jan 21 14:33:46 2001 Delivered-To: freebsd-stable@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 17E7137B401 for ; Sun, 21 Jan 2001 14:33:27 -0800 (PST) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sun, 21 Jan 2001 14:31:35 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.0) id f0LMXOR31232; Sun, 21 Jan 2001 14:33:24 -0800 (PST) (envelope-from cjc) Date: Sun, 21 Jan 2001 14:33:24 -0800 From: "Crist J. Clark" To: David Goddard Cc: stable@FreeBSD.ORG Subject: Re: dmesg/security check output wierdness Message-ID: <20010121143324.U10761@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <3A6B09E2.EA269488@acm.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <3A6B09E2.EA269488@acm.org>; from goddard@acm.org on Sun, Jan 21, 2001 at 04:10:10PM +0000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Jan 21, 2001 at 04:10:10PM +0000, David Goddard wrote: > I've recently noticed some odd entries in my security check output mail > from a couple of 4.2-STABLE machines, so I did some digging. The > following is one example: > > [Date: Sun, 21 Jan 2001 03:18:15 +0000] > cassium.mydomain.com kernel log messages: > > 06 cleared. [snip] > Any ideas? The dmesg(8) is stored in a finite buffer. Once full, as more stuff gets shoved in, other stuff falls out (really it gets overwritten, it's a circular buffer, but same thing). The stuff that falls out, does not do so all that gracefully. That is, it does not get dropped whole lines at a time. For example, $ dmesg | head -5 0.1.35:427 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:137 AAA.BBB.153.255:137 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:137 AAA.BBB.153.255:137 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:137 AAA.BBB.153.255:137 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:427 224.0.1.35:427 in via de0 Notice the first line. Now, I do something to make a little noise in the dmesg buffer and check again, $ dmesg | head -5 .255:137 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:137 AAA.BBB.153.255:137 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:137 AAA.BBB.153.255:137 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:427 224.0.1.35:427 in via de0 ipfw: 11500 Deny ICMP:10.0 AAA.BBB.153.173 224.0.0.2 in via de0 Now, as for the '10>' or similar constructions you sometimes see popping up on the first line. Have a look at, $ sysctl machdep.msgbuf dmesg(8) strips the leading off of the lines when printing it for you. But if one of these is cut in the middle... You get the picture. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message