Date: Thu, 10 Jan 2013 11:40:01 GMT From: =?iso-8859-2?Q?Radek_Krej=E8a?= <radek.krejca@starnet.cz> To: freebsd-ipfw@FreeBSD.org Subject: RE: kern/174749: Unexpected change of default route Message-ID: <201301101140.r0ABe1J0004000@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/174749; it has been noted by GNATS. From: =?iso-8859-2?Q?Radek_Krej=E8a?= <radek.krejca@starnet.cz> To: 'Krzysztof Barcikowski' <krzysiek@airnet.opole.pl>, "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org> Cc: Subject: RE: kern/174749: Unexpected change of default route Date: Thu, 10 Jan 2013 12:29:15 +0100 Hi, thank you for response, because problem is very bad for us, because our= customers leave us. I have script which checks default route and switch it= back and send e-mail to me so situation is better. To problem - in your text: > From: Krzysztof Barcikowski [mailto:krzysiek@airnet.opole.pl] > Sent: Thursday, January 10, 2013 11:26 AM > To: bug-followup@FreeBSD.org; Radek Krej=E8a > Subject: Re: kern/174749: Unexpected change of default route >=20 > Hello, > Kindly please take a look at the following threads, similar problem appea= rs: > http://lists.freebsd.org/pipermail/freebsd-net/2012-March/031879.html > http://lists.freebsd.org/pipermail/freebsd-net/2012-September/033209.html > http://lists.freebsd.org/pipermail/freebsd-net/2012-September/033394.html >=20 > I've also received email from other user reporting this problem: >=20 > "Hello fellow. > I found a thread in FreeBSD-net mailing list, where you was told > about unexpectedly changed (on some kind of junk address) static routes > http://lists.freebsd.org/pipermail/freebsd-net/2012-March/031879.html. > I have a similar problem, but with default gateway. > I think I found one more likeness in our systems, I am using renamed > vlan interface. It was made in rc.conf > by ifconfig_vlan3400_name=3D"comstar_w". > Do you have something like that in your rc.conf? > Or maybe you already found solution for these trouble? I have some points to above: - route monitor is useless - it only tells, that default route is changed a= nd pid of process - but process doesnt exists at watching time.... - i have clean system, only with PF nat (it could be interesting) - situation is the same on 8.2 and 9.0 (9.1 not tested) - change is in reaction on traffic - in time of change, threre is a lot of = garbage on network I find out that ip of bad default route is used for traffic long time ago b= efore change - udp traffic, I think, that it is torrent (or something simil= ar) traffic. There could be 10 changes per minute (like yesterday).=20 I wrote script, which store all traffic (collected over tcpdump) in 10 seco= nd files and in case of change stops collecting and deleting old logs - but= I havent time to analyze it yet (i have about 200 vlans and 500 Mbit traff= ic on this router). My konwledge of internet protocols is on bad level also= .... Here are a little of commands on machine (mpd is new and wasnt installed du= ring monitoring, snmpd too): root@nat-62 /root# cat /etc/rc.conf nat_number=3D"62" ipv6_defaultrouter=3D"2a02:768:0:4000::4000" ifconfig_em0_ipv6=3D"inet6 2a02:768:0:4000::${nat_number}" keymap=3D"us.iso" # enable routing gateway_enable=3D"YES" # enable ssh sshd_enable=3D"YES" # enable packet filter pf_enable=3D"YES" # Enable PF (load module if requi= red) pf_rules=3D"/etc/pf.conf" # rules definition file for pf pf_flags=3D"" # additional flags for pfctl star= tup pflog_enable=3D"NO" # start pflogd(8) pflog_logfile=3D"/var/log/pflog" # where pflogd should store the l= ogfile pflog_flags=3D"" # additional flags for pflogd sta= rtup pfsync_enable=3D"NO" # Expose pf state to other hosts = for syncing # enable snmp snmpd_enable=3D"YES" snmpd_flags=3D"-a" snmpd_pidfile=3D"/var/run/snmpd.pid" fprobe_enable=3D"YES" fprobe_server=3D"some_server" ifconfig_em1=3D"up" ipv6_activate_all_interfaces=3D"YES" # Set to YES to set up for IPv6. ipv6_gateway_enable=3D"YES" # Set to YES if this host will be= a gateway. radvd_enable=3D"YES" ntpdate_enable=3D"YES" # Run ntpdate to sync time on boo= t (or NO). ntpd_enable=3D"YES" mpd_enable=3D"YES" init_nat_enable=3D"YES" root@nat-62 /root# ifconfig -l em0 em1 lo0 vlan1208 vlan1210 vlan1212 vlan1214 vlan1216 vlan1218 vlan1220 = vlan1222 vlan1224 vlan1226 vlan1228 vlan1230 vlan1232 vlan1234 vlan1236 vla= n1238 vlan1240 vlan1248 vlan1246 vlan1244 vlan1242 vlan1207 vlan100 vlan106= vlan107 vlan1001 vlan1003 vlan1005 vlan1007 vlan1009 vlan1011 vlan1013 vla= n1015 vlan1017 vlan1019 vlan1021 vlan453 vlan1206 vlan1023 vlan1025 vlan102= 7 vlan1029 vlan1031 vlan1033 vlan1035 vlan1037 vlan332 vlan345 vlan341 vlan= 327 vlan333 vlan335 vlan336 vlan334 vlan337 vlan338 vlan339 vlan340 vlan342= vlan343 vlan449 vlan329 vlan448 vlan401 vlan402 vlan403 vlan1051 vlan801 v= lan297 vlan299 Important point - I have this machine diskless, readonly, dhclient isnt run= ning: root@nat-62 /root# ps -uax USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMM= AND root 11 371.5 0.0 0 64 ?? RL 19Dec12 111079:00.52 [idl= e] root 0 11.1 0.0 0 192 ?? DLs 19Dec12 4491:00.35 [ker= nel] root 12 10.4 0.0 0 288 ?? WL 19Dec12 3404:19.05 [int= r] root 1159 1.3 0.1 22332 3428 ?? Ss 19Dec12 615:51.38 /usr= /sbin/ntpd -c /etc/ntp.conf -p /var/run/ntpd.pid -f /var/db/ntpd.drift root 70422 0.4 0.0 14636 1604 1- S 9:07PM 5:59.16 sh .= /reset_gw root 1 0.0 0.0 6280 424 ?? ILs 19Dec12 0:01.22 /sbi= n/init -- root 2 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [sct= p_iterator] root 3 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [xpt= _thrd] root 4 0.0 0.0 0 16 ?? DL 19Dec12 0:01.22 [pag= edaemon] root 5 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [vmd= aemon] root 6 0.0 0.0 0 16 ?? DL 19Dec12 0:00.02 [pag= ezero] root 7 0.0 0.0 0 16 ?? DL 19Dec12 0:30.66 [buf= daemon] root 8 0.0 0.0 0 16 ?? DL 19Dec12 0:09.11 [vnl= ru] root 9 0.0 0.0 0 16 ?? DL 19Dec12 3:37.36 [syn= cer] root 10 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [aud= it] root 13 0.0 0.0 0 48 ?? DL 19Dec12 0:02.22 [geo= m] root 14 0.0 0.0 0 16 ?? DL 19Dec12 58:39.99 [yar= row] root 15 0.0 0.0 0 128 ?? DL 19Dec12 1:19.63 [usb= ] root 16 0.0 0.0 0 16 ?? DL 19Dec12 0:20.35 [acp= i_thermal] root 17 0.0 0.0 0 16 ?? DL 19Dec12 0:04.53 [acp= i_cooling1] root 18 0.0 0.0 0 16 ?? DL 19Dec12 0:11.27 [sof= tdepflush] root 33 0.0 0.0 0 16 ?? DL 19Dec12 0:01.36 [md0= ] root 107 0.0 0.0 0 16 ?? DL 19Dec12 0:00.15 [md1= ] root 112 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [md2= ] root 117 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [md3= ] root 122 0.0 0.0 0 16 ?? DL 19Dec12 0:00.32 [md4= ] root 127 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [md5= ] root 139 0.0 0.0 0 16 ?? DL 19Dec12 0:01.77 [md6= ] root 712 0.0 0.1 10372 3280 ?? Is 19Dec12 0:00.02 /sbi= n/devd root 731 0.0 0.0 0 16 ?? DL 19Dec12 5:55.99 [pfp= urge] root 927 0.0 0.0 12184 1448 ?? Ss 19Dec12 0:15.95 /usr= /sbin/syslogd -s root 1052 0.0 0.0 0 64 ?? DL 19Dec12 0:00.00 [ng_= queue] root 1062 0.0 0.1 33532 6128 ?? S 19Dec12 29:38.98 /usr= /local/sbin/snmpd -p /var/run/snmpd.pid -a root 1075 0.0 0.4 35504 16400 ?? Ss 19Dec12 178:17.51 /usr= /local/sbin/fprobe -iem1 -fvlan&&ip -B4096 -r2 -q10000 -t10000:10000000 -K1= 8 something root 1197 0.0 0.1 46876 3808 ?? Is 19Dec12 0:02.02 /usr= /sbin/sshd root 1204 0.0 0.1 20384 3432 ?? Ss 19Dec12 0:20.92 send= mail: accepting connections (sendmail) smmsp 1208 0.0 0.1 20384 3224 ?? Is 19Dec12 0:00.22 send= mail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) root 1214 0.0 0.0 14260 1440 ?? Is 19Dec12 0:04.18 /usr= /sbin/cron -s root 57633 0.0 0.1 68016 4728 ?? Is 12:21PM 0:00.02 sshd= : darius [priv] (sshd) darius 58105 0.0 0.1 68016 4740 ?? S 12:21PM 0:00.01 sshd= : darius@pts/0 (sshd) root 86691 0.0 0.0 14636 1604 ?? S 12:24PM 0:00.00 sh .= /reset_gw root 86692 0.0 0.0 10052 1136 ?? S 12:24PM 0:00.00 /sbi= n/route get default root 86693 0.0 0.0 16424 1272 ?? S 12:24PM 0:00.00 grep= gateway root 86694 0.0 0.0 10056 920 ?? S 12:24PM 0:00.00 cut = -d: -f2 root 86695 0.0 0.0 10056 968 ?? S 12:24PM 0:00.00 tr -= d root 1281 0.0 0.0 41300 1904 v0 Is 19Dec12 0:00.01 logi= n [pam] (login) jvelisek 8423 0.0 0.1 17668 2468 v0 I 19Dec12 0:00.01 -csh= (csh) root 8426 0.0 0.1 44572 2652 v0 I 19Dec12 0:00.01 sudo= su -l root 8427 0.0 0.0 41296 1796 v0 I 19Dec12 0:00.00 su -= l root 8428 0.0 0.1 17668 2464 v0 I+ 19Dec12 0:00.01 -su = (csh) root 1282 0.0 0.0 12184 1100 v1 Is+ 19Dec12 0:00.00 /usr= /libexec/getty Pc ttyv1 root 1283 0.0 0.0 12184 1100 v2 Is+ 19Dec12 0:00.00 /usr= /libexec/getty Pc ttyv2 root 1284 0.0 0.0 12184 1100 v3 Is+ 19Dec12 0:00.00 /usr= /libexec/getty Pc ttyv3 root 1285 0.0 0.0 12184 1100 v4 Is+ 19Dec12 0:00.00 /usr= /libexec/getty Pc ttyv4 root 1286 0.0 0.0 12184 1100 v5 Is+ 19Dec12 0:00.00 /usr= /libexec/getty Pc ttyv5 root 1287 0.0 0.0 12184 1100 v6 Is+ 19Dec12 0:00.00 /usr= /libexec/getty Pc ttyv6 root 1288 0.0 0.0 12184 1100 v7 Is+ 19Dec12 0:00.00 /usr= /libexec/getty Pc ttyv7 darius 58106 0.0 0.1 17668 2540 0 Is 12:21PM 0:00.01 -csh= (csh) root 58889 0.0 0.0 41304 1888 0 I 12:21PM 0:00.00 su -= l root 59480 0.0 0.1 17668 2856 0 S 12:21PM 0:00.02 -su = (csh) root 86696 0.0 0.0 14328 1272 0 R+ 12:24PM 0:00.00 ps -= uax If you need any more informations please let me know.=20 Radek
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301101140.r0ABe1J0004000>