The following appeared in my syslog:
Mar 9 20:12:29 xxxx kernel: IP acct i97 22.214.171.124:270 L=59 S=0x00 I=33050 F=0x0000 T=111
The IP address/port is faked.. I'm logging ALL udp packets
coming in on a certain machine for network troubleshooting,
and the firewall code is logging things ok, but every so many
UDP packets it logs an entry with totally fucked up data like
above. It seems the beginning of a buffer is getting moved or
something. Perhaps a buffer backfilling miscalculation? It
could be in the kernel or in syslog, I have no idea.
This machine is running 2.0.36 compiled with gcc 126.96.36.199, and has
Syslog: syslogd 1.3-3
Do the 2.0.3x kernels or syslog have any known screwups logging
UDP packets or otherwise? I couldn't find anything in the
kernel code that would cause the problem, and I have no idea
where to look otherwise..
The entries that get munged are one in a hundred or so, and are
consistently getting the front lopped off of the message. Sometimes
it is a few bytes, other times it is 20 bytes or so. Some other
corruption seems to take place too.
-- Mike A. Harris Linux advocate Computer Consultant GNU advocate Capslock Consulting Open Source advocate
Suspicious Anagram #4: Word: PRESIDENT CLINTON OF THE USA Anagram: TO COPULATE HE FINDS INTERNS
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to firstname.lastname@example.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:17 EST