On Thu, 9 Mar 2000, Mike A. Harris wrote:
> The following appeared in my syslog:
> Mar 9 20:12:29 xxxx kernel: IP acct i97 184.108.40.206:270 L=59 S=0x00 I=33050 F=0x0000 T=111
> The IP address/port is faked.. I'm logging ALL udp packets
> coming in on a certain machine for network troubleshooting,
> and the firewall code is logging things ok, but every so many
> UDP packets it logs an entry with totally fucked up data like
> above. It seems the beginning of a buffer is getting moved or
> something. Perhaps a buffer backfilling miscalculation? It
> could be in the kernel or in syslog, I have no idea.
> This machine is running 2.0.36 compiled with gcc 220.127.116.11, and has
> Syslog: syslogd 1.3-3
A guess. If you are having the kernel send messages, i.e., you are
going through printk(), and the messages are streaming, you are
running into the fact that printk() has a fixed-length buffer and
just truncates anything that can't fit.
This is more-or-less necessary because printk() was designed to
print "panic" and such even after memory allocation failed....
Penguin : Linux version 2.3.41 on an i686 machine (800.63 BogoMips).
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to email@example.com
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:17 EST