Kernel bug question...

From: Mike A. Harris (mharris@meteng.on.ca)
Date: Thu Mar 09 2000 - 20:28:29 EST


The following appeared in my syslog:

Mar 9 20:12:29 xxxx kernel: IP acct i97 217.229.113.149:270 L=59 S=0x00 I=33050 F=0x0000 T=111

The IP address/port is faked.. I'm logging ALL udp packets
coming in on a certain machine for network troubleshooting,
and the firewall code is logging things ok, but every so many
UDP packets it logs an entry with totally fucked up data like
above. It seems the beginning of a buffer is getting moved or
something. Perhaps a buffer backfilling miscalculation? It
could be in the kernel or in syslog, I have no idea.

This machine is running 2.0.36 compiled with gcc 2.7.2.3, and has
Syslog: syslogd 1.3-3

Do the 2.0.3x kernels or syslog have any known screwups logging
UDP packets or otherwise? I couldn't find anything in the
kernel code that would cause the problem, and I have no idea
where to look otherwise..

The entries that get munged are one in a hundred or so, and are
consistently getting the front lopped off of the message. Sometimes
it is a few bytes, other times it is 20 bytes or so. Some other
corruption seems to take place too.

Any ideas?

-- 
Mike A. Harris                                     Linux advocate     
Computer Consultant                                  GNU advocate  
Capslock Consulting                          Open Source advocate

Suspicious Anagram #4: Word: PRESIDENT CLINTON OF THE USA Anagram: TO COPULATE HE FINDS INTERNS

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:17 EST