I noticed on my ftp/irc server after I upgraded to 2.4.0-test4-pre6 lots of
untracked packets so I did a tcpdump and here is what I found:
root@ftp:~# tcpdump -i eth0 -nlqt ip host 213.154.148.128
tcpdump: listening on eth0
194.102.255.6.6667 > 213.154.148.128.63968: tcp 368 (DF)
213.154.148.128 > 194.102.255.6: icmp: 213.154.148.128 unreachable - need to frag (DF)
194.102.255.6.6667 > 213.154.148.128.63962: tcp 358 (DF)
213.154.148.128 > 194.102.255.6: icmp: 213.154.148.128 unreachable - need to frag (DF)
194.102.255.6.6667 > 213.154.148.128.63968: tcp 368 (DF)
213.154.148.128.63962 > 194.102.255.6.6667: tcp 31 (DF)
194.102.255.6.6667 > 213.154.148.128.63962: tcp 0 (DF)
213.154.148.128 > 194.102.255.6: icmp: 213.154.148.128 unreachable - need to frag (DF)
8 packets received by filter
0 packets dropped by kernel
root@ftp:~# dmesg
188k init, 0k highmem)
Dentry-cache hash table entries: 8192 (order: 4, 65536 bytes)
Buffer-cache hash table entries: 4096 (order: 2, 16384 bytes)
Page-cache hash table entries: 16384 (order: 4, 65536 bytes)
Inode-cache hash table entries: 4096 (order: 3, 32768 bytes)
CPU: Intel Pentium 75 - 200 stepping 0c
Checking 386/387 coupling... OK, FPU using exception 16 error reporting.
Checking 'hlt' instruction... OK.
Intel Pentium with F0 0F bug - workaround enabled.
POSIX conformance testing by UNIFIX
PCI: PCI BIOS revision 2.10 entry at 0xfb210, last bus=0
PCI: Using configuration type 1
PCI: Probing PCI hardware
Limiting direct PCI/PCI transfers.
Activating ISA DMA hang workarounds.
isapnp: Scanning for Pnp cards...
isapnp: No Plug & Play device found
Linux NET4.0 for Linux 2.3
Based upon Swansea University Computer Society NET3.039
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 4096 bind 4096)
Initializing RT netlink socket
Starting kswapd v1.6
pty: 256 Unix98 ptys configured
RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
Uniform Multi-Platform E-IDE driver Revision: 6.31
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
PIIX3: IDE controller on PCI bus 00 dev 39
PIIX3: chipset revision 0
PIIX3: not 100% native mode: will probe irqs later
ide0: BM-DMA at 0x9000-0x9007, BIOS settings: hda:pio, hdb:pio
keyboard: Timeout - AT keyboard not present?
keyboard: Timeout - AT keyboard not present?
hda: QUANTUM FIREBALL EX6.4A, ATA DISK drive
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
hda: 12594960 sectors (6449 MB) w/418KiB Cache, CHS=784/255/63, (U)DMA
Partition check:
hda: hda1 hda2
floppy0: no floppy controllers found
(scsi0) <Adaptec AHA-294X Ultra SCSI host adapter> found at PCI 0/19/0
(scsi0) Narrow Channel, SCSI ID=7, 16/255 SCBs
(scsi0) Cables present (Int-50 YES, Ext-50 NO)
(scsi0) Downloading sequencer code... 422 instructions downloaded
scsi0 : Adaptec AHA274x/284x/294x (EISA/VLB/PCI-Fast SCSI) 5.2.1/5.2.0
<Adaptec AHA-294X Ultra SCSI host adapter>
scsi : 1 host.
(scsi0:0:1:0) Synchronous at 10.0 Mbyte/sec, offset 15.
Vendor: QUANTUM Model: FIREBALL_TM2110S Rev: 300X
Type: Direct-Access ANSI SCSI revision: 02
Detected scsi disk sda at scsi0, channel 0, id 1, lun 0
(scsi0:0:6:0) Synchronous at 10.0 Mbyte/sec, offset 15.
Vendor: QUANTUM Model: FIREBALL_TM2110S Rev: 300X
Type: Direct-Access ANSI SCSI revision: 02
Detected scsi disk sdb at scsi0, channel 0, id 6, lun 0
scsi : detected 2 SCSI disks total.
SCSI device sda: hdwr sector= 512 bytes. Sectors= 4124736 [2014 MB] [2.0 GB]
sda: sda1 sda2
SCSI device sdb: hdwr sector= 512 bytes. Sectors= 4124736 [2014 MB] [2.0 GB]
sdb: sdb1
ne.c:v1.10 9/23/94 Donald Becker (becker@cesdis.gsfc.nasa.gov)
NE*000 ethercard probe at 0x320: 00 c0 df 50 39 9f
eth0: NE2000 found at 0x320, using IRQ 5.
Serial driver version 5.01 (2000-05-29) with MANY_PORTS SHARE_IRQ SERIAL_PCI ISAPNP enabled
ip_conntrack (512 buckets, 4096 max)
ip_tables: (c)2000 Netfilter core team
kmem_create: Forcing size word alignment - nfs_fh
VFS: Mounted root (ext2 filesystem) readonly.
Freeing unused kernel memory: 188k freed
Adding Swap: 136512k swap-space (priority -1)
[EXT II FS 0.5b, 95/08/09, bs=4096, fs=4096, gc=15, bpg=32768, ipg=32000, mo=ffffffea]
NAT: 0 dropping untracked packet c3962b40 1 193.254.42.170 -> 194.102.255.6
NAT: 0 dropping untracked packet c39615c0 1 193.254.42.170 -> 194.102.255.6
NAT: 0 dropping untracked packet c3962d20 1 193.254.42.170 -> 194.102.255.6
NAT: 0 dropping untracked packet c38c8440 1 193.254.42.170 -> 194.102.255.6
NAT: 0 dropping untracked packet c38ff0e0 1 193.254.42.170 -> 194.102.255.6
NAT: 0 dropping untracked packet c2cc5aa0 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c3961d40 1 193.254.42.170 -> 194.102.255.6
NAT: 0 dropping untracked packet c38ff900 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c38c8800 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c38c8d00 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c11c8940 1 193.254.42.170 -> 194.102.255.6
NAT: 0 dropping untracked packet c38c8440 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2cbae80 1 193.254.42.170 -> 194.102.255.6
NAT: 0 dropping untracked packet c2cc5b40 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2cc5460 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c38c8620 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c11c81c0 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c38ffae0 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2cc5a00 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2c55580 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2cc5640 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c3961980 1 194.102.255.251 -> 224.0.0.1
NAT: 0 dropping untracked packet c3961a20 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c37c5860 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c37c5400 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c312e6e0 1 194.102.255.16 -> 224.0.0.1
NAT: 0 dropping untracked packet c38c8b20 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2c55300 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2cba340 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c38ff180 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c313cf20 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c37c5860 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c3962c80 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c3962be0 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c312ebe0 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2cba980 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c37c55e0 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2c55c60 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2c55580 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2c55a80 1 194.102.255.251 -> 224.0.0.1
NAT: 0 dropping untracked packet c2cc5320 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c38ff9a0 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2cc5aa0 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c39612a0 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c3961d40 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c38c8300 1 194.102.255.16 -> 224.0.0.1
NAT: 0 dropping untracked packet c38c8d00 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c39612a0 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c38ffa40 1 213.154.148.128 -> 194.102.255.6
tcpdump uses obsolete (PF_INET,SOCK_PACKET)
device eth0 entered promiscuous mode
NAT: 0 dropping untracked packet c11c8940 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c38ffd60 1 213.154.148.128 -> 194.102.255.6
NAT: 0 dropping untracked packet c2cc5f00 1 194.102.251.17 -> 224.0.0.2
NAT: 0 dropping untracked packet c2c55ee0 1 194.102.251.17 -> 224.0.0.2
NAT: 0 dropping untracked packet c2d18c20 1 194.102.251.17 -> 224.0.0.2
NAT: 0 dropping untracked packet c313cf20 1 213.154.148.128 -> 194.102.255.6
device eth0 left promiscuous mode
Notice the packets received in the interval when I was tcpdump-ing. There
were 3 icmp unreachable - need to frag. Why they are seen as untracked
packets?
dmesg output is after 2 minutes uptime.
Any thoughts?
-- Mircea Damian E-mails: dmircea@kappa.ro, dmircea@roedu.net WebPage: http://taz.mania.k.ro/~dmircea/- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jul 15 2000 - 21:00:16 EST