Your message dated Wed, 6 Sep 2006 23:05:34 -0400
with message-id <[EMAIL PROTECTED]>
and subject line iptables bts cleanup
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: iptables
Version: 1.2.7a-7
Severity: normal
I am running a firewall with iptables and some of the log messages are getting
fragmented (see list below). I have not yet
seen a fragmented message that can be clearly identified as not coming from
iptables, so I suspect iptables. I upgraded to
the testing verion of iptables, but I still have the problem. I upgraded the
kernel to 2.4.20-1, but I still have the problem.
I tried specifying that the firewall logging is at the debug priority and then
used syslog.conf to send the kernel debug
priority to its own log file, but this did not help. I also removed the '-'
prefix from the logfile name in syslog.conf so
that syncing would occur, but that didn't help either. I can't say this is
definitely an iptables problem - on the one hand I
only get fragments from iptables messages - on the other hand, the firewall
logging is the bulk of all my logging because I'm
logging every packet, so if it's a random victim, then the firewall logging is
the most probable victim.
As you can see from the attached list, the problem is reproducible on my
system. I've configured logcheck so that these
fragments are easy to find. About half of them (mostly the earlier ones) are
correlated with a login or logout. In all cases,
one or more of the three users was logged on (which is when there is the most
firewall activity). Also note that the message
tails are intact - only the heads are truncated (except for the date and kernel
verbage). If someone wants to hack a debug
version of a package, I'd be happy to install it and report what I see. As far
as I can tell, iptables is working fine except
for the corrupted log messages, which worries me that something much worse is
lurking.
Apr 11 19:10:02 johnson kernel: 25 DST=208.185.25.38 LEN=52 TOS=0x00 PREC=0x00
TTL=64 ID=615 DF PROTO=TCP SPT=37097 DPT=80 WINDOW=63712 RES=0x00 ACK URGP=0
OPT (0101080A0184710C8752E262)
Apr 12 19:57:14 johnson kernel: 0C98CA000CD018)
Apr 12 19:57:14 johnson kernel: 0C98CA000CD018)
Apr 14 20:00:59 johnson kernel: 8758D39503149D36)
Apr 14 20:01:05 johnson kernel: 49F6F)
Apr 15 21:21:46 johnson kernel: TTL=49 ID=804 DF PROTO=TCP SPT=80 DPT=34600
WINDOW=8688 RES=0x00 ACK URGP=0 OPT (0101080A875AECB00087CEB0)
Apr 17 18:31:15 johnson kernel: 00 ACK URGP=0 OPT
(0101080A000E96650097BE930101050A0721459007217878)
Apr 17 18:32:01 johnson kernel: 09.137.218 DST=67.11.196.25 LEN=1500 TOS=0x00
PREC=0x00 TTL=45 ID=40151 DF PROTO=TCP SPT=80 DPT=33171 WINDOW=6432 RES=0x00
ACK URGP=0 OPT (0101080A0519BDD2000EA80A)
Apr 19 16:21:36 johnson kernel: 00.30 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=26204
DF PROTO=TCP SPT=34363 DPT=80 WINDOW=62780 RES=0x00 ACK URGP=0
Apr 22 20:05:13 johnson kernel: 00 TTL=49 ID=10305 DF PROTO=TCP SPT=80
DPT=33371 WINDOW=8688 RES=0x00 ACK URGP=0 OPT (0101080A033380A200004944)
Apr 29 13:22:36 johnson kernel: C=151.193.164.189 DST=67.11.196.25 LEN=552
TOS=0x00 PREC=0x00 TTL=43 ID=50257 PROTO=TCP SPT=80 DPT=38518 WINDOW=38375
RES=0x00 ACK URGP=0 OPT (0101080A0057E64403763DF0)
Apr 29 13:22:36 johnson kernel: C=151.193.164.189 DST=67.11.196.25 LEN=552
TOS=0x00 PREC=0x00 TTL=43 ID=50257 PROTO=TCP SPT=80 DPT=38518 WINDOW=38375
RES=0x00 ACK URGP=0 OPT (0101080A0057E64403763DF0)
Apr 29 13:22:36 johnson kernel: C=151.193.164.189 DST=67.11.196.25 LEN=552
TOS=0x00 PREC=0x00 TTL=43 ID=50257 PROTO=TCP SPT=80 DPT=38518 WINDOW=38375
RES=0x00 ACK URGP=0 OPT (0101080A0057E64403763DF0)
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux johnson 2.4.20-1-k7 #1 Sat Mar 22 15:17:52 EST 2003 i686
Locale: LANG=C, LC_CTYPE=
Versions of packages iptables depends on:
ii debconf 1.0.32 Debian configuration management sy
ii libc6 2.3.1-16 GNU C Library: Shared libraries an
--- End Message ---
--- Begin Message ---
retitle 191486 [noop] iptables: fragmented log messages from iptables
tag 191486 + unreproducible
thanks, control
It's a kernel problem if it actually exists.
--- End Message ---
