subject:"strange messages from \-current 'dhcpcd'"

Re: strange messages from -current 'dhcpcd'

2016-07-07 Thread John D. Baker

On Tue, 28 Jun 2016, Roy Marples wrote:

> Can you test this patch please?
> http://roy.marples.name/projects/dhcpcd/vpatch?from=4bc1195af1c6a989=ca478aacff7bac38

With this patch (less the "if-linux.c" part, since there isn't one in
/usr/src), no further such messages have been observed on -current amd64
and i386 hosts.

Thanks.

-- 
|/"\ John D. Baker, KN5UKS   NetBSD Darwin/MacOS X
|\ / jdbaker[snail]mylinuxisp[flyspeck]comOpenBSDFreeBSD
| X  No HTML/proprietary data in email.   BSD just sits there and works!
|/ \ GPGkeyID:  D703 4A7E 479F 63F8 D3F4  BD99 9572 8F23 E4AD 1645

Re: strange messages from -current 'dhcpcd'

2016-06-28 Thread Roy Marples

Hi

On 24/06/2016 23:18, John D. Baker wrote:
> I've just noticed some strange log messages emitted by 'dhcpcd' on
> -current (7.99.32).  I've seen these on i386, amd64, and evbarm-earmv7hf.
> 
> They are of the form:
> 
> Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
> 19.100.192.168
> Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
> 20.12.192.168
> Jun 18 14:15:22 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
> 119.16.192.168
> Jun 23 21:48:35 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
> 150.129.192.168
> Jun 23 18:57:32 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
> 163.85.192.168
> Jun 24 02:56:29 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
> 76.24.192.168
> 
> Needless to say, the purported source IPs are not on my network.  My NAT
> router blocks all incoming traffic except SSH, HTTP, HTTPS and those are
> specifically redirected to hosts other than the ones from which the above
> data were gathered.
> 
> It is curious how they all share the attribute that their last two octets
> are the Class C private allocation prefix.
> 
> These same machines (and others), while running NetBSD-7.0_STABLE (amd64,
> i386, sparc) with 'dhcpcd', have not exhibited such messages.
> 
> (Alas, there are some redmond-OS machines on my network--not by my
> choice)
> 
> I'm watching the interface with 'tcpdump' on one of the affected machines
> to see if I can get more information.

Can you test this patch please?
http://roy.marples.name/projects/dhcpcd/vpatch?from=4bc1195af1c6a989=ca478aacff7bac38

Thanks

Roy

Re: strange messages from -current 'dhcpcd'

2016-06-26 Thread bch

ntoh(), hton() ?
On Jun 24, 2016 4:41 PM, "Paul Goyette"  wrote:

> On Fri, 24 Jun 2016, Michael van Elst wrote:
>
> jdba...@mylinuxisp.com ("John D. Baker") writes:
>>
>> Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from
>>> 19.100.192.168
>>> Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from
>>> 20.12.192.168
>>> Jun 18 14:15:22 hostname dhcpcd[PID]: wm0: invalid UDP packet from
>>> 119.16.192.168
>>> Jun 23 21:48:35 hostname dhcpcd[PID]: wm0: invalid UDP packet from
>>> 150.129.192.168
>>> Jun 23 18:57:32 hostname dhcpcd[PID]: wm0: invalid UDP packet from
>>> 163.85.192.168
>>> Jun 24 02:56:29 hostname dhcpcd[PID]: wm0: invalid UDP packet from
>>> 76.24.192.168
>>>
>>
>> Needless to say, the purported source IPs are not on my network.
>>>
>>
>>
>> Obviously these are not IP addresses. Each ends with 192.168, so there
>> is a off-by-2 error when accessing the address field.
>>
>
> Or some strange byte/word swap error...
>
>
> +--+--++
> | Paul Goyette | PGP Key fingerprint: | E-mail addresses:  |
> | (Retired)| FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com   |
> | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
> +--+--++
>

Re: strange messages from -current 'dhcpcd'

2016-06-25 Thread Roy Marples

On Saturday 25 June 2016 07:41:19 Paul Goyette wrote:
> On Fri, 24 Jun 2016, Michael van Elst wrote:
> > jdba...@mylinuxisp.com ("John D. Baker") writes:
> >> Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from
> >> 19.100.192.168 Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP
> >> packet from 20.12.192.168 Jun 18 14:15:22 hostname dhcpcd[PID]: wm0:
> >> invalid UDP packet from 119.16.192.168 Jun 23 21:48:35 hostname
> >> dhcpcd[PID]: wm0: invalid UDP packet from 150.129.192.168 Jun 23
> >> 18:57:32 hostname dhcpcd[PID]: wm0: invalid UDP packet from
> >> 163.85.192.168 Jun 24 02:56:29 hostname dhcpcd[PID]: wm0: invalid UDP
> >> packet from 76.24.192.168
> >> 
> >> Needless to say, the purported source IPs are not on my network.
> > 
> > Obviously these are not IP addresses. Each ends with 192.168, so there
> > is a off-by-2 error when accessing the address field.
> 
> Or some strange byte/word swap error...

Or probably a bug with the BPF reader being re-worked so it was interruptible.
I think it's due to BPF queue having >1 packet.

I'll look into fixing it, it happens very occasionally on my dev machine, but 
my network is small so it's hard to reproduce.

Roy

Re: strange messages from -current 'dhcpcd'

2016-06-24 Thread Paul Goyette


On Fri, 24 Jun 2016, Michael van Elst wrote:


jdba...@mylinuxisp.com ("John D. Baker") writes:


Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
19.100.192.168
Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from 20.12.192.168
Jun 18 14:15:22 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
119.16.192.168
Jun 23 21:48:35 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
150.129.192.168
Jun 23 18:57:32 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
163.85.192.168
Jun 24 02:56:29 hostname dhcpcd[PID]: wm0: invalid UDP packet from 76.24.192.168



Needless to say, the purported source IPs are not on my network.



Obviously these are not IP addresses. Each ends with 192.168, so there
is a off-by-2 error when accessing the address field.


Or some strange byte/word swap error...


+--+--++
| Paul Goyette | PGP Key fingerprint: | E-mail addresses:  |
| (Retired)| FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com   |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+--+--++

Re: strange messages from -current 'dhcpcd'

2016-06-24 Thread Michael van Elst

jdba...@mylinuxisp.com ("John D. Baker") writes:

>Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
>19.100.192.168
>Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
>20.12.192.168
>Jun 18 14:15:22 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
>119.16.192.168
>Jun 23 21:48:35 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
>150.129.192.168
>Jun 23 18:57:32 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
>163.85.192.168
>Jun 24 02:56:29 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
>76.24.192.168

>Needless to say, the purported source IPs are not on my network.


Obviously these are not IP addresses. Each ends with 192.168, so there
is a off-by-2 error when accessing the address field.

-- 
-- 
Michael van Elst
Internet: mlel...@serpens.de
"A potential Snark may lurk in every tree."

Re: strange messages from -current 'dhcpcd'

2016-06-24 Thread Rhialto

On Fri 24 Jun 2016 at 17:18:52 -0500, John D. Baker wrote:
> I've just noticed some strange log messages emitted by 'dhcpcd' on
> -current (7.99.32).  I've seen these on i386, amd64, and evbarm-earmv7hf.

Yes, I've seen one too:

Jun 24 23:44:03 hostname dhcpcd[PID]: re1: invalid UDP packet from 
150.142.192.168

Similarly, such a packet is not supposed to have arrived here from the
outside due to a NATing router.

I'm using a recent dhcpcd from its development trunk.

-Olaf.
-- 
___ Olaf 'Rhialto' Seibert  -- Wayland: Those who don't understand X
\X/ rhialto/at/xs4all.nl-- are condemned to reinvent it. Poorly.


signature.asc
Description: PGP signature

strange messages from -current 'dhcpcd'

2016-06-24 Thread John D. Baker

I've just noticed some strange log messages emitted by 'dhcpcd' on
-current (7.99.32).  I've seen these on i386, amd64, and evbarm-earmv7hf.

They are of the form:

Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
19.100.192.168
Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from 20.12.192.168
Jun 18 14:15:22 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
119.16.192.168
Jun 23 21:48:35 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
150.129.192.168
Jun 23 18:57:32 hostname dhcpcd[PID]: wm0: invalid UDP packet from 
163.85.192.168
Jun 24 02:56:29 hostname dhcpcd[PID]: wm0: invalid UDP packet from 76.24.192.168

Needless to say, the purported source IPs are not on my network.  My NAT
router blocks all incoming traffic except SSH, HTTP, HTTPS and those are
specifically redirected to hosts other than the ones from which the above
data were gathered.

It is curious how they all share the attribute that their last two octets
are the Class C private allocation prefix.

These same machines (and others), while running NetBSD-7.0_STABLE (amd64,
i386, sparc) with 'dhcpcd', have not exhibited such messages.

(Alas, there are some redmond-OS machines on my network--not by my
choice)

I'm watching the interface with 'tcpdump' on one of the affected machines
to see if I can get more information.


-- 
|/"\ John D. Baker, KN5UKS   NetBSD Darwin/MacOS X
|\ / jdbaker[snail]mylinuxisp[flyspeck]comOpenBSDFreeBSD
| X  No HTML/proprietary data in email.   BSD just sits there and works!
|/ \ GPGkeyID:  D703 4A7E 479F 63F8 D3F4  BD99 9572 8F23 E4AD 1645

Re: strange messages from -current 'dhcpcd'

Re: strange messages from -current 'dhcpcd'

Re: strange messages from -current 'dhcpcd'

Re: strange messages from -current 'dhcpcd'

Re: strange messages from -current 'dhcpcd'

Re: strange messages from -current 'dhcpcd'

Re: strange messages from -current 'dhcpcd'

strange messages from -current 'dhcpcd'

8 matches

Site Navigation

Mail list logo

Footer information