Re: strange messages from -current 'dhcpcd'
On Tue, 28 Jun 2016, Roy Marples wrote: > Can you test this patch please? > http://roy.marples.name/projects/dhcpcd/vpatch?from=4bc1195af1c6a989=ca478aacff7bac38 With this patch (less the "if-linux.c" part, since there isn't one in /usr/src), no further such messages have been observed on -current amd64 and i386 hosts. Thanks. -- |/"\ John D. Baker, KN5UKS NetBSD Darwin/MacOS X |\ / jdbaker[snail]mylinuxisp[flyspeck]comOpenBSDFreeBSD | X No HTML/proprietary data in email. BSD just sits there and works! |/ \ GPGkeyID: D703 4A7E 479F 63F8 D3F4 BD99 9572 8F23 E4AD 1645
Re: strange messages from -current 'dhcpcd'
Hi On 24/06/2016 23:18, John D. Baker wrote: > I've just noticed some strange log messages emitted by 'dhcpcd' on > -current (7.99.32). I've seen these on i386, amd64, and evbarm-earmv7hf. > > They are of the form: > > Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from > 19.100.192.168 > Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from > 20.12.192.168 > Jun 18 14:15:22 hostname dhcpcd[PID]: wm0: invalid UDP packet from > 119.16.192.168 > Jun 23 21:48:35 hostname dhcpcd[PID]: wm0: invalid UDP packet from > 150.129.192.168 > Jun 23 18:57:32 hostname dhcpcd[PID]: wm0: invalid UDP packet from > 163.85.192.168 > Jun 24 02:56:29 hostname dhcpcd[PID]: wm0: invalid UDP packet from > 76.24.192.168 > > Needless to say, the purported source IPs are not on my network. My NAT > router blocks all incoming traffic except SSH, HTTP, HTTPS and those are > specifically redirected to hosts other than the ones from which the above > data were gathered. > > It is curious how they all share the attribute that their last two octets > are the Class C private allocation prefix. > > These same machines (and others), while running NetBSD-7.0_STABLE (amd64, > i386, sparc) with 'dhcpcd', have not exhibited such messages. > > (Alas, there are some redmond-OS machines on my network--not by my > choice) > > I'm watching the interface with 'tcpdump' on one of the affected machines > to see if I can get more information. Can you test this patch please? http://roy.marples.name/projects/dhcpcd/vpatch?from=4bc1195af1c6a989=ca478aacff7bac38 Thanks Roy
Re: strange messages from -current 'dhcpcd'
ntoh(), hton() ? On Jun 24, 2016 4:41 PM, "Paul Goyette"wrote: > On Fri, 24 Jun 2016, Michael van Elst wrote: > > jdba...@mylinuxisp.com ("John D. Baker") writes: >> >> Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from >>> 19.100.192.168 >>> Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from >>> 20.12.192.168 >>> Jun 18 14:15:22 hostname dhcpcd[PID]: wm0: invalid UDP packet from >>> 119.16.192.168 >>> Jun 23 21:48:35 hostname dhcpcd[PID]: wm0: invalid UDP packet from >>> 150.129.192.168 >>> Jun 23 18:57:32 hostname dhcpcd[PID]: wm0: invalid UDP packet from >>> 163.85.192.168 >>> Jun 24 02:56:29 hostname dhcpcd[PID]: wm0: invalid UDP packet from >>> 76.24.192.168 >>> >> >> Needless to say, the purported source IPs are not on my network. >>> >> >> >> Obviously these are not IP addresses. Each ends with 192.168, so there >> is a off-by-2 error when accessing the address field. >> > > Or some strange byte/word swap error... > > > +--+--++ > | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | > | (Retired)| FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | > | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org | > +--+--++ >
Re: strange messages from -current 'dhcpcd'
On Saturday 25 June 2016 07:41:19 Paul Goyette wrote: > On Fri, 24 Jun 2016, Michael van Elst wrote: > > jdba...@mylinuxisp.com ("John D. Baker") writes: > >> Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from > >> 19.100.192.168 Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP > >> packet from 20.12.192.168 Jun 18 14:15:22 hostname dhcpcd[PID]: wm0: > >> invalid UDP packet from 119.16.192.168 Jun 23 21:48:35 hostname > >> dhcpcd[PID]: wm0: invalid UDP packet from 150.129.192.168 Jun 23 > >> 18:57:32 hostname dhcpcd[PID]: wm0: invalid UDP packet from > >> 163.85.192.168 Jun 24 02:56:29 hostname dhcpcd[PID]: wm0: invalid UDP > >> packet from 76.24.192.168 > >> > >> Needless to say, the purported source IPs are not on my network. > > > > Obviously these are not IP addresses. Each ends with 192.168, so there > > is a off-by-2 error when accessing the address field. > > Or some strange byte/word swap error... Or probably a bug with the BPF reader being re-worked so it was interruptible. I think it's due to BPF queue having >1 packet. I'll look into fixing it, it happens very occasionally on my dev machine, but my network is small so it's hard to reproduce. Roy
Re: strange messages from -current 'dhcpcd'
On Fri, 24 Jun 2016, Michael van Elst wrote: jdba...@mylinuxisp.com ("John D. Baker") writes: Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from 19.100.192.168 Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from 20.12.192.168 Jun 18 14:15:22 hostname dhcpcd[PID]: wm0: invalid UDP packet from 119.16.192.168 Jun 23 21:48:35 hostname dhcpcd[PID]: wm0: invalid UDP packet from 150.129.192.168 Jun 23 18:57:32 hostname dhcpcd[PID]: wm0: invalid UDP packet from 163.85.192.168 Jun 24 02:56:29 hostname dhcpcd[PID]: wm0: invalid UDP packet from 76.24.192.168 Needless to say, the purported source IPs are not on my network. Obviously these are not IP addresses. Each ends with 192.168, so there is a off-by-2 error when accessing the address field. Or some strange byte/word swap error... +--+--++ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired)| FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org | +--+--++
Re: strange messages from -current 'dhcpcd'
jdba...@mylinuxisp.com ("John D. Baker") writes: >Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from >19.100.192.168 >Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from >20.12.192.168 >Jun 18 14:15:22 hostname dhcpcd[PID]: wm0: invalid UDP packet from >119.16.192.168 >Jun 23 21:48:35 hostname dhcpcd[PID]: wm0: invalid UDP packet from >150.129.192.168 >Jun 23 18:57:32 hostname dhcpcd[PID]: wm0: invalid UDP packet from >163.85.192.168 >Jun 24 02:56:29 hostname dhcpcd[PID]: wm0: invalid UDP packet from >76.24.192.168 >Needless to say, the purported source IPs are not on my network. Obviously these are not IP addresses. Each ends with 192.168, so there is a off-by-2 error when accessing the address field. -- -- Michael van Elst Internet: mlel...@serpens.de "A potential Snark may lurk in every tree."
Re: strange messages from -current 'dhcpcd'
On Fri 24 Jun 2016 at 17:18:52 -0500, John D. Baker wrote: > I've just noticed some strange log messages emitted by 'dhcpcd' on > -current (7.99.32). I've seen these on i386, amd64, and evbarm-earmv7hf. Yes, I've seen one too: Jun 24 23:44:03 hostname dhcpcd[PID]: re1: invalid UDP packet from 150.142.192.168 Similarly, such a packet is not supposed to have arrived here from the outside due to a NATing router. I'm using a recent dhcpcd from its development trunk. -Olaf. -- ___ Olaf 'Rhialto' Seibert -- Wayland: Those who don't understand X \X/ rhialto/at/xs4all.nl-- are condemned to reinvent it. Poorly. signature.asc Description: PGP signature
strange messages from -current 'dhcpcd'
I've just noticed some strange log messages emitted by 'dhcpcd' on -current (7.99.32). I've seen these on i386, amd64, and evbarm-earmv7hf. They are of the form: Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from 19.100.192.168 Jun 18 12:56:53 hostname dhcpcd[PID]: wm0: invalid UDP packet from 20.12.192.168 Jun 18 14:15:22 hostname dhcpcd[PID]: wm0: invalid UDP packet from 119.16.192.168 Jun 23 21:48:35 hostname dhcpcd[PID]: wm0: invalid UDP packet from 150.129.192.168 Jun 23 18:57:32 hostname dhcpcd[PID]: wm0: invalid UDP packet from 163.85.192.168 Jun 24 02:56:29 hostname dhcpcd[PID]: wm0: invalid UDP packet from 76.24.192.168 Needless to say, the purported source IPs are not on my network. My NAT router blocks all incoming traffic except SSH, HTTP, HTTPS and those are specifically redirected to hosts other than the ones from which the above data were gathered. It is curious how they all share the attribute that their last two octets are the Class C private allocation prefix. These same machines (and others), while running NetBSD-7.0_STABLE (amd64, i386, sparc) with 'dhcpcd', have not exhibited such messages. (Alas, there are some redmond-OS machines on my network--not by my choice) I'm watching the interface with 'tcpdump' on one of the affected machines to see if I can get more information. -- |/"\ John D. Baker, KN5UKS NetBSD Darwin/MacOS X |\ / jdbaker[snail]mylinuxisp[flyspeck]comOpenBSDFreeBSD | X No HTML/proprietary data in email. BSD just sits there and works! |/ \ GPGkeyID: D703 4A7E 479F 63F8 D3F4 BD99 9572 8F23 E4AD 1645