Update: Left syslogd running again for a few hours, and it again starting acting up.
I attached strace to it, and it wasn't hanging. Every few seconds, it
was doing stuff like this:
poll([{fd=15, events=POLLIN}], 1, 10000) = 0
gettimeofday({1233300158, 115424}, NULL) = 0
poll([{fd=1, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
send(1, "\6\235\1\0\0\1\0\0\0\0\0\0\0013\0010\003168\003192\7in"...,
42, MSG_NOSIGNAL) = 42
I'm not sure if that's normal or not. A while later, I got a bit of
this:
poll([{fd=1, events=POLLIN}], 1, 5000) = 0
socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 15
connect(15, {sa_family=AF_INET6, sin6_port=htons(53),
inet_pton(AF_INET6, "::ffff:127.0.0.1", &sin6_addr), sin6_flowinfo=16777343,
sin6_scope_id=0}, 28) = 0
fcntl64(15, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(15, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1233301548, 576663}, NULL) = 0
poll([{fd=15, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
So that's connecting to IPv6 sockets. I wonder if it has anything to do
with IPv6. Thinking about what John said, it could be something to do
with not having reverse DNS on the IPv6 interface.
However, I just temporarily disabled the IPv6 interfaces and tunnel, and
it didn't seem to do anything.
Strangely, I thought "IPv4-compatible" addresses like
"::ffff:127.0.0.1", which syslogd is connecting to, was supposed to be
deprecated.
I do have a feeling it's something to do with reverse DNS, as it does
this occasionally:
write(1, "RESOLVE-ADDRESS 192.168.0.3\n", 28) = 28
read(1, "-15 Timeout reached\n", 1024) = 20
close(1) = 0
192.168.0.3 is the address of our VoIP box. Which reminds me, we'll have
to buy a new one if we want IPv6-enabled VoIP, as I doubt there will be
a new firmware released for a consumer box.
It looks at /etc/resolv.conf every now and then:
munmap(0xb7f76000, 4096) = 0
stat64("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=96, ...}) = 0
socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 1
connect(1, {sa_family=AF_INET6, sin6_port=htons(53),
inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28)
= 0
Don't know why it's so insistent on doing funny queries using IPv6. I
know I've been setting up IPv6 tunnels and things, but I haven't done
anything other than that. /etc/hosts doesn't have anything crazy like
localhost pointing to ::1 (as opposed to ip6-localhost).
When I run something that hangs, like `sudo -v`, I see no extra output
from the strace'ed syslogd. When I look at /var/log/syslog, there is
some occasional stuff getting written to the log. So some stuff is being
passed through to syslogd, some is not.
This is confusing.
--
Jeremy Visser http://jeremy.visser.name/
No Internet Censorship for Australia http://nocleanfeed.com/
signature.asc
Description: This is a digitally signed message part
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
