Re: Issue on netconsole vs. Linux kernel oops

Re: Issue on netconsole vs. Linux kernel oops

[Park Lee]

On Thu, 16 Dec 2004 at 10:55, Matt Mackall wrote:
>
> On Thu, Dec 16, 2004 at 10:48:27AM -0800, Park Lee 
> wrote:
> > Hi,
> > I'd like to use netconsole to send local Linux
> > kernel's final messages (i.e. oops) to remote 
> > machine when the kernel crashes. 
> > Now I can successfully use a built-in netconsole 
> > to send some loacl kernel messages to the remote 
> > machine.(the parameter I send to local kernel on 
> > kernel command line is 
> > "netconsole=@192.168.0.2/,514@192.168.0.1/", I run
> > syslogd in remote machine). For example, When the
> > local kernel is booting, it will send a message
> > "192.168.0.2 audit(1103247021.091:0): 
> > initialized" to remote machine through 
> > netconsole, and the syslogd on remote machine 
> > will write the message to /var/log/messages on 
> > remote machine.
> >  What CONFUSE me most is that when the kernel
> > crashes, there is NO message (oops) about the 
> > crash being wrote down by syslogd on remote 
> > machine to remote /var/log/messages file at all!! 
> >   But in the mean time, We can see the outputs of
> > tcpdump on the remote machine, they are some thing
> > like the following:
> >
> >01:36:56.692877 IP 192.168.0.2.6665 >
> >192.168.0.1.syslog: UDP, length 48
> >01:36:56.692930 IP 192.168.0.2.6665 >
> >192.168.0.1.syslog: UDP, length 29
> >01:36:56.692982 IP 192.168.0.2.6665 >
> >192.168.0.1.syslog: UDP, length 15
> >01:36:56.693034 IP 192.168.0.2.6665 >
> >192.168.0.1.syslog: UDP, length 9
> >01:36:56.693086 IP 192.168.0.2.6665 >
> >192.168.0.1.syslog: UDP, length 16
> >01:36:56.693121 IP 192.168.0.2.6665 >
> >192.168.0.1.syslog: UDP, length 16
> >   ... ...
> > From these messages, we can see that the 
> > netconsole actually have sent the final messages 
> > (oops) to remote machine when the local kernel 
> > crashed. But there are no corresponding messages 
> > recorded by syslogd on remote machine 
> > to /var/log/messages.
>
> From your description, it sounds like syslogd is at 
> fault. Try using netcat on the remote machine.

  Today, I have a try using netcat. But I found that
the problem still exist!
  By accident, I found that this problem is related to
native IPsec that runs between my local machine and
the remote machine. 
  I'm using IPsec-Tools ( which including racoon,
setkey) as the user-space tools for the native IPsec
of linux kernel. Only if I run the command "setkey -f
/etc/ipsec.conf" on the remote machine, the syslogd
(or netcat) running on the remote machine will unable
to record the messages that have been reached the
remote machine. If I'm not run this command on remote
machine, the syslogd/netcat will be able to record the
arrived messages. (the /etc/ipsec.conf on the remote
machine is shown in the end.)
  Then, CAN'T netconsole be used in the IPsec
environment (with IPsec-Tools)? How can we solve this
problem?

  Thank you.

PS.  
  The /etc/ipsec.conf on the remote machine (Just an
example).(I'm using racoon to automatically setup the
Security Associations.)

#!/usr/setkey -f

# Configuration for 192.168.0.1 (the remote machine)

# Flush the SAD and SPD
flush;
spdflush;

# Security policies
spdadd 192.168.0.1 192.168.0.2 any -P out ipsec
           esp/transport//require
           ah/transport//require;

spdadd 192.168.0.2 192.168.0.1 any -P in ipsec
           esp/transport//require
           ah/transport//require;



=====
Best Regards,
Park Lee


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - 250MB free storage. Do more. Manage less. 
http://info.mail.yahoo.com/mail_250

Re: Issue on netconsole vs. Linux kernel oops

[Matt Mackall]

On Fri, Dec 17, 2004 at 04:12:20AM -0800, Park Lee wrote:
> On Thu, 16 Dec 2004 at 10:55, Matt Mackall wrote:
> >
> > On Thu, Dec 16, 2004 at 10:48:27AM -0800, Park Lee 
> > wrote:
> > > Hi,
> > > I'd like to use netconsole to send local Linux
> > > kernel's final messages (i.e. oops) to remote 
> > > machine when the kernel crashes. 
> > > Now I can successfully use a built-in netconsole 
> > > to send some loacl kernel messages to the remote 
> > > machine.(the parameter I send to local kernel on 
> > > kernel command line is 
> > > "netconsole=@192.168.0.2/,514@192.168.0.1/", I run
> > > syslogd in remote machine). For example, When the
> > > local kernel is booting, it will send a message
> > > "192.168.0.2 audit(1103247021.091:0): 
> > > initialized" to remote machine through 
> > > netconsole, and the syslogd on remote machine 
> > > will write the message to /var/log/messages on 
> > > remote machine.
> > >  What CONFUSE me most is that when the kernel
> > > crashes, there is NO message (oops) about the 
> > > crash being wrote down by syslogd on remote 
> > > machine to remote /var/log/messages file at all!! 
> > >   But in the mean time, We can see the outputs of
> > > tcpdump on the remote machine, they are some thing
> > > like the following:
> > >
> > >01:36:56.692877 IP 192.168.0.2.6665 >
> > >192.168.0.1.syslog: UDP, length 48
> > >01:36:56.692930 IP 192.168.0.2.6665 >
> > >192.168.0.1.syslog: UDP, length 29
> > >01:36:56.692982 IP 192.168.0.2.6665 >
> > >192.168.0.1.syslog: UDP, length 15
> > >01:36:56.693034 IP 192.168.0.2.6665 >
> > >192.168.0.1.syslog: UDP, length 9
> > >01:36:56.693086 IP 192.168.0.2.6665 >
> > >192.168.0.1.syslog: UDP, length 16
> > >01:36:56.693121 IP 192.168.0.2.6665 >
> > >192.168.0.1.syslog: UDP, length 16
> > >   ... ...
> > > From these messages, we can see that the 
> > > netconsole actually have sent the final messages 
> > > (oops) to remote machine when the local kernel 
> > > crashed. But there are no corresponding messages 
> > > recorded by syslogd on remote machine 
> > > to /var/log/messages.
> >
> > From your description, it sounds like syslogd is at 
> > fault. Try using netcat on the remote machine.
> 
>   Today, I have a try using netcat. But I found that
> the problem still exist!
>   By accident, I found that this problem is related to
> native IPsec that runs between my local machine and
> the remote machine. 
>   I'm using IPsec-Tools ( which including racoon,
> setkey) as the user-space tools for the native IPsec
> of linux kernel. Only if I run the command "setkey -f
> /etc/ipsec.conf" on the remote machine, the syslogd
> (or netcat) running on the remote machine will unable
> to record the messages that have been reached the
> remote machine. If I'm not run this command on remote
> machine, the syslogd/netcat will be able to record the
> arrived messages. (the /etc/ipsec.conf on the remote
> machine is shown in the end.)
>   Then, CAN'T netconsole be used in the IPsec
> environment (with IPsec-Tools)? How can we solve this
> problem?

Netconsole builds very simple IPv4 packets by hand without the use of
the rest of the IP stack. This is how it continues to work when the
system is crashing. So it will never be able to build IPSEC packets.
Nor is it likely to do IPv6 any time soon.

You can probably get it to work by using a different IP address for
netconsole than you use for IPSEC, and set up the receiving end to
recognize packets from that address as normal unencrypted IPv4.
-- 
Mathematics is the supreme nostalgia of our time.

Re: Issue on netconsole vs. Linux kernel oops

[Bill Rugolsky Jr.]

On Fri, Dec 17, 2004 at 08:44:19AM -0800, Matt Mackall wrote:
> Netconsole builds very simple IPv4 packets by hand without the use of
> the rest of the IP stack. This is how it continues to work when the
> system is crashing. So it will never be able to build IPSEC packets.
> Nor is it likely to do IPv6 any time soon.

A useful (and perhaps relatively painless?) addition to netconsole would
be VLAN support.  This is somewhere near the middle of my TODO list.

Regards,

	Bill Rugolsky

Re: Issue on netconsole vs. Linux kernel oops

[Park Lee]

On Fri, 17 Dec 2004 at 08:44, Matt Mackall wrote:
>
> Netconsole builds very simple IPv4 packets by hand 
> without the use of the rest of the IP stack. This 
> is how it continues to work when the system is 
> crashing. So it will never be able to build IPSEC 
> packets.
> Nor is it likely to do IPv6 any time soon.
>
> You can probably get it to work by using a 
> different IP address for netconsole than you use 
> for IPSEC, and set up the receiving end to
> recognize packets from that address as normal 
> unencrypted IPv4.

Thank you.

But that will need at least 3 computers(i.e. 2 for
IPsec, 1 for receiving end), Am I right?


=====
Best Regards,
Park Lee


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 
http://promotions.yahoo.com/new_mail

Re: Issue on netconsole vs. Linux kernel oops

[Matt Mackall]

On Fri, Dec 17, 2004 at 10:01:34PM -0800, Park Lee wrote:
> On Fri, 17 Dec 2004 at 08:44, Matt Mackall wrote:
> >
> > Netconsole builds very simple IPv4 packets by hand 
> > without the use of the rest of the IP stack. This 
> > is how it continues to work when the system is 
> > crashing. So it will never be able to build IPSEC 
> > packets.
> > Nor is it likely to do IPv6 any time soon.
> >
> > You can probably get it to work by using a 
> > different IP address for netconsole than you use 
> > for IPSEC, and set up the receiving end to
> > recognize packets from that address as normal 
> > unencrypted IPv4.
> 
> Thank you.
> 
> But that will need at least 3 computers(i.e. 2 for
> IPsec, 1 for receiving end), Am I right?

No, you should be able to configure a non-IPSsec interface on the
receiver, possibly at a fourth address.

-- 
Mathematics is the supreme nostalgia of our time.

Re: Issue on netconsole vs. Linux kernel oops

[Park Lee]

On Thu, 16 Dec 2004 at 14:06, Dick Johnson wrote:
>
> Depends upon the vendor of your installation, but 
> some require loghost to be defined in /etc/hosts as 
> the same as localhost and /etc/nsswitch.conf 
> configured to actually look at that.

Now, I'm using Fedora Core 2. Would you please tell us
Is there any limitation of it? 

Thank you.



=====
Best Regards,
Park Lee


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250

Re: Issue on netconsole vs. Linux kernel oops

[linux-os]

On Thu, 16 Dec 2004, Matt Mackall wrote:

> On Thu, Dec 16, 2004 at 10:48:27AM -0800, Park Lee wrote:
>> Hi,
>>   I'd like to use netconsole to send local Linux
>> kernel's final messages (i.e. oops) to remote machine
>> when the kernel crashes.
>>   Now I can successfully use a built-in netconsole to
>> send some loacl kernel messages to the remote machine.
>> (the parameter I send to local kernel on kernel
>> command line is
>> "netconsole=@192.168.0.2/,514@192.168.0.1/", I run
>> syslogd in remote machine). For example, When the
>> local kernel is booting, it will send a message
>> "192.168.0.2 audit(1103247021.091:0): initialized" to
>> remote machine through netconsole, and the syslogd on
>> remote machine will write the message to
>> /var/log/messages on remote machine.
>>   What CONFUSE me most is that when the kernel
>> crashes, there is NO message (oops) about the crash
>> being wrote down by syslogd on remote machine to
>> remote /var/log/messages file at all!!
>>   But in the mean time, We can see the outputs of
>> tcpdump on the remote machine, they are some thing
>> like the following:
>>
>> 01:36:56.692877 IP 192.168.0.2.6665 >
>> 192.168.0.1.syslog: UDP, length 48
>> 01:36:56.692930 IP 192.168.0.2.6665 >
>> 192.168.0.1.syslog: UDP, length 29
>> 01:36:56.692982 IP 192.168.0.2.6665 >
>> 192.168.0.1.syslog: UDP, length 15
>> 01:36:56.693034 IP 192.168.0.2.6665 >
>> 192.168.0.1.syslog: UDP, length 9
>> 01:36:56.693086 IP 192.168.0.2.6665 >
>> 192.168.0.1.syslog: UDP, length 16
>> 01:36:56.693121 IP 192.168.0.2.6665 >
>> 192.168.0.1.syslog: UDP, length 16
>>    ... ...
>>
>>   From these messages, we can see that the netconsole
>> actually have sent the final messages (oops) to remote
>> machine when the local kernel crashed. But there are
>> no corresponding messages recorded by syslogd on
>> remote machine to /var/log/messages.
>
>> From your description, it sounds like syslogd is at fault. Try using
> netcat on the remote machine.
>
> -- 
> Mathematics is the supreme nostalgia of our time.


Depends upon the vendor of your installation, but some require
loghost to be defined in /etc/hosts as the same as localhost and
/etc/nsswitch.conf configured to actually look at that.


Cheers,
Dick Johnson
Penguin : Linux version 2.6.9 on an i686 machine (5537.79 BogoMips).
  Notice : All mail here is now cached for review by Dictator Bush.
                  98.36% of all statistics are fiction.

Re: Issue on netconsole vs. Linux kernel oops

[Matt Mackall]

On Thu, Dec 16, 2004 at 10:48:27AM -0800, Park Lee wrote:
> Hi,
>   I'd like to use netconsole to send local Linux
> kernel's final messages (i.e. oops) to remote machine
> when the kernel crashes. 
>   Now I can successfully use a built-in netconsole to
> send some loacl kernel messages to the remote machine.
> (the parameter I send to local kernel on kernel
> command line is
> "netconsole=@192.168.0.2/,514@192.168.0.1/", I run
> syslogd in remote machine). For example, When the
> local kernel is booting, it will send a message
> "192.168.0.2 audit(1103247021.091:0): initialized" to
> remote machine through netconsole, and the syslogd on
> remote machine will write the message to
> /var/log/messages on remote machine.
>   What CONFUSE me most is that when the kernel
> crashes, there is NO message (oops) about the crash
> being wrote down by syslogd on remote machine to
> remote /var/log/messages file at all!! 
>   But in the mean time, We can see the outputs of
> tcpdump on the remote machine, they are some thing
> like the following:
> 
> 01:36:56.692877 IP 192.168.0.2.6665 >
> 192.168.0.1.syslog: UDP, length 48
> 01:36:56.692930 IP 192.168.0.2.6665 >
> 192.168.0.1.syslog: UDP, length 29
> 01:36:56.692982 IP 192.168.0.2.6665 >
> 192.168.0.1.syslog: UDP, length 15
> 01:36:56.693034 IP 192.168.0.2.6665 >
> 192.168.0.1.syslog: UDP, length 9
> 01:36:56.693086 IP 192.168.0.2.6665 >
> 192.168.0.1.syslog: UDP, length 16
> 01:36:56.693121 IP 192.168.0.2.6665 >
> 192.168.0.1.syslog: UDP, length 16
>    ... ...
> 
>   From these messages, we can see that the netconsole
> actually have sent the final messages (oops) to remote
> machine when the local kernel crashed. But there are
> no corresponding messages recorded by syslogd on
> remote machine to /var/log/messages.

>From your description, it sounds like syslogd is at fault. Try using
netcat on the remote machine.

-- 
Mathematics is the supreme nostalgia of our time.

Issue on netconsole vs. Linux kernel oops

[Park Lee]

Hi,
  I'd like to use netconsole to send local Linux
kernel's final messages (i.e. oops) to remote machine
when the kernel crashes. 
  Now I can successfully use a built-in netconsole to
send some loacl kernel messages to the remote machine.
(the parameter I send to local kernel on kernel
command line is
"netconsole=@192.168.0.2/,514@192.168.0.1/", I run
syslogd in remote machine). For example, When the
local kernel is booting, it will send a message
"192.168.0.2 audit(1103247021.091:0): initialized" to
remote machine through netconsole, and the syslogd on
remote machine will write the message to
/var/log/messages on remote machine.
  What CONFUSE me most is that when the kernel
crashes, there is NO message (oops) about the crash
being wrote down by syslogd on remote machine to
remote /var/log/messages file at all!! 
  But in the mean time, We can see the outputs of
tcpdump on the remote machine, they are some thing
like the following:

01:36:56.692877 IP 192.168.0.2.6665 >
192.168.0.1.syslog: UDP, length 48
01:36:56.692930 IP 192.168.0.2.6665 >
192.168.0.1.syslog: UDP, length 29
01:36:56.692982 IP 192.168.0.2.6665 >
192.168.0.1.syslog: UDP, length 15
01:36:56.693034 IP 192.168.0.2.6665 >
192.168.0.1.syslog: UDP, length 9
01:36:56.693086 IP 192.168.0.2.6665 >
192.168.0.1.syslog: UDP, length 16
01:36:56.693121 IP 192.168.0.2.6665 >
192.168.0.1.syslog: UDP, length 16
   ... ...

  From these messages, we can see that the netconsole
actually have sent the final messages (oops) to remote
machine when the local kernel crashed. But there are
no corresponding messages recorded by syslogd on
remote machine to /var/log/messages.

  Then, Where are these messages go? Do they disappear
themselves? 
  Is this a fault in netconsole or in syslogd, or Am I
miss to configure something obvious? Would you please
give me some hints on solving this problem?

  Thank you very much.



=====
Best Regards,
Park Lee


		
__________________________________ 
Do you Yahoo!? 
Jazz up your holiday email with celebrity designs. Learn more. 
http://celebrity.mail.yahoo.com