* Instead of IP addresses the kernel started to show zero's
@ 2012-09-21 18:27 Alexey Vlasov
2012-10-09 12:36 ` Dan Carpenter
0 siblings, 1 reply; 9+ messages in thread
From: Alexey Vlasov @ 2012-09-21 18:27 UTC (permalink / raw)
To: linux-kernel
Hi.
Here it writes LOG module (netfilter) in syslog:
====
Sep 21 22:24:04 l24 kernel: ipsec:SYN-OUTPUT-HTTP IN= OUT=eth0
SRC=0000000000000000 DST=0000000000000000 LEN=60 TOS=0x00 PREC=0x00
TTL=64 ID=9042 DF PROTO=TCP SPT=51169 DPT=80 WINDOW=14600 RES=0x00 SYN
URGP=0 UID=545369 GID=155
====
This is recent, here go zero's again.
====
cat /proc/net/xt_recent/j-brute
src=0000000000000000 ttl: 117 last_seen: 4349942400 oldest_pkt: 1
4349942400
src=0000000000000000 ttl: 119 last_seen: 4349968063 oldest_pkt: 1
4349968063
====
Can it be fixed without restarting the box?
Thanks.
# uname -a
Linux l24 3.4.6 ...
--
BRGDS. Alexey Vlasov.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Instead of IP addresses the kernel started to show zero's
2012-09-21 18:27 Instead of IP addresses the kernel started to show zero's Alexey Vlasov
@ 2012-10-09 12:36 ` Dan Carpenter
2012-10-09 12:50 ` Eric Dumazet
0 siblings, 1 reply; 9+ messages in thread
From: Dan Carpenter @ 2012-10-09 12:36 UTC (permalink / raw)
To: Alexey Vlasov; +Cc: linux-kernel, netdev
Add netdev to the CC list.
regards,
dan carpenter
On Fri, Sep 21, 2012 at 10:27:04PM +0400, Alexey Vlasov wrote:
> Hi.
>
> Here it writes LOG module (netfilter) in syslog:
> ====
> Sep 21 22:24:04 l24 kernel: ipsec:SYN-OUTPUT-HTTP IN= OUT=eth0
> SRC=0000000000000000 DST=0000000000000000 LEN=60 TOS=0x00 PREC=0x00
> TTL=64 ID=9042 DF PROTO=TCP SPT=51169 DPT=80 WINDOW=14600 RES=0x00 SYN
> URGP=0 UID=545369 GID=155
> ====
>
> This is recent, here go zero's again.
> ====
> cat /proc/net/xt_recent/j-brute
> src=0000000000000000 ttl: 117 last_seen: 4349942400 oldest_pkt: 1
> 4349942400
> src=0000000000000000 ttl: 119 last_seen: 4349968063 oldest_pkt: 1
> 4349968063
> ====
>
> Can it be fixed without restarting the box?
> Thanks.
>
> # uname -a
> Linux l24 3.4.6 ...
>
> --
> BRGDS. Alexey Vlasov.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Instead of IP addresses the kernel started to show zero's
2012-10-09 12:36 ` Dan Carpenter
@ 2012-10-09 12:50 ` Eric Dumazet
2012-10-09 13:03 ` Dan Carpenter
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Eric Dumazet @ 2012-10-09 12:50 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Alexey Vlasov, linux-kernel, netdev, Borislav Petkov
On Tue, 2012-10-09 at 15:36 +0300, Dan Carpenter wrote:
> Add netdev to the CC list.
netdev already in the CC list by Borislav Petkov
Reporter was (kindly) requested to try 3.6-rc7 +, and we got no answer.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Instead of IP addresses the kernel started to show zero's
2012-10-09 12:50 ` Eric Dumazet
@ 2012-10-09 13:03 ` Dan Carpenter
2012-10-20 11:18 ` Giuliano Pochini
2012-10-26 10:58 ` Alexey Vlasov
2 siblings, 0 replies; 9+ messages in thread
From: Dan Carpenter @ 2012-10-09 13:03 UTC (permalink / raw)
To: Eric Dumazet; +Cc: Alexey Vlasov, linux-kernel, netdev, Borislav Petkov
On Tue, Oct 09, 2012 at 02:50:10PM +0200, Eric Dumazet wrote:
> On Tue, 2012-10-09 at 15:36 +0300, Dan Carpenter wrote:
> > Add netdev to the CC list.
>
> netdev already in the CC list by Borislav Petkov
>
Sorry. He sent the email twice in two threads and I was still
looking at the first report. :(
regards,
dan carpenter
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Instead of IP addresses the kernel started to show zero's
2012-10-09 12:50 ` Eric Dumazet
2012-10-09 13:03 ` Dan Carpenter
@ 2012-10-20 11:18 ` Giuliano Pochini
2012-10-26 10:58 ` Alexey Vlasov
2 siblings, 0 replies; 9+ messages in thread
From: Giuliano Pochini @ 2012-10-20 11:18 UTC (permalink / raw)
To: Eric Dumazet; +Cc: linux-kernel, netdev, Borislav Petkov
On Tue, 09 Oct 2012 14:50:10 +0200
Eric Dumazet <eric.dumazet@gmail.com> wrote:
> On Tue, 2012-10-09 at 15:36 +0300, Dan Carpenter wrote:
> > Add netdev to the CC list.
>
> netdev already in the CC list by Borislav Petkov
>
> Reporter was (kindly) requested to try 3.6-rc7 +, and we got no answer.
Sorry for the late answer. We cannot test a new kernel right now. I'll let you know as soon we manage to test it.
--
Giuliano.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Instead of IP addresses the kernel started to show zero's
2012-10-09 12:50 ` Eric Dumazet
2012-10-09 13:03 ` Dan Carpenter
2012-10-20 11:18 ` Giuliano Pochini
@ 2012-10-26 10:58 ` Alexey Vlasov
2 siblings, 0 replies; 9+ messages in thread
From: Alexey Vlasov @ 2012-10-26 10:58 UTC (permalink / raw)
To: Eric Dumazet
Cc: Dan Carpenter, linux-kernel, netdev, Borislav Petkov, Giuliano Pochini
On Tue, Oct 09, 2012 at 02:50:10PM +0200, Eric Dumazet wrote:
>
> Reporter was (kindly) requested to try 3.6-rc7 +, and we got no answer.
Now I don't have any free servers where I could test a new kernel.
But in 1-2 months we'll be placing a new server fo a shared-hosting and
then I will be able to test new kernels.
Unfortunatelly I don't think it is reasonable to test kernels on production servers.
--
BRGDS. Alexey Vlasov.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Instead of IP addresses the kernel started to show zero's
2012-09-30 21:25 ` Giuliano Pochini
@ 2012-09-30 23:03 ` Borislav Petkov
0 siblings, 0 replies; 9+ messages in thread
From: Borislav Petkov @ 2012-09-30 23:03 UTC (permalink / raw)
To: Giuliano Pochini; +Cc: Alexey Vlasov, linux-kernel, netdev
+ netdev
On Sun, Sep 30, 2012 at 11:25:59PM +0200, Giuliano Pochini wrote:
> On Tue, 25 Sep 2012 14:26:07 +0400
> Alexey Vlasov <renton@renton.name> wrote:
>
> > Hi.
> >
> > Here it writes LOG target from syslog:
> >
> > Sep 25 03:23:49 l24 kernel: ip:SYN-OUTPUT-HTTP IN= OUT=eth0
> > SRC=0000000000000000 DST=0000000000000000 LEN=60 TOS=0x00 PREC=0x00
> > TTL=64 ID=22467 DF PROTO=TCP SPT=52829 DPT=80 WINDOW=14600 RES=0x00 SYN
> > URGP=0 UID=564373 GID=155
> >
> > This is recent, here go zero's again:
> > # cat /proc/net/xt_recent/ssh-brute
> > ...
> > src=0000000000000000 ttl: 122 last_seen: 4371027622 oldest_pkt: 1
> > 4371027622
> >
> > Can it be fixed without restarting the box?
> > Thanks!
> >
> > Kernel 3.4.6.
>
> It look similar to a problem that occurred on some 3.x heavy loaded
> machines. After a while they begin to send packets with dst=0.0.0.0. We had
> to revert to 2.6 on our production machines.
>
> tcpdump output looks like this:
>
> 17:06:29.272225 IP 0.0.0.0.http > 0.0.0.0.1687: . ack 232 win 15400
> 17:06:29.272671 IP 0.0.0.0.http > 0.0.0.0.1687: P 0:511(511) ack 232 win 15400
> 17:06:29.272689 IP 0.0.0.0.http > 0.0.0.0.1687: F 511:511(0) ack 232 win 15400
> 17:06:29.273249 IP 0.0.0.0.http > 0.0.0.0.65307: . ack 62552748 win 1006 <nop,nop,timestamp 1760963 478909562>
> 17:06:29.273662 IP 0.0.0.0.http > 0.0.0.0.65307: P 0:511(511) ack 1 win 1006 <nop,nop,timestamp 1760963 478909562>
> 17:06:29.273678 IP 0.0.0.0.http > 0.0.0.0.65307: F 511:511(0) ack 1 win 1006 <nop,nop,timestamp 1760963 478909562>
> 17:06:29.278683 IP 0.0.0.0.http > 0.0.0.0.12021: . ack 1 win 12240
> 17:06:29.288707 IP 0.0.0.0.http > 0.0.0.0.28308: . ack 1049058319 win 12420
> 17:06:29.289406 IP 0.0.0.0.http > 0.0.0.0.28308: . ack 57 win 12420
> 17:06:29.289834 IP 0.0.0.0.http > 0.0.0.0.28308: P 0:487(487) ack 57 win 12420
> 17:06:29.289851 IP 0.0.0.0.http > 0.0.0.0.28308: F 487:487(0) ack 57 win 12420
> 17:06:29.291767 IP 0.0.0.0.http > 0.0.0.0.11407: P 0:472(472) ack 171 win 1275 <nop,nop,timestamp 1760982 2400635630>
> 17:06:29.292657 IP 0.0.0.0.http > 0.0.0.0.50511: . ack 1 win 14400
> 17:06:29.293502 IP 0.0.0.0.http > 0.0.0.0.12381: . ack 558 win 14960
> 17:06:29.295080 IP 0.0.0.0.http > 0.0.0.0.10980: . ack 2 win 16692
>
> When the network traffic slows down the machine recovers to normal operation.
>
> I found another report about this issue:
>
> https://bbs.archlinux.org/viewtopic.php?id=129304
Any chance you guys can try the latest Linus kernel - it is 3.6-rc7 +
100ish patches and it should be close to final release, so pretty stable
already - to check whether the issue still persists?
Thanks.
--
Regards/Gruss,
Boris.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Instead of IP addresses the kernel started to show zero's
2012-09-25 10:26 Alexey Vlasov
@ 2012-09-30 21:25 ` Giuliano Pochini
2012-09-30 23:03 ` Borislav Petkov
0 siblings, 1 reply; 9+ messages in thread
From: Giuliano Pochini @ 2012-09-30 21:25 UTC (permalink / raw)
To: Alexey Vlasov; +Cc: linux-kernel
On Tue, 25 Sep 2012 14:26:07 +0400
Alexey Vlasov <renton@renton.name> wrote:
> Hi.
>
> Here it writes LOG target from syslog:
>
> Sep 25 03:23:49 l24 kernel: ip:SYN-OUTPUT-HTTP IN= OUT=eth0
> SRC=0000000000000000 DST=0000000000000000 LEN=60 TOS=0x00 PREC=0x00
> TTL=64 ID=22467 DF PROTO=TCP SPT=52829 DPT=80 WINDOW=14600 RES=0x00 SYN
> URGP=0 UID=564373 GID=155
>
> This is recent, here go zero's again:
> # cat /proc/net/xt_recent/ssh-brute
> ...
> src=0000000000000000 ttl: 122 last_seen: 4371027622 oldest_pkt: 1
> 4371027622
>
> Can it be fixed without restarting the box?
> Thanks!
>
> Kernel 3.4.6.
It look similar to a problem that occurred on some 3.x heavy loaded
machines. After a while they begin to send packets with dst=0.0.0.0. We had
to revert to 2.6 on our production machines.
tcpdump output looks like this:
17:06:29.272225 IP 0.0.0.0.http > 0.0.0.0.1687: . ack 232 win 15400
17:06:29.272671 IP 0.0.0.0.http > 0.0.0.0.1687: P 0:511(511) ack 232 win 15400
17:06:29.272689 IP 0.0.0.0.http > 0.0.0.0.1687: F 511:511(0) ack 232 win 15400
17:06:29.273249 IP 0.0.0.0.http > 0.0.0.0.65307: . ack 62552748 win 1006 <nop,nop,timestamp 1760963 478909562>
17:06:29.273662 IP 0.0.0.0.http > 0.0.0.0.65307: P 0:511(511) ack 1 win 1006 <nop,nop,timestamp 1760963 478909562>
17:06:29.273678 IP 0.0.0.0.http > 0.0.0.0.65307: F 511:511(0) ack 1 win 1006 <nop,nop,timestamp 1760963 478909562>
17:06:29.278683 IP 0.0.0.0.http > 0.0.0.0.12021: . ack 1 win 12240
17:06:29.288707 IP 0.0.0.0.http > 0.0.0.0.28308: . ack 1049058319 win 12420
17:06:29.289406 IP 0.0.0.0.http > 0.0.0.0.28308: . ack 57 win 12420
17:06:29.289834 IP 0.0.0.0.http > 0.0.0.0.28308: P 0:487(487) ack 57 win 12420
17:06:29.289851 IP 0.0.0.0.http > 0.0.0.0.28308: F 487:487(0) ack 57 win 12420
17:06:29.291767 IP 0.0.0.0.http > 0.0.0.0.11407: P 0:472(472) ack 171 win 1275 <nop,nop,timestamp 1760982 2400635630>
17:06:29.292657 IP 0.0.0.0.http > 0.0.0.0.50511: . ack 1 win 14400
17:06:29.293502 IP 0.0.0.0.http > 0.0.0.0.12381: . ack 558 win 14960
17:06:29.295080 IP 0.0.0.0.http > 0.0.0.0.10980: . ack 2 win 16692
When the network traffic slows down the machine recovers to normal operation.
I found another report about this issue:
https://bbs.archlinux.org/viewtopic.php?id=129304
--
Giuliano.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Instead of IP addresses the kernel started to show zero's
@ 2012-09-25 10:26 Alexey Vlasov
2012-09-30 21:25 ` Giuliano Pochini
0 siblings, 1 reply; 9+ messages in thread
From: Alexey Vlasov @ 2012-09-25 10:26 UTC (permalink / raw)
To: linux-kernel
Hi.
Here it writes LOG target from syslog:
Sep 25 03:23:49 l24 kernel: ip:SYN-OUTPUT-HTTP IN= OUT=eth0
SRC=0000000000000000 DST=0000000000000000 LEN=60 TOS=0x00 PREC=0x00
TTL=64 ID=22467 DF PROTO=TCP SPT=52829 DPT=80 WINDOW=14600 RES=0x00 SYN
URGP=0 UID=564373 GID=155
This is recent, here go zero's again:
# cat /proc/net/xt_recent/ssh-brute
...
src=0000000000000000 ttl: 122 last_seen: 4371027622 oldest_pkt: 1
4371027622
Can it be fixed without restarting the box?
Thanks!
Kernel 3.4.6.
--
BRGDS. Alexey Vlasov.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2012-10-26 10:59 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-09-21 18:27 Instead of IP addresses the kernel started to show zero's Alexey Vlasov
2012-10-09 12:36 ` Dan Carpenter
2012-10-09 12:50 ` Eric Dumazet
2012-10-09 13:03 ` Dan Carpenter
2012-10-20 11:18 ` Giuliano Pochini
2012-10-26 10:58 ` Alexey Vlasov
2012-09-25 10:26 Alexey Vlasov
2012-09-30 21:25 ` Giuliano Pochini
2012-09-30 23:03 ` Borislav Petkov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).