Bug in recent kernel's ipmon?

Fred Souza fred at storming.org
Fri Dec 12 10:54:24 PST 2003 

Hello,

  I just upgraded my system this night, with fresh sources. And I just
  noticed a strange change in the way ipmon logs stuff. I installed and
  booted the new kernel at about 3:50am, and then proceeded to
  recompiling world. Note how this weird change happens exactly when I
  boot the new kernel. At about noon today, I rebooted the system once
  again, and the strange logging behaviour is still there. Here's the
  output:

Dec 12 00:50:48 torment ipmon[253]: 00:50:48.129245 tun0 @1:19 b 68.122.5.64,1642 -> a.b.c.d,12140 PR tcp len 20 48 -S IN 
Dec 12 00:50:51 torment ipmon[253]: 00:50:51.036378 tun0 @1:19 b 68.122.5.64,1642 -> a.b.c.d,12140 PR tcp len 20 48 -S IN 
Dec 12 00:50:57 torment ipmon[253]: 00:50:56.759340 tun0 @1:19 b 68.122.5.64,1642 -> a.b.c.d,12140 PR tcp len 20 48 -S IN 

  [snip]

Dec 12 00:57:18 torment ipmon[253]: 00:57:17.953080 tun0 @1:19 b 68.122.5.64,1753 -> a.b.c.d,12140 PR tcp len 20 48 -S IN 
Dec 12 00:57:21 torment ipmon[253]: 00:57:20.892857 tun0 @1:19 b 68.122.5.64,1753 -> a.b.c.d,12140 PR tcp len 20 48 -S IN 
Dec 12 00:57:25 torment ipmon[253]: 00:57:24.179407 tun0 @1:19 b 68.122.5.64,1670 -> a.b.c.d,12140 PR tcp len 20 40 -AR IN 
Dec 12 00:57:27 torment ipmon[253]: 00:57:26.774064 tun0 @1:19 b 68.122.5.64,1753 -> a.b.c.d,12140 PR tcp len 20 48 -S IN 
Dec 12 00:57:39 torment ipmon[253]: 00:57:38.962248 tun0 @1:19 b 68.122.5.64,1753 -> a.b.c.d,12140 PR tcp len 20 48 -S IN 

  [snip - the new kernel is booted up here. Take a look at the
  interface's (tun0) name]

Dec 12 04:00:04 torment ipmon[268]: 04:00:04.084573 tun056069 @1:19 b 200.165.143.85,1025 -> a.b.c.d,1499 PR tcp len 20 40 -AR IN 
Dec 12 04:03:05 torment ipmon[268]: 04:03:05.138846 tun03228173440 @2:8 b 220.97.211.160,3872 -> a.b.c.d,1434 PR udp len 20 404 IN 
Dec 12 04:11:25 torment ipmon[268]: 04:11:25.125725 tun03228173440 @1:19 b 200.165.143.85,1025 -> a.b.c.d,1987 PR tcp len 20 40 -AR IN 
Dec 12 04:20:42 torment ipmon[268]: 04:20:42.321850 tun03228173440 @1:19 b 200.165.143.85,1025 -> a.b.c.d,1159 PR tcp len 20 40 -AR IN 
Dec 12 11:52:27 torment ipmon[268]: 11:52:26.272993 tun078315520 @1:19 b 200.165.143.85,1025 -> a.b.c.d,1292 PR tcp len 20 40 -AR IN 
Dec 12 11:55:15 torment ipmon[268]: 11:55:15.177658 tun034055 @1:19 b 200.165.219.199,1025 -> a.b.c.d,1925 PR tcp len 20 40 -AR IN 
Dec 12 12:08:03 torment ipmon[268]: 12:08:03.582678 tun018553 @1:19 b 200.208.28.213,80 -> a.b.c.d,31048 PR tcp len 20 40 -AR IN 
Dec 12 12:08:16 torment ipmon[268]: 12:08:16.514720 tun05895 @1:19 b 200.165.143.85,1025 -> a.b.c.d,1815 PR tcp len 20 40 -AR IN 
Dec 12 12:14:05 torment ipmon[268]: 12:14:04.350558 tun03228173440 @1:19 b 64.48.134.14,0 -> a.b.c.d,8000 PR tcp len 20 40 -S IN 
Dec 12 12:14:48 torment ipmon[268]: 12:14:48.121531 tun03228173440 @1:19 b 200.165.219.199,1025 -> a.b.c.d,1438 PR tcp len 20 40 -AR IN 
Dec 12 12:19:02 torment ipmon[268]: 12:19:02.406130 tun03228173440 @1:19 b 64.48.134.14,0 -> a.b.c.d,8080 PR tcp len 20 40 -S IN 
Dec 12 12:24:46 torment ipmon[268]: 12:24:45.470273 tun03228173440 @1:19 b 200.165.219.199,1025 -> a.b.c.d,1910 PR tcp len 20 40 -AR IN 
Dec 12 12:27:55 torment ipmon[268]: 12:27:54.571752 tun03228173440 @1:19 b 200.165.219.199,1025 -> a.b.c.d,1140 PR tcp len 20 40 -AR IN 
Dec 12 15:26:41 torment ipmon[255]: 15:26:40.945140 tun011137 @1:19 b 218.89.171.57,8868 -> a.b.c.d,33067 PR tcp len 20 44 -AS IN 
Dec 12 15:26:44 torment ipmon[255]: 15:26:44.212810 tun011137 @1:19 b 218.89.171.57,8868 -> a.b.c.d,33067 PR tcp len 20 44 -AS IN 
Dec 12 15:28:32 torment ipmon[255]: 15:28:31.753987 tun016646 @1:19 b 200.165.143.85,1025 -> a.b.c.d,1601 PR tcp len 20 40 -AR IN 


  Also notice how sometimes the (apparently random) number after tun0
  duplicates. And that it even "returned" once. I tried finding the
  error under src/contrib/ipfilter, but couldn't seem to find it. Maybe
  it's something in the kernel-side ipfilter code?


  Thanks in advance,
  Fred

  
-- 
"idiot box, n:
        The part of the envelope that tells a person where to place
        the stamp when they can't quite figure it out for themselves."
		-- "Sniglets", Rich Hall & Friends
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20031212/6ff6b07f/attachment.bin

More information about the freebsd-current mailing list