From: Giuliano Pochini <pochini@shiny.it>
To: Alexey Vlasov <renton@renton.name>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Instead of IP addresses the kernel started to show zero's
Date: Sun, 30 Sep 2012 23:25:59 +0200 [thread overview]
Message-ID: <20120930232559.03a0ce4c@wc1> (raw)
In-Reply-To: <20120925102607.GC23296@beaver>
On Tue, 25 Sep 2012 14:26:07 +0400
Alexey Vlasov <renton@renton.name> wrote:
> Hi.
>
> Here it writes LOG target from syslog:
>
> Sep 25 03:23:49 l24 kernel: ip:SYN-OUTPUT-HTTP IN= OUT=eth0
> SRC=0000000000000000 DST=0000000000000000 LEN=60 TOS=0x00 PREC=0x00
> TTL=64 ID=22467 DF PROTO=TCP SPT=52829 DPT=80 WINDOW=14600 RES=0x00 SYN
> URGP=0 UID=564373 GID=155
>
> This is recent, here go zero's again:
> # cat /proc/net/xt_recent/ssh-brute
> ...
> src=0000000000000000 ttl: 122 last_seen: 4371027622 oldest_pkt: 1
> 4371027622
>
> Can it be fixed without restarting the box?
> Thanks!
>
> Kernel 3.4.6.
It look similar to a problem that occurred on some 3.x heavy loaded
machines. After a while they begin to send packets with dst=0.0.0.0. We had
to revert to 2.6 on our production machines.
tcpdump output looks like this:
17:06:29.272225 IP 0.0.0.0.http > 0.0.0.0.1687: . ack 232 win 15400
17:06:29.272671 IP 0.0.0.0.http > 0.0.0.0.1687: P 0:511(511) ack 232 win 15400
17:06:29.272689 IP 0.0.0.0.http > 0.0.0.0.1687: F 511:511(0) ack 232 win 15400
17:06:29.273249 IP 0.0.0.0.http > 0.0.0.0.65307: . ack 62552748 win 1006 <nop,nop,timestamp 1760963 478909562>
17:06:29.273662 IP 0.0.0.0.http > 0.0.0.0.65307: P 0:511(511) ack 1 win 1006 <nop,nop,timestamp 1760963 478909562>
17:06:29.273678 IP 0.0.0.0.http > 0.0.0.0.65307: F 511:511(0) ack 1 win 1006 <nop,nop,timestamp 1760963 478909562>
17:06:29.278683 IP 0.0.0.0.http > 0.0.0.0.12021: . ack 1 win 12240
17:06:29.288707 IP 0.0.0.0.http > 0.0.0.0.28308: . ack 1049058319 win 12420
17:06:29.289406 IP 0.0.0.0.http > 0.0.0.0.28308: . ack 57 win 12420
17:06:29.289834 IP 0.0.0.0.http > 0.0.0.0.28308: P 0:487(487) ack 57 win 12420
17:06:29.289851 IP 0.0.0.0.http > 0.0.0.0.28308: F 487:487(0) ack 57 win 12420
17:06:29.291767 IP 0.0.0.0.http > 0.0.0.0.11407: P 0:472(472) ack 171 win 1275 <nop,nop,timestamp 1760982 2400635630>
17:06:29.292657 IP 0.0.0.0.http > 0.0.0.0.50511: . ack 1 win 14400
17:06:29.293502 IP 0.0.0.0.http > 0.0.0.0.12381: . ack 558 win 14960
17:06:29.295080 IP 0.0.0.0.http > 0.0.0.0.10980: . ack 2 win 16692
When the network traffic slows down the machine recovers to normal operation.
I found another report about this issue:
https://bbs.archlinux.org/viewtopic.php?id=129304
--
Giuliano.
next prev parent reply other threads:[~2012-09-30 21:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-25 10:26 Instead of IP addresses the kernel started to show zero's Alexey Vlasov
2012-09-30 21:25 ` Giuliano Pochini [this message]
2012-09-30 23:03 ` Borislav Petkov
-- strict thread matches above, loose matches on Subject: below --
2012-09-21 18:27 Alexey Vlasov
2012-10-09 12:36 ` Dan Carpenter
2012-10-09 12:50 ` Eric Dumazet
2012-10-09 13:03 ` Dan Carpenter
2012-10-20 11:18 ` Giuliano Pochini
2012-10-26 10:58 ` Alexey Vlasov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120930232559.03a0ce4c@wc1 \
--to=pochini@shiny.it \
--cc=linux-kernel@vger.kernel.org \
--cc=renton@renton.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.