[PATCH] update raw patch in POM

[PATCH] update raw patch in POM

[Roberto Nibali]

[-- Attachment #1: Type: text/plain, Size: 1217 bytes --]

Hello,

This is the updated (rediffed) patch against 2.4.31 for the raw table feature.
So far this has not been compile tested. Chunk #1 and #3 of the
ip_conntrack_core.c part failed.

Also I have already applied the nf-log and tcp-window-tracking patch before
this, so I don't know how much of use this patch is really. I wonder if people
adding code to POM could maybe use something like diff -Nur -C 10 to have more
context lines? It would make the diffs slightely larger but maintenance between
new kernel releases is reduced (hopefully).

Could someone tell me if any of the tcp window tracking fixes or other TCP state
transition fixes need to be backported from the 2.6.x to the 2.4.x kernel? I've
been offline for quite a while now and therefore not tracked netfilter-dev
exhaustively.

Thanks and best regards,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

[-- Attachment #2: linux-2.4.31-raw-1.diff --]
[-- Type: text/plain, Size: 9155 bytes --]

diff -Nur -X dontdiff linux-2.4.31-orig/include/linux/netfilter_ipv4/ipt_conntrack.h linux-2.4.31-pab2/include/linux/netfilter_ipv4/ipt_conntrack.h
--- linux-2.4.31-orig/include/linux/netfilter_ipv4/ipt_conntrack.h	2002-11-29 00:53:15 +0100
+++ linux-2.4.31-pab2/include/linux/netfilter_ipv4/ipt_conntrack.h	2005-06-07 12:51:09 +0200
@@ -10,6 +10,7 @@
 
 #define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
 #define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
+#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
 
 /* flags, invflags: */
 #define IPT_CONNTRACK_STATE	0x01
diff -Nur -X dontdiff linux-2.4.31-orig/include/linux/netfilter_ipv4/ipt_state.h linux-2.4.31-pab2/include/linux/netfilter_ipv4/ipt_state.h
--- linux-2.4.31-orig/include/linux/netfilter_ipv4/ipt_state.h	2000-04-14 18:37:20 +0200
+++ linux-2.4.31-pab2/include/linux/netfilter_ipv4/ipt_state.h	2005-06-07 12:51:09 +0200
@@ -4,6 +4,8 @@
 #define IPT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
 #define IPT_STATE_INVALID (1 << 0)
 
+#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
+
 struct ipt_state_info
 {
 	unsigned int statemask;
diff -Nur -X dontdiff linux-2.4.31-orig/include/linux/netfilter_ipv4.h linux-2.4.31-pab2/include/linux/netfilter_ipv4.h
--- linux-2.4.31-orig/include/linux/netfilter_ipv4.h	2002-02-25 20:38:13 +0100
+++ linux-2.4.31-pab2/include/linux/netfilter_ipv4.h	2005-06-07 12:51:09 +0200
@@ -51,6 +51,8 @@
 
 enum nf_ip_hook_priorities {
 	NF_IP_PRI_FIRST = INT_MIN,
+	NF_IP_PRI_CONNTRACK_DEFRAG = -400,
+	NF_IP_PRI_RAW = -300,
 	NF_IP_PRI_CONNTRACK = -200,
 	NF_IP_PRI_MANGLE = -150,
 	NF_IP_PRI_NAT_DST = -100,
diff -Nur -X dontdiff linux-2.4.31-orig/net/ipv4/netfilter/ip_conntrack_core.c linux-2.4.31-pab2/net/ipv4/netfilter/ip_conntrack_core.c
--- linux-2.4.31-orig/net/ipv4/netfilter/ip_conntrack_core.c	2005-06-07 12:40:25 +0200
+++ linux-2.4.31-pab2/net/ipv4/netfilter/ip_conntrack_core.c	2005-06-07 12:54:11 +0200
@@ -64,6 +64,7 @@
 static atomic_t ip_conntrack_count = ATOMIC_INIT(0);
 struct list_head *ip_conntrack_hash;
 static kmem_cache_t *ip_conntrack_cachep;
+struct ip_conntrack ip_conntrack_untracked;
 static LIST_HEAD(unconfirmed);
 
 extern struct ip_conntrack_protocol ip_conntrack_generic_protocol;
@@ -823,6 +824,15 @@
 	int set_reply;
 	int ret;
 
+	/* Never happen */
+	if ((*pskb)->nh.iph->frag_off & htons(IP_OFFSET)) {
+		if (net_ratelimit()) {
+		printk(KERN_ERR "ip_conntrack_in: Frag of proto %u (hook=%u)\n",
+		       (*pskb)->nh.iph->protocol, hooknum);
+		}
+		return NF_DROP;
+	}
+
 	/* FIXME: Do this right please. --RR */
 	(*pskb)->nfcache |= NFC_UNKNOWN;
 
@@ -841,21 +851,10 @@
 	}
 #endif
 
-	/* Previously seen (loopback)?  Ignore.  Do this before
-           fragment check. */
+	/* Previously seen (loopback or untracked)?  Ignore. */
 	if ((*pskb)->nfct)
 		return NF_ACCEPT;
 
-	/* Gather fragments. */
-	if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
-		*pskb = ip_ct_gather_frags(*pskb,
-		                           hooknum == NF_IP_PRE_ROUTING ?
-		                           IP_DEFRAG_CONNTRACK_IN :
-		                           IP_DEFRAG_CONNTRACK_OUT);
-		if (!*pskb)
-			return NF_STOLEN;
-	}
-
 	proto = ip_ct_find_proto((*pskb)->nh.iph->protocol);
 
 	/* It may be an icmp error... */
@@ -1460,6 +1459,18 @@
 
 	/* For use by ipt_REJECT */
 	ip_ct_attach = ip_conntrack_attach;
+
+	/* Set up fake conntrack:
+	    - to never be deleted, not in any hashes */
+	atomic_set(&ip_conntrack_untracked.ct_general.use, 1);
+	/*  - and look it like as a confirmed connection */
+	set_bit(IPS_CONFIRMED_BIT, &ip_conntrack_untracked.status);
+	/*  - and prepare the ctinfo field for REJECT/NAT. */
+	ip_conntrack_untracked.infos[IP_CT_NEW].master = 
+	ip_conntrack_untracked.infos[IP_CT_RELATED].master = 
+	ip_conntrack_untracked.infos[IP_CT_RELATED + IP_CT_IS_REPLY].master = 
+		&ip_conntrack_untracked.ct_general;
+
 	return ret;
 
 err_free_hash:
diff -Nur -X dontdiff linux-2.4.31-orig/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.4.31-pab2/net/ipv4/netfilter/ip_conntrack_standalone.c
--- linux-2.4.31-orig/net/ipv4/netfilter/ip_conntrack_standalone.c	2005-06-07 12:40:25 +0200
+++ linux-2.4.31-pab2/net/ipv4/netfilter/ip_conntrack_standalone.c	2005-06-07 12:51:09 +0200
@@ -189,6 +189,26 @@
 	return ip_conntrack_confirm(*pskb);
 }
 
+static unsigned int ip_conntrack_defrag(unsigned int hooknum,
+				        struct sk_buff **pskb,
+				        const struct net_device *in,
+				        const struct net_device *out,
+				        int (*okfn)(struct sk_buff *))
+{
+	/* Previously seen (loopback)?  Ignore.  Do this before
+           fragment check. */
+	if ((*pskb)->nfct)
+		return NF_ACCEPT;
+
+	/* Gather fragments. */
+	if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
+		*pskb = ip_ct_gather_frags(*pskb);
+		if (!*pskb)
+			return NF_STOLEN;
+	}
+	return NF_ACCEPT;
+}
+
 static unsigned int ip_refrag(unsigned int hooknum,
 			      struct sk_buff **pskb,
 			      const struct net_device *in,
@@ -230,9 +250,15 @@
 
 /* Connection tracking may drop packets, but never alters them, so
    make it the first hook. */
+static struct nf_hook_ops ip_conntrack_defrag_ops
+= { { NULL, NULL }, ip_conntrack_defrag, PF_INET, NF_IP_PRE_ROUTING,
+	NF_IP_PRI_CONNTRACK_DEFRAG };
 static struct nf_hook_ops ip_conntrack_in_ops
 = { { NULL, NULL }, ip_conntrack_in, PF_INET, NF_IP_PRE_ROUTING,
 	NF_IP_PRI_CONNTRACK };
+static struct nf_hook_ops ip_conntrack_defrag_local_out_ops
+= { { NULL, NULL }, ip_conntrack_defrag, PF_INET, NF_IP_LOCAL_OUT,
+	NF_IP_PRI_CONNTRACK_DEFRAG };
 static struct nf_hook_ops ip_conntrack_local_out_ops
 = { { NULL, NULL }, ip_conntrack_local, PF_INET, NF_IP_LOCAL_OUT,
 	NF_IP_PRI_CONNTRACK };
@@ -373,10 +399,20 @@
 	if (!proc) goto cleanup_init;
 	proc->owner = THIS_MODULE;
 
+	ret = nf_register_hook(&ip_conntrack_defrag_ops);
+	if (ret < 0) {
+		printk("ip_conntrack: can't register pre-routing defrag hook.\n");
+		goto cleanup_proc;
+	}
+	ret = nf_register_hook(&ip_conntrack_defrag_local_out_ops);
+	if (ret < 0) {
+		printk("ip_conntrack: can't register local_out defrag hook.\n");
+		goto cleanup_defragops;
+	}
 	ret = nf_register_hook(&ip_conntrack_in_ops);
 	if (ret < 0) {
 		printk("ip_conntrack: can't register pre-routing hook.\n");
-		goto cleanup_proc;
+		goto cleanup_defraglocalops;
 	}
 	ret = nf_register_hook(&ip_conntrack_local_out_ops);
 	if (ret < 0) {
@@ -414,6 +450,10 @@
 	nf_unregister_hook(&ip_conntrack_local_out_ops);
  cleanup_inops:
 	nf_unregister_hook(&ip_conntrack_in_ops);
+ cleanup_defraglocalops:
+	nf_unregister_hook(&ip_conntrack_defrag_local_out_ops);
+ cleanup_defragops:
+	nf_unregister_hook(&ip_conntrack_defrag_ops);
  cleanup_proc:
 	proc_net_remove("ip_conntrack");
  cleanup_init:
@@ -503,5 +543,6 @@
 EXPORT_SYMBOL(ip_conntrack_expect_list);
 EXPORT_SYMBOL(ip_conntrack_lock);
 EXPORT_SYMBOL(ip_conntrack_hash);
+EXPORT_SYMBOL(ip_conntrack_untracked);
 EXPORT_SYMBOL_GPL(ip_conntrack_find_get);
 EXPORT_SYMBOL_GPL(ip_conntrack_put);
diff -Nur -X dontdiff linux-2.4.31-orig/net/ipv4/netfilter/ip_nat_core.c linux-2.4.31-pab2/net/ipv4/netfilter/ip_nat_core.c
--- linux-2.4.31-orig/net/ipv4/netfilter/ip_nat_core.c	2005-04-04 03:42:20 +0200
+++ linux-2.4.31-pab2/net/ipv4/netfilter/ip_nat_core.c	2005-06-07 12:51:09 +0200
@@ -1023,6 +1023,10 @@
 	/* FIXME: Man, this is a hack.  <SIGH> */
 	IP_NF_ASSERT(ip_conntrack_destroyed == NULL);
 	ip_conntrack_destroyed = &ip_nat_cleanup_conntrack;
+	
+	/* Initialize fake conntrack so that NAT will skip it */
+	ip_conntrack_untracked.nat.info.initialized |= 
+		(1 << IP_NAT_MANIP_SRC) | (1 << IP_NAT_MANIP_DST);
 
 	return 0;
 }
diff -Nur -X dontdiff linux-2.4.31-orig/net/ipv4/netfilter/ipt_conntrack.c linux-2.4.31-pab2/net/ipv4/netfilter/ipt_conntrack.c
--- linux-2.4.31-orig/net/ipv4/netfilter/ipt_conntrack.c	2004-02-18 14:36:32 +0100
+++ linux-2.4.31-pab2/net/ipv4/netfilter/ipt_conntrack.c	2005-06-07 12:51:09 +0200
@@ -27,11 +27,13 @@
 
 #define FWINV(bool,invflg) ((bool) ^ !!(sinfo->invflags & invflg))
 
-	if (ct)
-		statebit = IPT_CONNTRACK_STATE_BIT(ctinfo);
-	else
-		statebit = IPT_CONNTRACK_STATE_INVALID;
-
+	if (skb->nfct == &ip_conntrack_untracked.infos[IP_CT_NEW])
+		statebit = IPT_CONNTRACK_STATE_UNTRACKED;
+	else if (ct)
+ 		statebit = IPT_CONNTRACK_STATE_BIT(ctinfo);
+ 	else
+ 		statebit = IPT_CONNTRACK_STATE_INVALID;
+ 
 	if(sinfo->flags & IPT_CONNTRACK_STATE) {
 		if (ct) {
 			if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip !=
diff -Nur -X dontdiff linux-2.4.31-orig/net/ipv4/netfilter/ipt_state.c linux-2.4.31-pab2/net/ipv4/netfilter/ipt_state.c
--- linux-2.4.31-orig/net/ipv4/netfilter/ipt_state.c	2004-02-18 14:36:32 +0100
+++ linux-2.4.31-pab2/net/ipv4/netfilter/ipt_state.c	2005-06-07 12:51:09 +0200
@@ -21,7 +21,9 @@
 	enum ip_conntrack_info ctinfo;
 	unsigned int statebit;
 
-	if (!ip_conntrack_get((struct sk_buff *)skb, &ctinfo))
+	if (skb->nfct == &ip_conntrack_untracked.infos[IP_CT_NEW])
+		statebit = IPT_STATE_UNTRACKED;
+	else if (!ip_conntrack_get((struct sk_buff *)skb, &ctinfo))
 		statebit = IPT_STATE_INVALID;
 	else
 		statebit = IPT_STATE_BIT(ctinfo);

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

> This is the updated (rediffed) patch against 2.4.31 for the raw table feature.
> So far this has not been compile tested. Chunk #1 and #3 of the
> ip_conntrack_core.c part failed.

To avoid confusion: that was the reason I sent this patch. However when
compiling I get following error:

gcc -D__KERNEL__
-I/home/projects/pab2/src/share/kernel/2.4.x/linux-2.4.31-pab2/include -Wall
-Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common
-fomit-frame-pointer -pipe -mpreferred-stack-boundary=2 -march=i686  -DMODULE
-DMODVERSIONS -include
/home/projects/pab2/src/share/kernel/2.4.x/linux-2.4.31-pab2/include/linux/modversions.h
 -nostdinc -iwithprefix include -DKBUILD_BASENAME=ip_conntrack_standalone
-DEXPORT_SYMTAB -c ip_conntrack_standalone.c
ip_conntrack_standalone.c: In function `ip_conntrack_defrag':
ip_conntrack_standalone.c:205: too few arguments to function
`ip_ct_gather_frags_Rsmp_0ed3e638'
ip_conntrack_standalone.c: At top level:
ip_conntrack_standalone.c:546: `ip_conntrack_untracked' undeclared here (not ina
function)
ip_conntrack_standalone.c:546: initializer element is not constant
ip_conntrack_standalone.c:546: (near initialization for
`__ksymtab_ip_conntrack_untracked.value')
make[3]: *** [ip_conntrack_standalone.o] Error 1
make[3]: Leaving directory
`/home/projects/pab2/src/share/kernel/2.4.x/linux-2.4.31-pab2/net/ipv4/netfilter'
make[2]: *** [_modsubdir_ipv4/netfilter] Error 2
make[2]: Leaving directory
`/home/projects/pab2/src/share/kernel/2.4.x/linux-2.4.31-pab2/net'
make[1]: *** [_mod_net] Error 2
make[1]: Leaving directory
`/home/projects/pab2/src/share/kernel/2.4.x/linux-2.4.31-pab2'
make: *** [compile] Error 2

Anyone?

Cheers,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM

[Pablo Neira]

Hi Roberto,

Roberto Nibali wrote:
>>This is the updated (rediffed) patch against 2.4.31 for the raw table feature.
>>So far this has not been compile tested. Chunk #1 and #3 of the
>>ip_conntrack_core.c part failed.
> 
> 
> To avoid confusion: that was the reason I sent this patch. However when
> compiling I get following error:
> 
> gcc -D__KERNEL__
> -I/home/projects/pab2/src/share/kernel/2.4.x/linux-2.4.31-pab2/include -Wall
> -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common
> -fomit-frame-pointer -pipe -mpreferred-stack-boundary=2 -march=i686  -DMODULE
> -DMODVERSIONS -include
> /home/projects/pab2/src/share/kernel/2.4.x/linux-2.4.31-pab2/include/linux/modversions.h
>  -nostdinc -iwithprefix include -DKBUILD_BASENAME=ip_conntrack_standalone
> -DEXPORT_SYMTAB -c ip_conntrack_standalone.c
> ip_conntrack_standalone.c: In function `ip_conntrack_defrag':
> ip_conntrack_standalone.c:205: too few arguments to function
> `ip_ct_gather_frags_Rsmp_0ed3e638'


You've killed the new version of ip_ct_gather_frags available in 2.4.31:

-	/* Gather fragments. */
-	if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
-		*pskb = ip_ct_gather_frags(*pskb,
-		                           hooknum == NF_IP_PRE_ROUTING ?
-		                           IP_DEFRAG_CONNTRACK_IN :
-		                           IP_DEFRAG_CONNTRACK_OUT);
-		if (!*pskb)
-			return NF_STOLEN;
-	}

but you've replaced it with the old one, that goes in ip_conntrack_defrag:

+	/* Gather fragments. */
+	if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
+		*pskb = ip_ct_gather_frags(*pskb);
+		if (!*pskb)
+			return NF_STOLEN;
+	}

> ip_conntrack_standalone.c: At top level:
> ip_conntrack_standalone.c:546: `ip_conntrack_untracked' undeclared here (not ina
> function)

The hunk attached below is missing in your patch. You need to declare 
ip_conntrack_untracked as extern in ip_conntrack.h.

-------- missing hunk ----------------
diff -urN --exclude-from=/usr/src/diff.exclude 
linux-2.4.22-log/include/linux/netfilter_ipv4/ip_conntrack.h 
linux-2.4.22-raw/include/linux/netfilter_ipv4/ip_conntrack.h
--- linux-2.4.22-log/include/linux/netfilter_ipv4/ip_conntrack.h 
2003-09-17 17:14:54.000000000 +0200
+++ linux-2.4.22-raw/include/linux/netfilter_ipv4/ip_conntrack.h 
2003-09-28 14:22:09.000000000 +0200
@@ -250,6 +250,9 @@
  /* Call me when a conntrack is destroyed. */
  extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);

+/* Fake conntrack entry for untracked connections */
+extern struct ip_conntrack ip_conntrack_untracked;
+
  extern int ip_ct_no_defrag;
  /* Returns new sk_buff, or NULL */
  struct sk_buff *
  ip_ct_gather_frags(struct sk_buff *skb);
------- end of missing hunk ---------------

Those will fix compilation. No big changes has gone into 2.4/netfilter 
since quite some time, anyway I would need to check this more in deep to 
make sure that everything works like a charm. Re-post a new patch and 
I'll have a look at it again.

--
Pablo

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

Hey Pablo,

> You've killed the new version of ip_ct_gather_frags available in 2.4.31:

http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/patch-o-matic-ng/raw/linux-2.4.patch?rev=3692&view=markup

> -    /* Gather fragments. */
> -    if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
> -        *pskb = ip_ct_gather_frags(*pskb,
> -                                   hooknum == NF_IP_PRE_ROUTING ?
> -                                   IP_DEFRAG_CONNTRACK_IN :
> -                                   IP_DEFRAG_CONNTRACK_OUT);
> -        if (!*pskb)
> -            return NF_STOLEN;
> -    }
> 
> but you've replaced it with the old one, that goes in ip_conntrack_defrag:
> 
> +    /* Gather fragments. */
> +    if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
> +        *pskb = ip_ct_gather_frags(*pskb);
> +        if (!*pskb)
> +            return NF_STOLEN;
> +    }

The patch in POM then is kind of misleading.

>> ip_conntrack_standalone.c: At top level:
>> ip_conntrack_standalone.c:546: `ip_conntrack_untracked' undeclared
>> here (not ina
>> function)
> 
> 
> The hunk attached below is missing in your patch. You need to declare
> ip_conntrack_untracked as extern in ip_conntrack.h.

I figured something like that but why has it changed and which one is correct
now with respect to 2.4.31?

> -------- missing hunk ----------------
> diff -urN --exclude-from=/usr/src/diff.exclude
> linux-2.4.22-log/include/linux/netfilter_ipv4/ip_conntrack.h
> linux-2.4.22-raw/include/linux/netfilter_ipv4/ip_conntrack.h
> --- linux-2.4.22-log/include/linux/netfilter_ipv4/ip_conntrack.h
> 2003-09-17 17:14:54.000000000 +0200
> +++ linux-2.4.22-raw/include/linux/netfilter_ipv4/ip_conntrack.h
> 2003-09-28 14:22:09.000000000 +0200
> @@ -250,6 +250,9 @@
>  /* Call me when a conntrack is destroyed. */
>  extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);
> 
> +/* Fake conntrack entry for untracked connections */
> +extern struct ip_conntrack ip_conntrack_untracked;
> +
>  extern int ip_ct_no_defrag;
>  /* Returns new sk_buff, or NULL */
>  struct sk_buff *
>  ip_ct_gather_frags(struct sk_buff *skb);
> ------- end of missing hunk ---------------

Thanks, I'll try that.

> Those will fix compilation. No big changes has gone into 2.4/netfilter
> since quite some time, anyway I would need to check this more in deep to
> make sure that everything works like a charm. Re-post a new patch and
> I'll have a look at it again.

I'll see if I can give it a spin. Unfortunately the POM mechanism (mainly the
malfunctioning runme tool) makes it very hard for us here to extract patches.

I need to know how it should be done correctly though. I'm a bit opposed to
ripping out the fragment below from the kernel:

> -    if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
> -        *pskb = ip_ct_gather_frags(*pskb,
> -                                   hooknum == NF_IP_PRE_ROUTING ?
> -                                   IP_DEFRAG_CONNTRACK_IN :
> -                                   IP_DEFRAG_CONNTRACK_OUT);
> -        if (!*pskb)
> -            return NF_STOLEN;
> -    }

I my opinion the part above should stay and the POM patch adapted.

Thank you very much for your help. BTW, I haven't forgotten about the nfnetlink
backport thing, it's just stalled here internally due to different priorities.

Regards,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM

[Pablo Neira]

Roberto Nibali wrote:
>>You've killed the new version of ip_ct_gather_frags available in 2.4.31:
> 
> 
> http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/patch-o-matic-ng/raw/linux-2.4.patch?rev=3692&view=markup
> 
> 
>>-    /* Gather fragments. */
>>-    if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
>>-        *pskb = ip_ct_gather_frags(*pskb,
>>-                                   hooknum == NF_IP_PRE_ROUTING ?
>>-                                   IP_DEFRAG_CONNTRACK_IN :
>>-                                   IP_DEFRAG_CONNTRACK_OUT);
>>-        if (!*pskb)
>>-            return NF_STOLEN;
>>-    }
>>
>>but you've replaced it with the old one, that goes in ip_conntrack_defrag:
>>
>>+    /* Gather fragments. */
>>+    if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
>>+        *pskb = ip_ct_gather_frags(*pskb);
>>+        if (!*pskb)
>>+            return NF_STOLEN;
>>+    }
> 
> 
> The patch in POM then is kind of misleading.

Instead I would say it's too old. It isn't misleading for a kernel 
2.4.22 but it's simply too old to apply against a 2.4.31 ;).

>>-------- missing hunk ----------------
>>diff -urN --exclude-from=/usr/src/diff.exclude
>>linux-2.4.22-log/include/linux/netfilter_ipv4/ip_conntrack.h
>>linux-2.4.22-raw/include/linux/netfilter_ipv4/ip_conntrack.h
>>--- linux-2.4.22-log/include/linux/netfilter_ipv4/ip_conntrack.h
>>2003-09-17 17:14:54.000000000 +0200
>>+++ linux-2.4.22-raw/include/linux/netfilter_ipv4/ip_conntrack.h
>>2003-09-28 14:22:09.000000000 +0200
>>@@ -250,6 +250,9 @@
>> /* Call me when a conntrack is destroyed. */
>> extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);
>>
>>+/* Fake conntrack entry for untracked connections */
>>+extern struct ip_conntrack ip_conntrack_untracked;
>>+
>> extern int ip_ct_no_defrag;
>> /* Returns new sk_buff, or NULL */
>> struct sk_buff *
>> ip_ct_gather_frags(struct sk_buff *skb);
>>------- end of missing hunk ---------------
> 
> 
> Thanks, I'll try that.
> 
> 
>>Those will fix compilation. No big changes has gone into 2.4/netfilter
>>since quite some time, anyway I would need to check this more in deep to
>>make sure that everything works like a charm. Re-post a new patch and
>>I'll have a look at it again.
> 
> 
> I'll see if I can give it a spin. Unfortunately the POM mechanism (mainly the
> malfunctioning runme tool) makes it very hard for us here to extract patches.

I think that has been discussed several times. Well, POM is a repository 
of testing, unstable, unfinished stuff and sometimes (like Jozsef's raw 
table) already submitted, all those contributed by people. Every patch 
applies cleanly to a _specific_ kernel version, if not-so-many changes 
went into that part of code, it will surely apply to further versions, 
else it won't apply cleanly as it's your case. In any case, keeping the 
whole POM patch tree up to date implies a lot of work.

> I need to know how it should be done correctly though. I'm a bit opposed to
> ripping out the fragment below from the kernel:
> 
> 
>>-    if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
>>-        *pskb = ip_ct_gather_frags(*pskb,
>>-                                   hooknum == NF_IP_PRE_ROUTING ?
>>-                                   IP_DEFRAG_CONNTRACK_IN :
>>-                                   IP_DEFRAG_CONNTRACK_OUT);
>>-        if (!*pskb)
>>-            return NF_STOLEN;
>>-    }
> 
> 
> I my opinion the part above should stay and the POM patch adapted.

yes, you have to replace the old call to ip_ct_gather_frags, which has 
just one parameter, with the new one here above.

> Thank you very much for your help. BTW, I haven't forgotten about the nfnetlink
> backport thing, it's just stalled here internally due to different priorities.

fine, let me know whenever you need it.

--
Pablo

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

Hello,

> Instead I would say it's too old. It isn't misleading for a kernel
> 2.4.22 but it's simply too old to apply against a 2.4.31 ;).

I'm not yet done with testing, however something is not quite right now:

CPU: 2
EIP: 0010:[<00000000>] Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010202
eax: 00000000 ebx: c287df30 ecx: f8aa1ef4 edx: c287c001
esi: 00000000 edi: f7b92a34 ebp: f7b92980 esp: c287deac
ds: 0018 es: 0018 ss: 0018
Process swapper (pid:0, stackpage=c287d000)
Stack: c02a8f74 f8aa1e80 c287df30 f7b92a34 c01de099 f4a4d920 c287df30 00000040
       f7b92980 f7b92800 00000000 00000001 00000001 f7b92800 f7b92a18 c01ddee9
       f7b92980 f7b928c4 f7b92800 00000002 c0417b20 2471321d 00000000 c02ad245
Call trace:  [<c02a8f74>] [<f8aa1e80>] [<c01de099>] [<c01ddee9>] [<c02ad245>]
[<c011f7ad>] [<c0108e00>] [<c0105330>] [<c0105330>] [<c0105330>] [<c0105330>]
[<c010535c>] [<c01053c2>] [<c011a859>]
Code: Bad EIP value.


>>EIP; 00000000 Before first symbol

>>ebx; c287df30 <_end+239de98/385bafc8>
>>ecx; f8aa1ef4 <[ip_conntrack]ip_conntrack_untracked+74/144>
>>edx; c287c001 <_end+239bf69/385bafc8>
>>edi; f7b92a34 <_end+376b299c/385bafc8>
>>ebp; f7b92980 <_end+376b28e8/385bafc8>
>>esp; c287deac <_end+239de14/385bafc8>

Trace; c02a8f74 <__kfree_skb+9c/16c>
Trace; f8aa1e80 <[ip_conntrack]ip_conntrack_untracked+0/144>
Trace; c01de099 <e1000_clean_tx_irq+fd/3b4>
Trace; c01ddee9 <e1000_clean+2d/e0>
Trace; c02ad245 <net_rx_action+c1/180>
Trace; c011f7ad <do_softirq+7d/dc>
Trace; c0108e00 <do_IRQ+190/1a0>
Trace; c0105330 <default_idle+0/34>
Trace; c0105330 <default_idle+0/34>
Trace; c0105330 <default_idle+0/34>
Trace; c0105330 <default_idle+0/34>
Trace; c010535c <default_idle+2c/34>
Trace; c01053c2 <cpu_idle+3e/54>
Trace; c011a859 <printk+181/1c0>

<0> Kernel panic: Aiee, killing interrupt handler!

65 warnings issued.  Results may not be reliable.

If you have any idea let me know, I for once will try to reproduce a clean
kernel patch and retest again. This oops is triggable by reconfiguring the
packet filter while having a moderate throughput through the UNTRACKED chain.
Having the iptstate gui running increases the trigger rate.

Best regards,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

> I'm not yet done with testing, however something is not quite right now:
> 
> CPU: 2
> EIP: 0010:[<00000000>] Not tainted
> Using defaults from ksymoops -t elf32-i386 -a i386
> EFLAGS: 00010202
> eax: 00000000 ebx: c287df30 ecx: f8aa1ef4 edx: c287c001
> esi: 00000000 edi: f7b92a34 ebp: f7b92980 esp: c287deac
> ds: 0018 es: 0018 ss: 0018
> Process swapper (pid:0, stackpage=c287d000)
> Stack: c02a8f74 f8aa1e80 c287df30 f7b92a34 c01de099 f4a4d920 c287df30 00000040
>        f7b92980 f7b92800 00000000 00000001 00000001 f7b92800 f7b92a18 c01ddee9
>        f7b92980 f7b928c4 f7b92800 00000002 c0417b20 2471321d 00000000 c02ad245
> Call trace:  [<c02a8f74>] [<f8aa1e80>] [<c01de099>] [<c01ddee9>] [<c02ad245>]
> [<c011f7ad>] [<c0108e00>] [<c0105330>] [<c0105330>] [<c0105330>] [<c0105330>]
> [<c010535c>] [<c01053c2>] [<c011a859>]
> Code: Bad EIP value.

Added following code in skbuff.h, because of the strange (overwritten) stack:

nf_conntrack_put(struct nf_ct_info *nfct)
{
+        if ((((long) nfct) & 0xf8000000) && atomic_read(&nfct->master->use) <= 1
)
+                BUG();
        if (nfct && atomic_dec_and_test(&nfct->master->use))
                nfct->master->destroy(nfct->master);
}

and Pablo's debug code (which I believe is not triggered yet):

--- linux-2.4.orig/net/ipv4/netfilter/ip_conntrack_core.c	2005-06-15
23:16:43.000000000 +0200
+++ linux-2.4/net/ipv4/netfilter/ip_conntrack_core.c	2005-06-17
20:44:18.000000000 +0200
@@ -1391,6 +1391,8 @@
 		schedule();
 		goto i_see_dead_people;
 	}
+	while (atomic_read(&ip_conntrack_untracked.ct_general.use) != 1)
+		schedule();

 	kmem_cache_destroy(ip_conntrack_cachep);
 	vfree(ip_conntrack_hash);

The above results in following stack trace (at least the stack is now complete):


BUG at /home/.../include/linux/skbuff.h: 1175!
invalid operand: 0000
EFLAGS: 00010246
eax: 00000001 ebx: c2879e58 ecx: f725df1c edx: f7514a64
esi: 00000008 edi: c2879e18 ebp: c2879dfc esp: c2879df4
ds: 0018 cs: 0018 ss:0018
Process swapper (pid:0, stackpage=c2879000)
Stack: c2879e58 c2879e18 c2879e1c c02b9f51 f7514a64 00000000 f7514a64 f750b020
       00000000 f8ae7660 c2879e50 c02c6b3c 00000002 00000001 c2879e58 f7b8c800
       00000000 c02c7100 80000000 00000000 f7514a64 f750b020 787817ac c2879e70
Call trace: [<c02b9f51>][<f8ae7660>][<c02c6b3c>][<c02c7100>][<c02c706a>]
[<c02b0271>][<c01e0379>][<c01dfb76>][<c02b048e>][<c011fcbd>][<c0108f0a>]
[<c0105360>][<c0105360>][<c0105360>][<c0105360>][<c010538f>][<c0105402>]
Code: 0f 0b 97 04 80 bd 37 c0 85 c9 74 17 8b 01 f0 ff 08 0f 94 c2
Using defaults from ksymoops -t elf32-i386 -a i386


>>ebx; c2879e58 <_end+2395dc0/385b6fc8>
>>ecx; f725df1c <_end+36d79e84/385b6fc8>
>>edx; f7514a64 <_end+370309cc/385b6fc8>
>>edi; c2879e18 <_end+2395d80/385b6fc8>
>>ebp; c2879dfc <_end+2395d64/385b6fc8>
>>esp; c2879df4 <_end+2395d5c/385b6fc8>

Trace; c02b9f51 <nf_hook_slow+141/1c4>
Trace; f8ae7660 <END_OF_CODE+182ed/????>
Trace; c02c6b3c <ip_local_deliver+64/1c8>
Trace; c02c7100 <ip_local_deliver_finish+0/150>
Trace; c02c706a <ip_rcv+3ca/460>
Trace; c02b0271 <netif_receive_skb+16d/1a0>
Trace; c01e0379 <e1000_clean_rx_irq+3bd/440>
Trace; c01dfb76 <e1000_clean+3a/d4>
Trace; c02b048e <net_rx_action+be/174>
Trace; c011fcbd <do_softirq+7d/e0>
Trace; c0108f0a <do_IRQ+196/1a8>
Trace; c0105360 <default_idle+0/38>
Trace; c0105360 <default_idle+0/38>
Trace; c0105360 <default_idle+0/38>
Trace; c0105360 <default_idle+0/38>
Trace; c010538f <default_idle+2f/38>
Trace; c0105402 <cpu_idle+42/58>

Code;  00000000 Before first symbol
00000000 <_EIP>:
Code;  00000000 Before first symbol
   0:   0f 0b                     ud2a
Code;  00000002 Before first symbol
   2:   97                        xchg   %eax,%edi
Code;  00000003 Before first symbol
   3:   04 80                     add    $0x80,%al
Code;  00000005 Before first symbol
   5:   bd 37 c0 85 c9            mov    $0xc985c037,%ebp
Code;  0000000a Before first symbol
   a:   74 17                     je     23 <_EIP+0x23> 00000023 Before first sy
mbol
Code;  0000000c Before first symbol
   c:   8b 01                     mov    (%ecx),%eax
Code;  0000000e Before first symbol
   e:   f0 ff 08                  lock decl (%eax)
Code;  00000011 Before first symbol
  11:   0f 94 c2                  sete   %dl

<0>Kernel panic: Aiee, killing interrupt handler!

65 warnings issued.  Results may not be reliable.

I'll remove the BUG() code and have Pablo's code running alone now. After that
I'll also try the following approach, also from our southern friend Pablo:

Index: linux-2.4/net/ipv4/ip_output.c
===================================================================
--- linux-2.4.orig/net/ipv4/ip_output.c	2005-06-08 00:16:54.000000000 +0200
+++ linux-2.4/net/ipv4/ip_output.c	2005-06-15 23:42:13.000000000 +0200
@@ -166,6 +166,8 @@
 	nf_debug_ip_finish_output2(skb);
 #endif /*CONFIG_NETFILTER_DEBUG*/

+	nf_reset(skb);
+
 	if (hh) {
 		int hh_alen;


If you have other ideas, let me know. I could also need some help regarding
debugging the stack trace. It doesn't make much sense to me right now. To
reproduce I roughly use following procedure (not always successful):

1. load a lot of modules (I don't know them by heart but certainly all
   ip_conntrack* related ones)
2. set the policy of all chains in the filter table to DROP
3. generate a normal ruleset for incoming tcp traffic from host A tcp/22
   (ssh)
4. generate a notrack ruleset for incoming tcp traffic from host B
   tcp/22 (ssh)
5. log in from A in one terminal
6. log in from B in another terminal, start iptstate or
   watch -n 1 'cat /proc/net/ip_conntrack'
7. log in from B in yet another terminal and do a ruleset reconfig which
   boils down to following:

   flush all chains and rules therein
   while still_have_ip_conntrack_kernel_modules; do
        rmmod $kmod
   done
   rmmod ip_conntrack
   redo steps 1-4

8. hang and oops!

Cheers,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

> and Pablo's debug code (which I believe is not triggered yet):
> 
> --- linux-2.4.orig/net/ipv4/netfilter/ip_conntrack_core.c	2005-06-15
> 23:16:43.000000000 +0200
> +++ linux-2.4/net/ipv4/netfilter/ip_conntrack_core.c	2005-06-17
> 20:44:18.000000000 +0200
> @@ -1391,6 +1391,8 @@
>  		schedule();
>  		goto i_see_dead_people;
>  	}
> +	while (atomic_read(&ip_conntrack_untracked.ct_general.use) != 1)
> +		schedule();
> 
>  	kmem_cache_destroy(ip_conntrack_cachep);
>  	vfree(ip_conntrack_hash);

This results in an endless loop when calling rmmod ip_conntrack. lsmod shows
(deleted) but the process is in D state. No oops of course and now hang.

> Trace; c02b9f51 <nf_hook_slow+141/1c4>

(gdb) list *nf_hook_slow+141
0xc02ba0bd is in nf_hook_slow (netfilter.c:492).
487                             skb_checksum_help(*pskb);
488                     }
489             }
490
491             /* We may already have this, but read-locks nest anyway */
492             br_read_lock_bh(BR_NETPROTO_LOCK);
493
494     #ifdef CONFIG_NETFILTER_DEBUG
495             if (unlikely((*pskb)->nf_debug & (1 << hook))) {
496                     printk("nf_hook: hook %i already set.\n", hook);

... hmmm, weird.

> If you have other ideas, let me know. I could also need some help regarding
> debugging the stack trace. It doesn't make much sense to me right now. To
> reproduce I roughly use following procedure (not always successful):
> 
> 1. load a lot of modules (I don't know them by heart but certainly all
>    ip_conntrack* related ones)

These were the loaded modules before the oops:

# lsmod
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_tables              12352  10  [ipt_NOTRACK ipt_state ipt_LOG ipt_limit
iptable_raw iptable_mangle iptable_filter iptable_nat]
ip_conntrack_ftp        3904   1
ip_conntrack           28832   1  [ipt_NOTRACK ipt_state ip_nat_ftp
iptable_natip_conntrack_ftp]

-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

SOLVED (was: Re: [PATCH] update raw patch in POM)

[Roberto Nibali]

Looks like we have a winner:

> Index: linux-2.4/net/ipv4/ip_output.c
> ===================================================================
> --- linux-2.4.orig/net/ipv4/ip_output.c	2005-06-08 00:16:54.000000000 +0200
> +++ linux-2.4/net/ipv4/ip_output.c	2005-06-15 23:42:13.000000000 +0200
> @@ -166,6 +166,8 @@
>  	nf_debug_ip_finish_output2(skb);
>  #endif /*CONFIG_NETFILTER_DEBUG*/
> 
> +	nf_reset(skb);
> +
>  	if (hh) {
>  		int hh_alen;

This patch kind of did it. I cannot trigger the oops anymore (with the method
described earlier in this thread) with this patch. It could be related to a
recent fix that went in for 2.6.x kernel, by Patrick:

https://lists.netfilter.org/pipermail/netfilter-devel/2005-March/018857.html

I'll hit it a few more rounds and harder with a couple of thousand rules and a
few hundred megs of data in the conntrack ;).
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM

[Jan Engelhardt]

>nf_conntrack_put(struct nf_ct_info *nfct)
>{
>+        if ((((long) nfct) & 0xf8000000) && atomic_read(&nfct->master->use) <= 1

There is not a constant for 0xf8000000, is there?

>)
>+                BUG();
>        if (nfct && atomic_dec_and_test(&nfct->master->use))
>                nfct->master->destroy(nfct->master);
>}

Jan Engelhardt                                                               
--                                                                            
| Gesellschaft fuer Wissenschaftliche Datenverarbeitung Goettingen,
| Am Fassberg, 37077 Goettingen, www.gwdg.de

Re: SOLVED (was: Re: [PATCH] update raw patch in POM)

[Jozsef Kadlecsik]

Hi Roberto,

On Mon, 20 Jun 2005, Roberto Nibali wrote:

> Looks like we have a winner:
>
> > Index: linux-2.4/net/ipv4/ip_output.c
> > ===================================================================
> > --- linux-2.4.orig/net/ipv4/ip_output.c	2005-06-08 00:16:54.000000000 +0200
> > +++ linux-2.4/net/ipv4/ip_output.c	2005-06-15 23:42:13.000000000 +0200
> > @@ -166,6 +166,8 @@
> >  	nf_debug_ip_finish_output2(skb);
> >  #endif /*CONFIG_NETFILTER_DEBUG*/
> >
> > +	nf_reset(skb);
> > +
> >  	if (hh) {
> >  		int hh_alen;
>
> This patch kind of did it. I cannot trigger the oops anymore (with the method
> described earlier in this thread) with this patch. It could be related to a
> recent fix that went in for 2.6.x kernel, by Patrick:
>
> https://lists.netfilter.org/pipermail/netfilter-devel/2005-March/018857.html

Please check out the thread
https://lists.netfilter.org/pipermail/netfilter-devel/2005-June/020019.html

There are problems with the pach above, alas :-(.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: SOLVED

[Roberto Nibali]

Jozsef Kadlecsik wrote:
> Hi Roberto,
> 
> On Mon, 20 Jun 2005, Roberto Nibali wrote:
> 
> 
>>Looks like we have a winner:
>>
>>
>>>Index: linux-2.4/net/ipv4/ip_output.c
>>>===================================================================
>>>--- linux-2.4.orig/net/ipv4/ip_output.c	2005-06-08 00:16:54.000000000 +0200
>>>+++ linux-2.4/net/ipv4/ip_output.c	2005-06-15 23:42:13.000000000 +0200
>>>@@ -166,6 +166,8 @@
>>> 	nf_debug_ip_finish_output2(skb);
>>> #endif /*CONFIG_NETFILTER_DEBUG*/
>>>
>>>+	nf_reset(skb);
>>>+
>>> 	if (hh) {
>>> 		int hh_alen;
>>
>>This patch kind of did it. I cannot trigger the oops anymore (with the method
>>described earlier in this thread) with this patch. It could be related to a
>>recent fix that went in for 2.6.x kernel, by Patrick:
>>
>>https://lists.netfilter.org/pipermail/netfilter-devel/2005-March/018857.html
> 
> 
> Please check out the thread
> https://lists.netfilter.org/pipermail/netfilter-devel/2005-June/020019.html
> 
> There are problems with the pach above, alas :-(.

I patched it in a different spot and in the 2.4.x kernel things should be a bit
different, shouldn't they?

Regards,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

Jan Engelhardt wrote:
>>nf_conntrack_put(struct nf_ct_info *nfct)
>>{
>>+        if ((((long) nfct) & 0xf8000000) && atomic_read(&nfct->master->use) <= 1
> 
> 
> There is not a constant for 0xf8000000, is there?

Well, I'm sure there is, however it's related to the oops I got which had a
weird stack trace resulting from an address in this range. So we decided to get
a cleaner stack trace by forcing a controlled panic via BUG().

Or did I misunderstand your question?

Cheers,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: SOLVED

[Jozsef Kadlecsik]

On Mon, 20 Jun 2005, Roberto Nibali wrote:

> Jozsef Kadlecsik wrote:
> > Hi Roberto,
> >
> > On Mon, 20 Jun 2005, Roberto Nibali wrote:
> >
> >
> >>Looks like we have a winner:
> >>
> >>
> >>>Index: linux-2.4/net/ipv4/ip_output.c
> >>>===================================================================
> >>>--- linux-2.4.orig/net/ipv4/ip_output.c	2005-06-08 00:16:54.000000000 +0200
> >>>+++ linux-2.4/net/ipv4/ip_output.c	2005-06-15 23:42:13.000000000 +0200
> >>>@@ -166,6 +166,8 @@
> >>> 	nf_debug_ip_finish_output2(skb);
> >>> #endif /*CONFIG_NETFILTER_DEBUG*/
> >>>
> >>>+	nf_reset(skb);
> >>>+
> >>> 	if (hh) {
> >>> 		int hh_alen;
> >>
> >>This patch kind of did it. I cannot trigger the oops anymore (with the method
> >>described earlier in this thread) with this patch. It could be related to a
> >>recent fix that went in for 2.6.x kernel, by Patrick:
> >>
> >>https://lists.netfilter.org/pipermail/netfilter-devel/2005-March/018857.html
> >
> >
> > Please check out the thread
> > https://lists.netfilter.org/pipermail/netfilter-devel/2005-June/020019.html
> >
> > There are problems with the pach above, alas :-(.
>
> I patched it in a different spot and in the 2.4.x kernel things should be a bit
> different, shouldn't they?

I'm blind, sorry for the noise.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: [PATCH] update raw patch in POM

[Thomas Graf]

* Roberto Nibali <42B67BEC.1090105@tac.ch> 2005-06-20 10:18
> > I'm not yet done with testing, however something is not quite right now:
> > 
> > CPU: 2
> > EIP: 0010:[<00000000>] Not tainted
> > Using defaults from ksymoops -t elf32-i386 -a i386
> > EFLAGS: 00010202
> > eax: 00000000 ebx: c287df30 ecx: f8aa1ef4 edx: c287c001
> > esi: 00000000 edi: f7b92a34 ebp: f7b92980 esp: c287deac
> > ds: 0018 es: 0018 ss: 0018
> > Process swapper (pid:0, stackpage=c287d000)
> > Stack: c02a8f74 f8aa1e80 c287df30 f7b92a34 c01de099 f4a4d920 c287df30 00000040
> >        f7b92980 f7b92800 00000000 00000001 00000001 f7b92800 f7b92a18 c01ddee9
> >        f7b92980 f7b928c4 f7b92800 00000002 c0417b20 2471321d 00000000 c02ad245
> > Call trace:  [<c02a8f74>] [<f8aa1e80>] [<c01de099>] [<c01ddee9>] [<c02ad245>]
> > [<c011f7ad>] [<c0108e00>] [<c0105330>] [<c0105330>] [<c0105330>] [<c0105330>]
> > [<c010535c>] [<c01053c2>] [<c011a859>]
> > Code: Bad EIP value.
> 
> Added following code in skbuff.h, because of the strange (overwritten) stack:
> 
> nf_conntrack_put(struct nf_ct_info *nfct)
> {
> +        if ((((long) nfct) & 0xf8000000) && atomic_read(&nfct->master->use) <= 1
> )
> +                BUG();
>         if (nfct && atomic_dec_and_test(&nfct->master->use))
>                 nfct->master->destroy(nfct->master);
> }
> 
> 
> BUG at /home/.../include/linux/skbuff.h: 1175!

:1175 is the BUG above, right? If so it means that we're about to call
destroy() on a conntrack entry which is not allocated. I assume it is
ip_conntrack_untracked.

My theory is:

ip_conntrack_untracked is put into the conntrack with a refcnt of 2
(+1 during init and +1 while assigning it to nfct). Once the packet
leaves the ip stack we release the first use, when the modules
get unloaded we release the entry again and call destroy() on it
resulting in a overall corruption.

The whole notrack thing seems to be a big hack. ;->

Re: [PATCH] update raw patch in POM

[Thomas Graf]

* Thomas Graf <20050621003441.GI8335@postel.suug.ch> 2005-06-21 02:34
> ip_conntrack_untracked is put into the conntrack with a refcnt of 2
> (+1 during init and +1 while assigning it to nfct). Once the packet
> leaves the ip stack we release the first use, when the modules
> get unloaded we release the entry again and call destroy() on it
> resulting in a overall corruption.
> 
> The whole notrack thing seems to be a big hack. ;->

Almost forgot: the nf_reset() patch should "fix" this bug. "Fix"
because it doesn't really fix it but rather hides this issue
for a later possible revival.

Re: [PATCH] update raw patch in POM

[Pablo Neira]

Hi Thomas,

Thomas Graf wrote:
> :1175 is the BUG above, right? If so it means that we're about to call
> destroy() on a conntrack entry which is not allocated. I assume it is
> ip_conntrack_untracked.
> 
> My theory is:
> 
> ip_conntrack_untracked is put into the conntrack with a refcnt of 2
> (+1 during init and +1 while assigning it to nfct). Once the packet
> leaves the ip stack we release the first use, when the modules
> get unloaded we release the entry again and call destroy() on it
> resulting in a overall corruption.

If the module gets unloaded, ip_conntrack_untracked refcount isn't 
decreased, it's still 1. So destroy() is never called. In that case it 
should be really easy to trigger on my slow laptop ;->.

> The whole notrack thing seems to be a big hack. ;->

Indeed. A replacement for this is still in the queue of pending things.

--
Pablo

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

> Almost forgot: the nf_reset() patch should "fix" this bug. "Fix"
> because it doesn't really fix it but rather hides this issue
> for a later possible revival.

I thought so, however is there a clean fix which does not involve rewriting the
raw patch? I mean the unconditional nf_reset() is rather intrusive. What about
other netfilter extensions, they could have the same refcnt problem, couldn't they?

Cheers,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM

[Pablo Neira]

Roberto Nibali wrote:
>>Almost forgot: the nf_reset() patch should "fix" this bug. "Fix"
>>because it doesn't really fix it but rather hides this issue
>>for a later possible revival.
> 
> I thought so, however is there a clean fix which does not involve rewriting the
> raw patch? I mean the unconditional nf_reset() is rather intrusive. What about
> other netfilter extensions, they could have the same refcnt problem, couldn't they?

I've started thinking that a better way to fix this would require to 
review current untracked logic.

--
Pablo

Re: [PATCH] update raw patch in POM

[Jozsef Kadlecsik]

On Tue, 21 Jun 2005, Pablo Neira wrote:

> Roberto Nibali wrote:
> >>Almost forgot: the nf_reset() patch should "fix" this bug. "Fix"
> >>because it doesn't really fix it but rather hides this issue
> >>for a later possible revival.
> >
> > I thought so, however is there a clean fix which does not involve rewriting the
> > raw patch? I mean the unconditional nf_reset() is rather intrusive. What about
> > other netfilter extensions, they could have the same refcnt problem, couldn't they?
>
> I've started thinking that a better way to fix this would require to
> review current untracked logic.

At the very beginning NOTRACK worked by using a flag in nfcache. However
that required ugly conditions both in the conntrack and nat core.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: [PATCH] update raw patch in POM

[Thomas Graf]

Pablo,

* Pablo Neira <42B76474.8080209@eurodev.net> 2005-06-21 02:51
> >ip_conntrack_untracked is put into the conntrack with a refcnt of 2
> >(+1 during init and +1 while assigning it to nfct). Once the packet
> >leaves the ip stack we release the first use, when the modules
> >get unloaded we release the entry again and call destroy() on it
> >resulting in a overall corruption.
> 
> If the module gets unloaded, ip_conntrack_untracked refcount isn't 
> decreased, it's still 1. So destroy() is never called. In that case it 
> should be really easy to trigger on my slow laptop ;->.

How do you explain the BUG() being triggered then?

Re: [PATCH] update raw patch in POM

[Thomas Graf]

* Roberto Nibali <42B7B7D8.1050204@tac.ch> 2005-06-21 08:46
> > Almost forgot: the nf_reset() patch should "fix" this bug. "Fix"
> > because it doesn't really fix it but rather hides this issue
> > for a later possible revival.
> 
> I thought so, however is there a clean fix which does not involve rewriting the
> raw patch? I mean the unconditional nf_reset() is rather intrusive. What about
> other netfilter extensions, they could have the same refcnt problem, couldn't they?

I suggest to introduce a flag to mark undestroyable conntrack
entries just like we declared qdisc->handle == 0 to be default
qdiscs which may never be destroyed. A new status flag might
do it but I'm simply not familiar enough with the netfilter
code to propose any specific fixes.

Re: [PATCH] update raw patch in POM

[Patrick McHardy]

[-- Attachment #1: Type: text/plain, Size: 533 bytes --]

Thomas Graf wrote:
>>If the module gets unloaded, ip_conntrack_untracked refcount isn't 
>>decreased, it's still 1. So destroy() is never called. In that case it 
>>should be really easy to trigger on my slow laptop ;->.
> 
> How do you explain the BUG() being triggered then?

Pablo mentioned to me in private mail that he believes the reason
is packets holding references to ip_conntrack_untracked on module
removal. I agree, and this patch should fix it. Roberto, could
you please try it and tell me if it helps?

Regards
Patrick

[-- Attachment #2: x --]
[-- Type: text/plain, Size: 556 bytes --]

diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1111,7 +1111,9 @@ void ip_conntrack_cleanup(void)
 		schedule();
 		goto i_see_dead_people;
 	}
-
+	/* wait until all references to ip_conntrack_untracked are dropped */
+	while (atomic_read(&ip_conntrack_untracked.ct_general.use) > 1)
+		schedule();
 	kmem_cache_destroy(ip_conntrack_cachep);
 	kmem_cache_destroy(ip_conntrack_expect_cachep);
 	free_conntrack_hash();

Re: [PATCH] update raw patch in POM [2.4.x]

[Roberto Nibali]

Hello Patrick,

Thanks for looking into this. I've added a 2.4.x into the subject because it
seems people forget it sometimes :)

>>>If the module gets unloaded, ip_conntrack_untracked refcount isn't 
>>>decreased, it's still 1. So destroy() is never called. In that case it 
>>>should be really easy to trigger on my slow laptop ;->.
>>
>>How do you explain the BUG() being triggered then?
> 
> Pablo mentioned to me in private mail that he believes the reason
> is packets holding references to ip_conntrack_untracked on module
> removal. I agree, and this patch should fix it. Roberto, could
> you please try it and tell me if it helps?

I already did. Here's an excerpt of an earlier email in this thread regarding
this patch:

>--- linux-2.4.orig/net/ipv4/netfilter/ip_conntrack_core.c	2005-06-15
>> 23:16:43.000000000 +0200
>> +++ linux-2.4/net/ipv4/netfilter/ip_conntrack_core.c	2005-06-17
>> 20:44:18.000000000 +0200
>> @@ -1391,6 +1391,8 @@
>>  		schedule();
>>  		goto i_see_dead_people;
>>  	}
>> +	while (atomic_read(&ip_conntrack_untracked.ct_general.use) != 1)
>> +		schedule();
>>
>>  	kmem_cache_destroy(ip_conntrack_cachep);
>>  	vfree(ip_conntrack_hash);


This results in an endless loop when calling rmmod ip_conntrack. lsmod shows
(deleted) but the process is in D state. No oops of course and no hang.

But I cannot remove the ip_conntrack kernel module anymore. It's "stuck".

> diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
> --- a/net/ipv4/netfilter/ip_conntrack_core.c
> +++ b/net/ipv4/netfilter/ip_conntrack_core.c
> @@ -1111,7 +1111,9 @@ void ip_conntrack_cleanup(void)
>  		schedule();
>  		goto i_see_dead_people;
>  	}
> -
> +	/* wait until all references to ip_conntrack_untracked are dropped */
> +	while (atomic_read(&ip_conntrack_untracked.ct_general.use) > 1)
> +		schedule();
>  	kmem_cache_destroy(ip_conntrack_cachep);
>  	kmem_cache_destroy(ip_conntrack_expect_cachep);
>  	free_conntrack_hash();

This is not a pristine 2.4.x kernel source you diffed against, rather a 2.6.x
one. The ip_conntrack_expect_cachep kmem cache was not used in 2.4.x AFAIK.

Do you want me to rerun the test for more precise statements?

Best regards,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM [2.4.x]

[Patrick McHardy]

Roberto Nibali wrote:
>>Pablo mentioned to me in private mail that he believes the reason
>>is packets holding references to ip_conntrack_untracked on module
>>removal. I agree, and this patch should fix it. Roberto, could
>>you please try it and tell me if it helps?
> 
> 
> I already did. Here's an excerpt of an earlier email in this thread regarding
> this patch:

Hmmm I should have read the whole thread :)

>>--- linux-2.4.orig/net/ipv4/netfilter/ip_conntrack_core.c	2005-06-15
>>
>>>23:16:43.000000000 +0200
>>>+++ linux-2.4/net/ipv4/netfilter/ip_conntrack_core.c	2005-06-17
>>>20:44:18.000000000 +0200
>>>@@ -1391,6 +1391,8 @@
>>> 		schedule();
>>> 		goto i_see_dead_people;
>>> 	}
>>>+	while (atomic_read(&ip_conntrack_untracked.ct_general.use) != 1)
>>>+		schedule();
>>>
>>> 	kmem_cache_destroy(ip_conntrack_cachep);
>>> 	vfree(ip_conntrack_hash);
> 
> 
> 
> This results in an endless loop when calling rmmod ip_conntrack. lsmod shows
> (deleted) but the process is in D state. No oops of course and no hang.
> 
> But I cannot remove the ip_conntrack kernel module anymore. It's "stuck".

This means we're either leaking conntrack entries or packets holding
a reference are queued somewhere. What do you use NOTRACK for?

> Do you want me to rerun the test for more precise statements?

Yes, please make sure no packets are queued in qdiscs (best to use
pfifo) and no raw/packet sockets are open and ip_queue isn't used.
You could also add a printk to the inner body of the
while(atomic_read(...)) loop and print out the reference count, perhaps
it will show something interesting.

Thanks
Patrick

Re: [PATCH] update raw patch in POM [2.4.x]

[Roberto Nibali]

>>This results in an endless loop when calling rmmod ip_conntrack. lsmod shows
>>(deleted) but the process is in D state. No oops of course and no hang.
>>
>>But I cannot remove the ip_conntrack kernel module anymore. It's "stuck".
>  
> This means we're either leaking conntrack entries or packets holding
> a reference are queued somewhere. What do you use NOTRACK for?

There's a lot of situations (broken customer applications, regarding TCP state
transition and timing handling mostly) where we run into major problems using
the connection tracking _with_ tcp window tracking (is a must) on top. The
ip_conntrack_tcp_be_liberal and ip_conntrack_tcp_loose sysctrl's don't help
in those cases. Sometimes we can circumvent window tracking problems using
high ip_conntrack_tcp_max_retrans values. Another reason is that we have no
means to flush selective entries from the connection tracking table except
rmmod'ing the lkm. If we do that we lose all xterm sessions to the packet filter
being reconfigured and also uneccessarily provoke fake failovers in our HA
software. Having the NOTRACK feature allows us to write firewall rules which
seemingly have the same semantics as we had with ipchains in the 2.2.x series.

I could give you a huge list of reasons, all of which have to do in how we use
the packet filtering infrastructure in the given Linux kernel.

>>Do you want me to rerun the test for more precise statements?
> 
> Yes, please make sure no packets are queued in qdiscs (best to use
> pfifo) and no raw/packet sockets are open and ip_queue isn't used.

# tc qdisc show
qdisc pfifo_fast 0: dev eth0 [Unknown qdisc, optlen=20]
qdisc pfifo_fast 0: dev eth1 [Unknown qdisc, optlen=20]

# cat /proc/net/raw
  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt
uid  timeout inode

ip_queue is not used. Following modules are loaded when our small ruleset is set:

Module                  Size  Used by
ipt_NOTRACK             1040   0  (autoclean)
ipt_state                864   0  (autoclean)
ipt_LOG                 3824   0  (autoclean)
ipt_limit               1456   0  (autoclean)
iptable_raw             1536   0  (autoclean)
iptable_mangle          2512   0  (autoclean) (unused)
iptable_filter          2000   0  (autoclean)
ip_nat_ftp              2896   0  (unused)
iptable_nat            20368   1  [ip_nat_ftp]
ip_tables              12448  10  [ipt_NOTRACK ipt_state ipt_LOG ipt_limit iptab
le_raw iptable_mangle iptable_filter iptable_nat]
ip_conntrack_ftp        4000   1
ip_conntrack           29632   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat
ip_conntrack_ftp]

> You could also add a printk to the inner body of the
> while(atomic_read(...)) loop and print out the reference count, perhaps
> it will show something interesting.

After seeing it in D state I reckon I wrap it into a well placed rate limit ;).

Cheers,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM [2.4.x]

[Patrick McHardy]

Roberto Nibali wrote:
>>>Do you want me to rerun the test for more precise statements?
>>
>>Yes, please make sure no packets are queued in qdiscs (best to use
>>pfifo) and no raw/packet sockets are open and ip_queue isn't used.
> 
> 
> # tc qdisc show
> qdisc pfifo_fast 0: dev eth0 [Unknown qdisc, optlen=20]
> qdisc pfifo_fast 0: dev eth1 [Unknown qdisc, optlen=20]
> 
> # cat /proc/net/raw
>   sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt
> uid  timeout inode
> 
> ip_queue is not used. Following modules are loaded when our small ruleset is set:

What about packet sockets? raw sockets actually don't matter, the
reference is dropped before it reaches them. Please send me the raw
table patch you're using.

Regards
Patrick

Re: [PATCH] update raw patch in POM

[Thomas Graf]

* Patrick McHardy <42B81D75.8090205@trash.net> 2005-06-21 16:00
> Thomas Graf wrote:
> >>If the module gets unloaded, ip_conntrack_untracked refcount isn't 
> >>decreased, it's still 1. So destroy() is never called. In that case it 
> >>should be really easy to trigger on my slow laptop ;->.
> > 
> > How do you explain the BUG() being triggered then?
> 
> Pablo mentioned to me in private mail that he believes the reason
> is packets holding references to ip_conntrack_untracked on module
> removal. I agree, and this patch should fix it. Roberto, could
> you please try it and tell me if it helps?
>
> +	/* wait until all references to ip_conntrack_untracked are dropped */
> +	while (atomic_read(&ip_conntrack_untracked.ct_general.use) > 1)
> +		schedule();

This patch seems fine but it cannot fix the bug. The fact that we
trigger the BUG() implies a serious problem which is that we'd be
calling destroy() on a conntrack entry which was never allocated.
As far as I understood Roberto correctly it happens once he's
unloading the conntrack modules which means that up to that point
we still have > 1 references on that entry. So I think we have
two problems:

 a) We might be calling destroy() on dummy conntrack entries
    such as ip_conntrack_untracked which causes corruption.
 
 b) There might be conntrack entries in caches while removing
    modules.

Re: [PATCH] update raw patch in POM

[Patrick McHardy]

Thomas Graf wrote:'
> This patch seems fine but it cannot fix the bug. The fact that we
> trigger the BUG() implies a serious problem which is that we'd be
> calling destroy() on a conntrack entry which was never allocated.

Sorry, I didn't follow the entire thread and there seem to be a lot
of BUG()s :) Which one exactly are you refering to?

Regards
Patrick

Re: [PATCH] update raw patch in POM

[Thomas Graf]

* Patrick McHardy <42B8B181.4020607@trash.net> 2005-06-22 02:32
> Thomas Graf wrote:'
> > This patch seems fine but it cannot fix the bug. The fact that we
> > trigger the BUG() implies a serious problem which is that we'd be
> > calling destroy() on a conntrack entry which was never allocated.
> 
> Sorry, I didn't follow the entire thread and there seem to be a lot
> of BUG()s :) Which one exactly are you refering to?

Roberto added the following to nf_conntrack_put():

if ((((long) nfct) & 0xf8000000) && atomic_read(&nfct->master->use) <= 1)
        BUG();

The 0xf8.. really is a hack but it works on x86.

Re: [PATCH] update raw patch in POM

[Pablo Neira]

Thomas Graf wrote:
> * Patrick McHardy <42B8B181.4020607@trash.net> 2005-06-22 02:32
> 
>>Thomas Graf wrote:'
>>
>>>This patch seems fine but it cannot fix the bug. The fact that we
>>>trigger the BUG() implies a serious problem which is that we'd be
>>>calling destroy() on a conntrack entry which was never allocated.
>>
>>Sorry, I didn't follow the entire thread and there seem to be a lot
>>of BUG()s :) Which one exactly are you refering to?
> 
> 
> Roberto added the following to nf_conntrack_put():
> 
> if ((((long) nfct) & 0xf8000000) && atomic_read(&nfct->master->use) <= 1)
>         BUG();

I don't consider reliable such BUG() triggered since I see this as a 
tricky race condition. AFAICS, the skbuff still enqueued holds a pointer 
to an invalid address that doesn't store ip_conntrack_untracked anymore, 
instead it points to something different, say the .bss section of 
another module reloaded which isn't the ip_conntrack module. Roberto's 
recipe requires module removal and reload in a very short space of time 
and I can't assure that those modules are installed and removed in the 
same order.

--
Pablo

Re: [PATCH] update raw patch in POM

[Patrick McHardy]

Pablo Neira wrote:
>> if ((((long) nfct) & 0xf8000000) && atomic_read(&nfct->master->use) <= 1)
>>         BUG();
> 
> 
> I don't consider reliable such BUG() triggered since I see this as a
> tricky race condition. AFAICS, the skbuff still enqueued holds a pointer
> to an invalid address that doesn't store ip_conntrack_untracked anymore,
> instead it points to something different, say the .bss section of
> another module reloaded which isn't the ip_conntrack module. Roberto's
> recipe requires module removal and reload in a very short space of time
> and I can't assure that those modules are installed and removed in the
> same order.

I agree, let's track down the untracked-missing-references first, then
see if any problems remain.

Regards
Patrick

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

>>>if ((((long) nfct) & 0xf8000000) && atomic_read(&nfct->master->use) <= 1)
>>>        BUG();
>>
>>
>>I don't consider reliable such BUG() triggered since I see this as a
>>tricky race condition. AFAICS, the skbuff still enqueued holds a pointer
>>to an invalid address that doesn't store ip_conntrack_untracked anymore,
>>instead it points to something different, say the .bss section of
>>another module reloaded which isn't the ip_conntrack module. Roberto's
>>recipe requires module removal and reload in a very short space of time
>>and I can't assure that those modules are installed and removed in the
>>same order.
> 
> 
> I agree, let's track down the untracked-missing-references first, then
> see if any problems remain.

I'm on it, results should be available shortly.

Regards,
Roberto Nibal, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM [2.4.x]

[Jozsef Kadlecsik]

Hi Roberto,

On Tue, 21 Jun 2005, Roberto Nibali wrote:

> > This means we're either leaking conntrack entries or packets holding
> > a reference are queued somewhere. What do you use NOTRACK for?
>
> There's a lot of situations (broken customer applications, regarding TCP state
> transition and timing handling mostly) where we run into major problems using
> the connection tracking _with_ tcp window tracking (is a must) on top. The
> ip_conntrack_tcp_be_liberal and ip_conntrack_tcp_loose sysctrl's don't help
> in those cases. Sometimes we can circumvent window tracking problems using
> high ip_conntrack_tcp_max_retrans values. Another reason is that we have no

Are you running a recent kernel from the 2.6 tree? A lot of improvements
had been submitted in in spring and since then I have practically not
received any reports on window tracking problems.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: [PATCH] update raw patch in POM [2.4.x]

[Roberto Nibali]

Hello Jozsef,

I'm not running a 2.6.x kernel for the reasons explained below:

> Are you running a recent kernel from the 2.6 tree? A lot of improvements
> had been submitted in in spring and since then I have practically not
> received any reports on window tracking problems.

I know, however it's completely impossible for us to run 2.6.x kernels, too many
subtle changes are happening between new releases (ACPI routing, interrupt
mitigation in e1000, NAPI, and other subsystems besides networking) and some
features, like for example ipsec have changed fundamentally in the way they work
with regard to filtering or packet traversal. We unfortunately don't have enough
people to track and verify those changes regarding QA.

<off-topic>
A differnet point of view: I don't have the time nor do I get the money to
change our firewall software to be compatible with 2.6.x kernels. Also some
people's quest in trying to optimize latency (see RT threads on LKML) and tuning
mm/* for smoother desktop performance has a negative tendancy on network server
performance.
</off-topic>

Where would I best start to find out about differences between the 2.4.x and
2.6.x version of the tcp window tracking code? Do you remember when you stopped
backporting fixes?

Thanks for your interest,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM [2.4.x]

[Jozsef Kadlecsik]

Hi,

On Wed, 22 Jun 2005, Roberto Nibali wrote:

> > Are you running a recent kernel from the 2.6 tree? A lot of improvements
> > had been submitted in in spring and since then I have practically not
> > received any reports on window tracking problems.
>
> I'm not running a 2.6.x kernel for the reasons explained below:
[..]

Then best thing is to backport the changes. Actually, Krisztian did it
once but that was in the mid of the changes and therefore was never
committed in svn.

OK, I'll do it and report back when it can be downloaded from svn.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: [PATCH] update raw patch in POM [2.4.x]

[Roberto Nibali]

[-- Attachment #1: Type: text/plain, Size: 607 bytes --]

> What about packet sockets? raw sockets actually don't matter, the
> reference is dropped before it reaches them. Please send me the raw
> table patch you're using.

Attached is the raw patch I use.

Regards,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

[-- Attachment #2: linux-2.4.31-raw-table-5.diff --]
[-- Type: text/plain, Size: 24006 bytes --]

diff -Nur linux-2.4.31-orig/Documentation/Configure.help linux-2.4.31-pab2/Documentation/Configure.help
--- linux-2.4.31-orig/Documentation/Configure.help	2005-04-04 03:42:19 +0200
+++ linux-2.4.31-pab2/Documentation/Configure.help	2005-06-15 15:19:43 +0200
@@ -3016,6 +3016,34 @@
   If you want to compile it as a module, say M here and read
   <file:Documentation/modules.txt>.  If unsure, say `N'.
 
+raw table support (required for NOTRACK/TRACE)
+CONFIG_IP_NF_RAW
+  This option adds a `raw' table to iptables. This table is the very
+  first in the netfilter framework and hooks in at the PREROUTING
+  and OUTPUT chains.
+
+  If you want to compile it as a module, say M here and read
+  <file:Documentation/modules.txt>.  If unsure, say `N'.
+
+NOTRACK target support
+CONFIG_IP_NF_TARGET_NOTRACK
+  The NOTRACK target allows a select rule to specify
+  which packets *not* to enter the conntrack/NAT
+  subsystem with all the consequences (no ICMP error tracking,
+  no protocol helpers for the selected packets).
+
+  If you want to compile it as a module, say M here and read
+  <file:Documentation/modules.txt>.  If unsure, say `N'.
+
+raw table support (required for TRACE)
+CONFIG_IP6_NF_RAW
+  This option adds a `raw' table to ip6tables. This table is the very
+  first in the netfilter framework and hooks in at the PREROUTING
+  and OUTPUT chains.
+
+  If you want to compile it as a module, say M here and read
+  <file:Documentation/modules.txt>.  If unsure, say `N'.
+
 Packet filtering
 CONFIG_IP_NF_FILTER
   Packet filtering defines a table `filter', which has a series of
diff -Nur linux-2.4.31-orig/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.4.31-pab2/include/linux/netfilter_ipv4/ip_conntrack.h
--- linux-2.4.31-orig/include/linux/netfilter_ipv4/ip_conntrack.h	2005-06-15 15:20:12 +0200
+++ linux-2.4.31-pab2/include/linux/netfilter_ipv4/ip_conntrack.h	2005-06-15 15:19:43 +0200
@@ -254,6 +254,9 @@
 /* Call me when a conntrack is destroyed. */
 extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);
 
+/* Fake conntrack entry for untracked connections */
+extern struct ip_conntrack ip_conntrack_untracked;
+
 /* Returns new sk_buff, or NULL */
 struct sk_buff *
 ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user);
diff -Nur linux-2.4.31-orig/include/linux/netfilter_ipv4/ipt_conntrack.h linux-2.4.31-pab2/include/linux/netfilter_ipv4/ipt_conntrack.h
--- linux-2.4.31-orig/include/linux/netfilter_ipv4/ipt_conntrack.h	2002-11-29 00:53:15 +0100
+++ linux-2.4.31-pab2/include/linux/netfilter_ipv4/ipt_conntrack.h	2005-06-15 15:19:43 +0200
@@ -10,6 +10,7 @@
 
 #define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
 #define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
+#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
 
 /* flags, invflags: */
 #define IPT_CONNTRACK_STATE	0x01
diff -Nur linux-2.4.31-orig/include/linux/netfilter_ipv4/ipt_state.h linux-2.4.31-pab2/include/linux/netfilter_ipv4/ipt_state.h
--- linux-2.4.31-orig/include/linux/netfilter_ipv4/ipt_state.h	2000-04-14 18:37:20 +0200
+++ linux-2.4.31-pab2/include/linux/netfilter_ipv4/ipt_state.h	2005-06-15 15:19:43 +0200
@@ -3,6 +3,7 @@
 
 #define IPT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
 #define IPT_STATE_INVALID (1 << 0)
+#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
 
 struct ipt_state_info
 {
diff -Nur linux-2.4.31-orig/include/linux/netfilter_ipv4.h linux-2.4.31-pab2/include/linux/netfilter_ipv4.h
--- linux-2.4.31-orig/include/linux/netfilter_ipv4.h	2002-02-25 20:38:13 +0100
+++ linux-2.4.31-pab2/include/linux/netfilter_ipv4.h	2005-06-15 15:19:43 +0200
@@ -51,6 +51,8 @@
 
 enum nf_ip_hook_priorities {
 	NF_IP_PRI_FIRST = INT_MIN,
+	NF_IP_PRI_CONNTRACK_DEFRAG = -400,
+	NF_IP_PRI_RAW = -300,
 	NF_IP_PRI_CONNTRACK = -200,
 	NF_IP_PRI_MANGLE = -150,
 	NF_IP_PRI_NAT_DST = -100,
diff -Nur linux-2.4.31-orig/net/ipv4/netfilter/Config.in linux-2.4.31-pab2/net/ipv4/netfilter/Config.in
--- linux-2.4.31-orig/net/ipv4/netfilter/Config.in	2005-01-19 15:10:13 +0100
+++ linux-2.4.31-pab2/net/ipv4/netfilter/Config.in	2005-06-15 15:19:43 +0200
@@ -107,6 +107,15 @@
   dep_tristate '  LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES
   dep_tristate '  ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES
   dep_tristate '  TCPMSS target support' CONFIG_IP_NF_TARGET_TCPMSS $CONFIG_IP_NF_IPTABLES
+  if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+    tristate '  raw table support (required for NOTRACK/TRACE)' CONFIG_IP_NF_RAW $CONFIG_IP_NF_IPTABLES
+  fi
+  if [ "$CONFIG_IP_NF_RAW" != "n" ]; then
+    if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
+      dep_tristate '    NOTRACK target support' CONFIG_IP_NF_TARGET_NOTRACK $CONFIG_IP_NF_RAW
+    fi
+  # Marker for TRACE target
+  fi
 fi
 
 tristate 'ARP tables support' CONFIG_IP_NF_ARPTABLES
diff -Nur linux-2.4.31-orig/net/ipv4/netfilter/Makefile linux-2.4.31-pab2/net/ipv4/netfilter/Makefile
--- linux-2.4.31-orig/net/ipv4/netfilter/Makefile	2005-06-15 15:20:12 +0200
+++ linux-2.4.31-pab2/net/ipv4/netfilter/Makefile	2005-06-15 15:19:43 +0200
@@ -65,6 +65,7 @@
 obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o
 obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o
 obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o
+obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
 
 # matches
 obj-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper.o
@@ -90,6 +91,7 @@
 obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack.o
 obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o
 obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o
+obj-$(CONFIG_IP_NF_TARGET_NOTRACK) += ipt_NOTRACK.o
 
 # targets
 obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
diff -Nur linux-2.4.31-orig/net/ipv4/netfilter/ip_conntrack_core.c linux-2.4.31-pab2/net/ipv4/netfilter/ip_conntrack_core.c
--- linux-2.4.31-orig/net/ipv4/netfilter/ip_conntrack_core.c	2005-06-15 15:20:12 +0200
+++ linux-2.4.31-pab2/net/ipv4/netfilter/ip_conntrack_core.c	2005-06-15 15:19:43 +0200
@@ -65,6 +65,7 @@
 struct list_head *ip_conntrack_hash;
 static kmem_cache_t *ip_conntrack_cachep;
 static LIST_HEAD(unconfirmed);
+struct ip_conntrack ip_conntrack_untracked;
 
 extern struct ip_conntrack_protocol ip_conntrack_generic_protocol;
 
@@ -823,6 +824,19 @@
 	int set_reply;
 	int ret;
 
+	/* Previously seen (loopback or untracked)?  Ignore. */
+	if ((*pskb)->nfct)
+		return NF_ACCEPT;
+
+	/* Never happen */
+	if ((*pskb)->nh.iph->frag_off & htons(IP_OFFSET)) {
+		if (net_ratelimit()) {
+		printk(KERN_ERR "ip_conntrack_in: Frag of proto %u (hook=%u)\n",
+		       (*pskb)->nh.iph->protocol, hooknum);
+		}
+		return NF_DROP;
+	}
+
 	/* FIXME: Do this right please. --RR */
 	(*pskb)->nfcache |= NFC_UNKNOWN;
 
@@ -841,21 +855,6 @@
 	}
 #endif
 
-	/* Previously seen (loopback)?  Ignore.  Do this before
-           fragment check. */
-	if ((*pskb)->nfct)
-		return NF_ACCEPT;
-
-	/* Gather fragments. */
-	if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
-		*pskb = ip_ct_gather_frags(*pskb,
-		                           hooknum == NF_IP_PRE_ROUTING ?
-		                           IP_DEFRAG_CONNTRACK_IN :
-		                           IP_DEFRAG_CONNTRACK_OUT);
-		if (!*pskb)
-			return NF_STOLEN;
-	}
-
 	proto = ip_ct_find_proto((*pskb)->nh.iph->protocol);
 
 	/* It may be an icmp error... */
@@ -1460,6 +1459,18 @@
 
 	/* For use by ipt_REJECT */
 	ip_ct_attach = ip_conntrack_attach;
+
+	/* Set up fake conntrack:
+	 	- to never be deleted, not in any hashes */
+	atomic_set(&ip_conntrack_untracked.ct_general.use, 1);
+	/*	- and look it like as a confirmed connection */
+	set_bit(IPS_CONFIRMED_BIT, &ip_conntrack_untracked.status);
+	/*	- and prepare the ctinfo field for REJECT/NAT. */
+	ip_conntrack_untracked.infos[IP_CT_NEW].master =
+	ip_conntrack_untracked.infos[IP_CT_RELATED].master =
+	ip_conntrack_untracked.infos[IP_CT_RELATED + IP_CT_IS_REPLY].master =
+		&ip_conntrack_untracked.ct_general;
+
 	return ret;
 
 err_free_hash:
diff -Nur linux-2.4.31-orig/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.4.31-pab2/net/ipv4/netfilter/ip_conntrack_standalone.c
--- linux-2.4.31-orig/net/ipv4/netfilter/ip_conntrack_standalone.c	2005-06-15 15:20:12 +0200
+++ linux-2.4.31-pab2/net/ipv4/netfilter/ip_conntrack_standalone.c	2005-06-15 15:19:43 +0200
@@ -189,6 +189,29 @@
 	return ip_conntrack_confirm(*pskb);
 }
 
+static unsigned int ip_conntrack_defrag(unsigned int hooknum,
+					struct sk_buff **pskb,
+					const struct net_device *in,
+					const struct net_device *out,
+					int (*okfn)(struct sk_buff *))
+{
+	/* Previously seen (loopback)?  Ignore.  Do this before
+	 * fragment check. */
+	if ((*pskb)->nfct)
+		return NF_ACCEPT;
+
+        /* Gather fragments. */
+        if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
+                *pskb = ip_ct_gather_frags(*pskb,
+                                           hooknum == NF_IP_PRE_ROUTING ?
+                                           IP_DEFRAG_CONNTRACK_IN :
+                                           IP_DEFRAG_CONNTRACK_OUT);
+                if (!*pskb)
+                        return NF_STOLEN;
+        }
+	return NF_ACCEPT;
+}
+
 static unsigned int ip_refrag(unsigned int hooknum,
 			      struct sk_buff **pskb,
 			      const struct net_device *in,
@@ -230,9 +253,15 @@
 
 /* Connection tracking may drop packets, but never alters them, so
    make it the first hook. */
+static struct nf_hook_ops ip_conntrack_defrag_ops
+= { { NULL, NULL }, ip_conntrack_defrag, PF_INET, NF_IP_PRE_ROUTING,
+	NF_IP_PRI_CONNTRACK_DEFRAG };
 static struct nf_hook_ops ip_conntrack_in_ops
 = { { NULL, NULL }, ip_conntrack_in, PF_INET, NF_IP_PRE_ROUTING,
 	NF_IP_PRI_CONNTRACK };
+static struct nf_hook_ops ip_conntrack_defrag_local_out_ops
+= { { NULL, NULL }, ip_conntrack_defrag, PF_INET, NF_IP_LOCAL_OUT,
+	NF_IP_PRI_CONNTRACK_DEFRAG };
 static struct nf_hook_ops ip_conntrack_local_out_ops
 = { { NULL, NULL }, ip_conntrack_local, PF_INET, NF_IP_LOCAL_OUT,
 	NF_IP_PRI_CONNTRACK };
@@ -373,10 +402,21 @@
 	if (!proc) goto cleanup_init;
 	proc->owner = THIS_MODULE;
 
+	ret = nf_register_hook(&ip_conntrack_defrag_ops);
+	if (ret < 0) {
+		printk("ip_conntrack: can't register pre-routing defrag hook.\n");
+		goto cleanup_proc;
+	}
+	ret = nf_register_hook(&ip_conntrack_defrag_local_out_ops);
+	if (ret < 0) {
+		printk("ip_conntrack: can't register local_out defrag hook.\n");
+		goto cleanup_defragops;
+	}
+
 	ret = nf_register_hook(&ip_conntrack_in_ops);
 	if (ret < 0) {
 		printk("ip_conntrack: can't register pre-routing hook.\n");
-		goto cleanup_proc;
+		goto cleanup_defraglocalops;
 	}
 	ret = nf_register_hook(&ip_conntrack_local_out_ops);
 	if (ret < 0) {
@@ -414,6 +454,10 @@
 	nf_unregister_hook(&ip_conntrack_local_out_ops);
  cleanup_inops:
 	nf_unregister_hook(&ip_conntrack_in_ops);
+ cleanup_defraglocalops:
+	nf_unregister_hook(&ip_conntrack_defrag_local_out_ops);
+ cleanup_defragops:
+	nf_unregister_hook(&ip_conntrack_defrag_ops);
  cleanup_proc:
 	proc_net_remove("ip_conntrack");
  cleanup_init:
@@ -503,5 +547,6 @@
 EXPORT_SYMBOL(ip_conntrack_expect_list);
 EXPORT_SYMBOL(ip_conntrack_lock);
 EXPORT_SYMBOL(ip_conntrack_hash);
+EXPORT_SYMBOL(ip_conntrack_untracked);
 EXPORT_SYMBOL_GPL(ip_conntrack_find_get);
 EXPORT_SYMBOL_GPL(ip_conntrack_put);
diff -Nur linux-2.4.31-orig/net/ipv4/netfilter/ip_nat_core.c linux-2.4.31-pab2/net/ipv4/netfilter/ip_nat_core.c
--- linux-2.4.31-orig/net/ipv4/netfilter/ip_nat_core.c	2005-04-04 03:42:20 +0200
+++ linux-2.4.31-pab2/net/ipv4/netfilter/ip_nat_core.c	2005-06-15 15:19:43 +0200
@@ -1024,6 +1024,10 @@
 	IP_NF_ASSERT(ip_conntrack_destroyed == NULL);
 	ip_conntrack_destroyed = &ip_nat_cleanup_conntrack;
 
+	/* Initialize fake conntrack so that NAT will skip it */
+	ip_conntrack_untracked.nat.info.initialized |=
+		(1 << IP_NAT_MANIP_SRC) | (1 << IP_NAT_MANIP_DST);
+
 	return 0;
 }
 
diff -Nur linux-2.4.31-orig/net/ipv4/netfilter/ipt_NOTRACK.c linux-2.4.31-pab2/net/ipv4/netfilter/ipt_NOTRACK.c
--- linux-2.4.31-orig/net/ipv4/netfilter/ipt_NOTRACK.c	1970-01-01 01:00:00 +0100
+++ linux-2.4.31-pab2/net/ipv4/netfilter/ipt_NOTRACK.c	2005-06-15 15:19:43 +0200
@@ -0,0 +1,75 @@
+/* This is a module which is used for setting up fake conntracks
+ * on packets so that they are not seen by the conntrack/NAT code.
+ */
+#include <linux/module.h>
+#include <linux/skbuff.h>
+
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ip_conntrack.h>
+
+static unsigned int
+target(struct sk_buff **pskb,
+       unsigned int hooknum,
+       const struct net_device *in,
+       const struct net_device *out,
+       const void *targinfo,
+       void *userinfo)
+{
+	/* Previously seen (loopback)? Ignore. */
+	if ((*pskb)->nfct != NULL)
+		return IPT_CONTINUE;
+
+	/* Attach fake conntrack entry. 
+	   If there is a real ct entry correspondig to this packet, 
+	   it'll hang aroun till timing out. We don't deal with it
+	   for performance reasons. JK */
+	(*pskb)->nfct = &ip_conntrack_untracked.infos[IP_CT_NEW];
+	nf_conntrack_get((*pskb)->nfct);
+
+	return IPT_CONTINUE;
+}
+
+static int
+checkentry(const char *tablename,
+	   const struct ipt_entry *e,
+           void *targinfo,
+           unsigned int targinfosize,
+           unsigned int hook_mask)
+{
+	if (targinfosize != 0) {
+		printk(KERN_WARNING "NOTRACK: targinfosize %u != 0\n",
+		       targinfosize);
+		return 0;
+	}
+
+	if (strcmp(tablename, "raw") != 0) {
+		printk(KERN_WARNING "NOTRACK: can only be called from \"raw\" table, not \"%s\"\n", tablename);
+		return 0;
+	}
+
+	return 1;
+}
+
+static struct ipt_target ipt_notrack_reg = { 
+	.name = "NOTRACK", 
+	.target = target, 
+	.checkentry = checkentry, 
+	.me = THIS_MODULE 
+};
+
+static int __init init(void)
+{
+	if (ipt_register_target(&ipt_notrack_reg))
+		return -EINVAL;
+
+	return 0;
+}
+
+static void __exit fini(void)
+{
+	ipt_unregister_target(&ipt_notrack_reg);
+}
+
+module_init(init);
+module_exit(fini);
+MODULE_LICENSE("GPL");
diff -Nur linux-2.4.31-orig/net/ipv4/netfilter/ipt_conntrack.c linux-2.4.31-pab2/net/ipv4/netfilter/ipt_conntrack.c
--- linux-2.4.31-orig/net/ipv4/netfilter/ipt_conntrack.c	2004-02-18 14:36:32 +0100
+++ linux-2.4.31-pab2/net/ipv4/netfilter/ipt_conntrack.c	2005-06-15 15:19:43 +0200
@@ -27,7 +27,9 @@
 
 #define FWINV(bool,invflg) ((bool) ^ !!(sinfo->invflags & invflg))
 
-	if (ct)
+	if (skb->nfct == &ip_conntrack_untracked.infos[IP_CT_NEW])
+		statebit = IPT_CONNTRACK_STATE_UNTRACKED;
+	else if (ct)
 		statebit = IPT_CONNTRACK_STATE_BIT(ctinfo);
 	else
 		statebit = IPT_CONNTRACK_STATE_INVALID;
diff -Nur linux-2.4.31-orig/net/ipv4/netfilter/ipt_state.c linux-2.4.31-pab2/net/ipv4/netfilter/ipt_state.c
--- linux-2.4.31-orig/net/ipv4/netfilter/ipt_state.c	2004-02-18 14:36:32 +0100
+++ linux-2.4.31-pab2/net/ipv4/netfilter/ipt_state.c	2005-06-15 15:19:43 +0200
@@ -21,7 +21,9 @@
 	enum ip_conntrack_info ctinfo;
 	unsigned int statebit;
 
-	if (!ip_conntrack_get((struct sk_buff *)skb, &ctinfo))
+	if (skb->nfct == &ip_conntrack_untracked.infos[IP_CT_NEW])
+		statebit = IPT_STATE_UNTRACKED;
+	else if (!ip_conntrack_get((struct sk_buff *)skb, &ctinfo))
 		statebit = IPT_STATE_INVALID;
 	else
 		statebit = IPT_STATE_BIT(ctinfo);
diff -Nur linux-2.4.31-orig/net/ipv4/netfilter/iptable_raw.c linux-2.4.31-pab2/net/ipv4/netfilter/iptable_raw.c
--- linux-2.4.31-orig/net/ipv4/netfilter/iptable_raw.c	1970-01-01 01:00:00 +0100
+++ linux-2.4.31-pab2/net/ipv4/netfilter/iptable_raw.c	2005-06-15 15:19:43 +0200
@@ -0,0 +1,149 @@
+/* 
+ * 'raw' table, which is the very first hooked in at PRE_ROUTING and LOCAL_OUT .
+ *
+ * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ */
+#include <linux/module.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+#define RAW_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT))
+
+/* Standard entry. */
+struct ipt_standard
+{
+	struct ipt_entry entry;
+	struct ipt_standard_target target;
+};
+
+struct ipt_error_target
+{
+	struct ipt_entry_target target;
+	char errorname[IPT_FUNCTION_MAXNAMELEN];
+};
+
+struct ipt_error
+{
+	struct ipt_entry entry;
+	struct ipt_error_target target;
+};
+
+static struct
+{
+	struct ipt_replace repl;
+	struct ipt_standard entries[2];
+	struct ipt_error term;
+} initial_table __initdata
+= { { "raw", RAW_VALID_HOOKS, 3,
+      sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error),
+      { [NF_IP_PRE_ROUTING] 0,
+	[NF_IP_LOCAL_OUT] sizeof(struct ipt_standard) },
+      { [NF_IP_PRE_ROUTING] 0,
+	[NF_IP_LOCAL_OUT] sizeof(struct ipt_standard) },
+      0, NULL, { } },
+    {
+	    /* PRE_ROUTING */
+	    { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
+		0,
+		sizeof(struct ipt_entry),
+		sizeof(struct ipt_standard),
+		0, { 0, 0 }, { } },
+	      { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
+		-NF_ACCEPT - 1 } },
+	    /* LOCAL_OUT */
+	    { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
+		0,
+		sizeof(struct ipt_entry),
+		sizeof(struct ipt_standard),
+		0, { 0, 0 }, { } },
+	      { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
+		-NF_ACCEPT - 1 } }
+    },
+    /* ERROR */
+    { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
+	0,
+	sizeof(struct ipt_entry),
+	sizeof(struct ipt_error),
+	0, { 0, 0 }, { } },
+      { { { { IPT_ALIGN(sizeof(struct ipt_error_target)), IPT_ERROR_TARGET } },
+	  { } },
+	"ERROR"
+      }
+    }
+};
+
+static struct ipt_table packet_raw = { 
+	.name = "raw", 
+	.table = &initial_table.repl,
+	.valid_hooks =  RAW_VALID_HOOKS, 
+	.lock = RW_LOCK_UNLOCKED, 
+	.me = THIS_MODULE
+};
+
+/* The work comes in here from netfilter.c. */
+static unsigned int
+ipt_hook(unsigned int hook,
+	 struct sk_buff **pskb,
+	 const struct net_device *in,
+	 const struct net_device *out,
+	 int (*okfn)(struct sk_buff *))
+{
+	return ipt_do_table(pskb, hook, in, out, &packet_raw, NULL);
+}
+
+/* 'raw' is the very first table. */
+static struct nf_hook_ops ipt_ops[] = {
+	{
+	  .hook = ipt_hook, 
+	  .pf = PF_INET, 
+	  .hooknum = NF_IP_PRE_ROUTING, 
+	  .priority = NF_IP_PRI_RAW
+	},
+	{
+	  .hook = ipt_hook, 
+	  .pf = PF_INET, 
+	  .hooknum = NF_IP_LOCAL_OUT, 
+	  .priority = NF_IP_PRI_RAW
+	},
+};
+
+static int __init init(void)
+{
+	int ret;
+
+	/* Register table */
+	ret = ipt_register_table(&packet_raw);
+	if (ret < 0)
+		return ret;
+
+	/* Register hooks */
+	ret = nf_register_hook(&ipt_ops[0]);
+	if (ret < 0)
+		goto cleanup_table;
+
+	ret = nf_register_hook(&ipt_ops[1]);
+	if (ret < 0)
+		goto cleanup_hook0;
+
+	return ret;
+
+ cleanup_hook0:
+	nf_unregister_hook(&ipt_ops[0]);
+ cleanup_table:
+	ipt_unregister_table(&packet_raw);
+
+	return ret;
+}
+
+static void __exit fini(void)
+{
+	unsigned int i;
+
+	for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
+		nf_unregister_hook(&ipt_ops[i]);
+
+	ipt_unregister_table(&packet_raw);
+}
+
+module_init(init);
+module_exit(fini);
+MODULE_LICENSE("GPL");
diff -Nur linux-2.4.31-orig/net/ipv6/netfilter/Config.in linux-2.4.31-pab2/net/ipv6/netfilter/Config.in
--- linux-2.4.31-orig/net/ipv6/netfilter/Config.in	2003-06-13 16:51:39 +0200
+++ linux-2.4.31-pab2/net/ipv6/netfilter/Config.in	2005-06-15 15:19:43 +0200
@@ -75,4 +75,9 @@
   #dep_tristate '  LOG target support' CONFIG_IP6_NF_TARGET_LOG $CONFIG_IP6_NF_IPTABLES
 fi
 
+  if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+    tristate '  raw table support (required for TRACE)' CONFIG_IP6_NF_RAW $CONFIG_IP6_NF_IPTABLES
+  fi
+  # Marker for TRACE target
+
 endmenu
diff -Nur linux-2.4.31-orig/net/ipv6/netfilter/Makefile linux-2.4.31-pab2/net/ipv6/netfilter/Makefile
--- linux-2.4.31-orig/net/ipv6/netfilter/Makefile	2003-06-13 16:51:39 +0200
+++ linux-2.4.31-pab2/net/ipv6/netfilter/Makefile	2005-06-15 15:19:43 +0200
@@ -30,6 +30,7 @@
 obj-$(CONFIG_IP6_NF_TARGET_MARK) += ip6t_MARK.o
 obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o
 obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
+obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o
 obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o
 
 include $(TOPDIR)/Rules.make
diff -Nur linux-2.4.31-orig/net/ipv6/netfilter/ip6table_raw.c linux-2.4.31-pab2/net/ipv6/netfilter/ip6table_raw.c
--- linux-2.4.31-orig/net/ipv6/netfilter/ip6table_raw.c	1970-01-01 01:00:00 +0100
+++ linux-2.4.31-pab2/net/ipv6/netfilter/ip6table_raw.c	2005-06-15 15:19:43 +0200
@@ -0,0 +1,154 @@
+/*
+ * IPv6 raw table, a port of the IPv4 raw table to IPv6
+ *
+ * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ */
+#include <linux/module.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+
+#define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_OUT))
+
+#if 0
+#define DEBUGP(x, args...)	printk(KERN_DEBUG x, ## args)
+#else
+#define DEBUGP(x, args...)
+#endif
+
+/* Standard entry. */
+struct ip6t_standard
+{
+	struct ip6t_entry entry;
+	struct ip6t_standard_target target;
+};
+
+struct ip6t_error_target
+{
+	struct ip6t_entry_target target;
+	char errorname[IP6T_FUNCTION_MAXNAMELEN];
+};
+
+struct ip6t_error
+{
+	struct ip6t_entry entry;
+	struct ip6t_error_target target;
+};
+
+static struct
+{
+	struct ip6t_replace repl;
+	struct ip6t_standard entries[2];
+	struct ip6t_error term;
+} initial_table __initdata 
+= { { "raw", RAW_VALID_HOOKS, 3,
+      sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error),
+      { [NF_IP6_PRE_ROUTING] 	0,
+	[NF_IP6_LOCAL_OUT]	sizeof(struct ip6t_standard) },
+      { [NF_IP6_PRE_ROUTING] 	0,
+	[NF_IP6_LOCAL_OUT]	sizeof(struct ip6t_standard) },
+      0, NULL, { } },
+    {
+	    /* PRE_ROUTING */
+            { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
+		0,
+		sizeof(struct ip6t_entry),
+		sizeof(struct ip6t_standard),
+		0, { 0, 0 }, { } },
+	      { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
+		-NF_ACCEPT - 1 } },
+	    /* LOCAL_OUT */
+            { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
+		0,
+		sizeof(struct ip6t_entry),
+		sizeof(struct ip6t_standard),
+		0, { 0, 0 }, { } },
+	      { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
+		-NF_ACCEPT - 1 } },
+    },
+    /* ERROR */
+    { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
+	0,
+	sizeof(struct ip6t_entry),
+	sizeof(struct ip6t_error),
+	0, { 0, 0 }, { } },
+      { { { { IP6T_ALIGN(sizeof(struct ip6t_error_target)), IP6T_ERROR_TARGET } },
+	  { } },
+	"ERROR"
+      }
+    }
+};
+
+static struct ip6t_table packet_raw = { 
+	.name = "raw", 
+	.table = &initial_table.repl,
+	.valid_hooks = RAW_VALID_HOOKS, 
+	.lock = RW_LOCK_UNLOCKED, 
+	.me = THIS_MODULE
+};
+
+/* The work comes in here from netfilter.c. */
+static unsigned int
+ip6t_hook(unsigned int hook,
+	 struct sk_buff **pskb,
+	 const struct net_device *in,
+	 const struct net_device *out,
+	 int (*okfn)(struct sk_buff *))
+{
+	return ip6t_do_table(pskb, hook, in, out, &packet_raw, NULL);
+}
+
+static struct nf_hook_ops ip6t_ops[] = { 
+	{
+	  .hook = ip6t_hook, 
+	  .pf = PF_INET6,
+	  .hooknum = NF_IP6_PRE_ROUTING,
+	  .priority = NF_IP6_PRI_FIRST
+	},
+	{
+	  .hook = ip6t_hook, 
+	  .pf = PF_INET6, 
+	  .hooknum = NF_IP6_LOCAL_OUT,
+	  .priority = NF_IP6_PRI_FIRST
+	},
+};
+
+static int __init init(void)
+{
+	int ret;
+
+	/* Register table */
+	ret = ip6t_register_table(&packet_raw);
+	if (ret < 0)
+		return ret;
+
+	/* Register hooks */
+	ret = nf_register_hook(&ip6t_ops[0]);
+	if (ret < 0)
+		goto cleanup_table;
+
+	ret = nf_register_hook(&ip6t_ops[1]);
+	if (ret < 0)
+		goto cleanup_hook0;
+
+	return ret;
+
+ cleanup_hook0:
+	nf_unregister_hook(&ip6t_ops[0]);
+ cleanup_table:
+	ip6t_unregister_table(&packet_raw);
+
+	return ret;
+}
+
+static void __exit fini(void)
+{
+	unsigned int i;
+
+	for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
+		nf_unregister_hook(&ip6t_ops[i]);
+
+	ip6t_unregister_table(&packet_raw);
+}
+
+module_init(init);
+module_exit(fini);
+MODULE_LICENSE("GPL");

Re: [PATCH] update raw patch in POM [2.4.x]

[Roberto Nibali]

Hello Jozsef,

> Then best thing is to backport the changes. Actually, Krisztian did it
> once but that was in the mid of the changes and therefore was never
> committed in svn.
> 
> OK, I'll do it and report back when it can be downloaded from svn.

This is truely appreciated, thanks. So I can concentrate on the refcnt issue
with the raw patch.

Regards,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

[-- Attachment #1: Type: text/plain, Size: 2627 bytes --]

Back with some results.

First I used following patch to make stuff more visible:

--- linux-2.4.31-orig/net/ipv4/netfilter/ip_conntrack_core.c    Wed Jun 15 15:25
:41 2005
+++ linux-2.4.31-pab2/net/ipv4/netfilter/ip_conntrack_core.c    Wed Jun 22 11:24
:57 2005
@@ -46,7 +46,8 @@

 #define IP_CONNTRACK_VERSION   "2.1"

-#if 0
+//#if 0
+#if 1
 #define DEBUGP printk
 #else
 #define DEBUGP(format, args...)
@@ -1389,10 +1390,23 @@
  i_see_dead_people:
        ip_ct_iterate_cleanup(kill_all, NULL);
        if (atomic_read(&ip_conntrack_count) != 0) {
+               if (net_ratelimit()) {
+                       printk(KERN_ERR "dead poets society seeks for conntrack_
cnt: %d\n", atomic_read(&ip_conntrack_count));
+               }
                schedule();
                goto i_see_dead_people;
        }

+
+       while (atomic_read(&ip_conntrack_untracked.ct_general.use) > 1) {
+               if (net_ratelimit()) {
+                       printk(KERN_ERR "untracked_use_cnt: %d, conntrack_cnt: %
d\n",
+                               atomic_read(&ip_conntrack_untracked.ct_general.u
se),
+                               atomic_read(&ip_conntrack_count));
+               }
+               schedule();
+       }
+
        kmem_cache_destroy(ip_conntrack_cachep);
        vfree(ip_conntrack_hash);
        nf_unregister_sockopt(&so_getorigdst);

Every second I ran following little scriptlet and stored the information in a
file attached as sockstat_log-save:

#!/bin/bash

echo "timestamp"
echo "---------"
date +%T
echo
echo "iptables states"
echo "---------------"
iptstate -L -s -t
echo
echo "sockstat"
echo ----------
ss -a -e -p -i -n -m
ss -a -e -0
echo "lsmod"
echo "-----"
lsmod
echo "*******************************************************************"

For a couple of seconds the ip_conntrack in in deleted state and the whole
machine hangs, after 30 seconds I can work again on all sessions (logged in via
ssh) which have the NOTRACK flag set.

> I agree, let's track down the untracked-missing-references first, then
> see if any problems remain.

I attached the kernlog during the rmmod ip_conntrack and others. The nf_reset()
part is commented out.

Let me know if you need something else.

Regards,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

[-- Attachment #2: sockstat_log-save --]
[-- Type: text/plain, Size: 159976 bytes --]

timestamp
---------
15:17:44

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 1 -- TCP: 1 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    
172.23.2.30:33088     172.23.120.120:234    tcp     ESTABLISHED    0:04:59

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,119min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,0) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f4096,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f8192,t0) ts sack wscale:0,0 rto:220 rtt:22.5/15 ato:40 cwnd:23
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:46

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 1 -- TCP: 1 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    
172.23.2.30:33088     172.23.120.120:234    tcp     ESTABLISHED  119:59:59

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,119min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,0) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f4096,t1800) ts sack wscale:0,0 rto:220 rtt:22.5/15 ato:40 cwnd:12
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:47

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 1 -- TCP: 1 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    
172.23.2.30:33088     172.23.120.120:234    tcp     ESTABLISHED  119:59:59

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,119min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,0) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      31808        172.23.120.120:234            172.23.2.30:33088  timer:(on,210ms,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w41400,f3656,t1800) ts sack wscale:0,0 rto:220 rtt:20/10 ato:40 cwnd:25
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:48

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 1 -- TCP: 1 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    
172.23.2.30:33088     172.23.120.120:234    tcp     ESTABLISHED    0:04:59

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,119min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,0) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t1800) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:49

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 1 -- TCP: 1 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    
172.23.2.30:33088     172.23.120.120:234    tcp     ESTABLISHED    0:04:59

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,119min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,0) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f4096,t1800) ts sack wscale:0,0 rto:220 rtt:22.5/15 ato:40 cwnd:22
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:50

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,160ms,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,400ms,1) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:51

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,390ms,2) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,210ms,2) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:52

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,1.030ms,3) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,850ms,3) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:53

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,3.350ms,4) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,3.170ms,4) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:54

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,2.320ms,4) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,2.140ms,4) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:55

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,1.280ms,4) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,1.100ms,4) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:56

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,250ms,4) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,070ms,4) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:57

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,5.940ms,5) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,5.760ms,5) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:58

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,4.880ms,5) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,4.700ms,5) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:17:59

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,3.850ms,5) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,3.670ms,5) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:00

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,2.820ms,5) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,2.640ms,5) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:01

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,1.790ms,5) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,1.610ms,5) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:02

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,760ms,5) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,580ms,5) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:03

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,13sec,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,12sec,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:04

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,12sec,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,11sec,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:05

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,11sec,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,10sec,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:06

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,10sec,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,9.900ms,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:07

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,9.050ms,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,8.870ms,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:08

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,8.020ms,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      80           172.23.120.120:234            172.23.2.31:45103  timer:(persist,7.840ms,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w1800,f2296,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ip_conntrack               0   0  (deleted)
ipt_LOG                 3728   0  (autoclean)
ipt_limit               1360   0  (autoclean)
iptable_raw             1440   0  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   0  (autoclean)
ip_tables              12352   5  [ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:09

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,6.990ms,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f4096,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   3  (autoclean)
ipt_state                768  50  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  24  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:10

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,5.960ms,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:11

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,4.930ms,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:12

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,3.900ms,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:13

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,2.870ms,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:14

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,1.840ms,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:15

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      48           172.23.120.120:234            172.23.2.31:48701  timer:(persist,810ms,6) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w1800,f2296,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:16

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,119min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:18

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:19

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:20

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,68min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:21

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:22

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:23

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:24

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:25

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:26

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:27

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:28

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:29

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:30

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:31

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:32

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:33

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:34

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,69min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:35

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:36

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:37

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:38

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:39

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:40

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:41

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:42

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:43

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,68min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:44

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,67min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:45

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,67min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:46

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,67min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:47

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,67min,6) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:48

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,67min,0) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:49

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,67min,0) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:50

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,67min,0) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************
timestamp
---------
15:18:52

iptables states
---------------
IP Tables State Top -- Sort by: SrcIP
Total States: 0 -- TCP: 0 UDP: 0 ICMP: 0 OTHER: 0
Source                Destination           Proto   State        TTL    

sockstat
----------
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      0                         *:234                      *:*      users:(("sshd-admin",795,3)) ino:1166 sk:f77c2060
	 mem:(r0,w0,f0,t0)
ESTAB      0      0            172.23.120.120:234            172.23.2.31:48701  timer:(keepalive,118min,0) users:(("sshd-admin",3539,4)) ino:152066 sk:f6c0d800
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45103  timer:(keepalive,67min,0) users:(("sshd-admin",882,4)) ino:1489 sk:f6f3ebe0
	 mem:(r0,w0,f0,t1800) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.31:45102  timer:(keepalive,67min,0) users:(("sshd-admin",873,4)) ino:1452 sk:f706b040
	 mem:(r0,w0,f0,t0) ts sack wscale:2,0 rto:210 rtt:18.75/7.5 ato:40
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33088  timer:(keepalive,118min,0) users:(("sshd-admin",3632,4)) ino:162265 sk:f694e420
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:17
ESTAB      0      0            172.23.120.120:234            172.23.2.30:33015  timer:(keepalive,68min,0) users:(("sshd-admin",1462,4)) ino:2452 sk:f7026c00
	 mem:(r0,w0,f0,t0) ts sack wscale:0,0 rto:210 rtt:18.75/7.5 ato:40 cwnd:3
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
lsmod
-----
Module                  Size  Used by
ipt_NOTRACK              944   6  (autoclean)
ipt_state                768  65  (autoclean)
ip_nat_ftp              2800   0  (unused)
iptable_nat            19600   1  [ip_nat_ftp]
ip_conntrack_ftp        3904   1 
ip_conntrack           32256   1  [ipt_NOTRACK ipt_state ip_nat_ftp iptable_nat ip_conntrack_ftp]
ipt_LOG                 3728  29  (autoclean)
ipt_limit               1360   6  (autoclean)
iptable_raw             1440   1  (autoclean)
iptable_mangle          2416   0  (autoclean) (unused)
iptable_filter          1904   1  (autoclean)
ip_tables              12352  10  [ipt_NOTRACK ipt_state iptable_nat ipt_LOG ipt_limit iptable_raw iptable_mangle iptable_filter]
*******************************************************************

[-- Attachment #3: kernlog-save --]
[-- Type: text/plain, Size: 6811 bytes --]

Jun 22 15:12:14 s_int@sem-arbeit ip_conntrack_in: normal packet for f6fafea8
Jun 22 15:12:14 s_int@sem-arbeit ip_conntrack_in: normal packet for f6fafea8
Jun 22 15:12:18 s_int@sem-arbeit ip_conntrack_in: new packet for f6efeea8
Jun 22 15:12:18 s_int@sem-arbeit Altering reply tuple of f6efeea8 to tuple f6f0bc78: 6 172.23.2.31:45103 -> 172.23.120.120:234
Jun 22 15:12:18 s_int@sem-arbeit destroy_conntrack(f6efeea8)
Jun 22 15:12:18 s_int@sem-arbeit destroy_conntrack: returning ct=f6efeea8 to slab
Jun 22 15:12:18 s_int@sem-arbeit clean_from_lists(f6fafea8)
Jun 22 15:12:18 s_int@sem-arbeit remove_expectations(f6fafea8)
Jun 22 15:12:18 s_int@sem-arbeit destroy_conntrack(f6fafea8)
Jun 22 15:12:18 s_int@sem-arbeit destroy_conntrack: returning ct=f6fafea8 to slab
Jun 22 15:12:18 s_int@sem-arbeit NET: 11980617 messages suppressed.
Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:23 s_int@sem-arbeit NET: 26269793 messages suppressed.
Jun 22 15:12:23 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:28 s_int@sem-arbeit NET: 26417688 messages suppressed.
Jun 22 15:12:28 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:33 s_int@sem-arbeit NET: 26284076 messages suppressed.
Jun 22 15:12:33 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:38 s_int@sem-arbeit NET: 26310362 messages suppressed.
Jun 22 15:12:38 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:43 s_int@sem-arbeit NET: 26308346 messages suppressed.
Jun 22 15:12:43 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:48 s_int@sem-arbeit NET: 26244255 messages suppressed.
Jun 22 15:12:48 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
Jun 22 15:12:53 s_int@sem-arbeit ip_conntrack version 2.1 (8192 buckets, 65536 max) - 324 bytes per conntrack
Jun 22 15:12:53 s_int@sem-arbeit ip_conntrack_in: new packet for f6a96ea8
Jun 22 15:12:53 s_int@sem-arbeit Altering reply tuple of f6a96ea8 to tuple f6f0bc78: 6 172.23.2.31:45103 -> 172.23.120.120:234
Jun 22 15:12:53 s_int@sem-arbeit destroy_conntrack(f6a96ea8)
Jun 22 15:12:53 s_int@sem-arbeit destroy_conntrack: returning ct=f6a96ea8 to slab
Jun 22 15:12:53 s_int@sem-arbeit ip_conntrack_in: new packet for f6a96ea8
Jun 22 15:12:53 s_int@sem-arbeit Altering reply tuple of f6a96ea8 to tuple f6f0bc78: 6 172.23.2.31:45103 -> 172.23.120.120:234
Jun 22 15:12:53 s_int@sem-arbeit destroy_conntrack(f6a96ea8)
Jun 22 15:12:53 s_int@sem-arbeit destroy_conntrack: returning ct=f6a96ea8 to slab
Jun 22 15:12:53 s_int@sem-arbeit ip_conntrack_in: new packet for f6a96ea8
Jun 22 15:12:53 s_int@sem-arbeit Altering reply tuple of f6a96ea8 to tuple f6f0bc78: 6 172.23.2.31:45103 -> 172.23.120.120:234
Jun 22 15:12:53 s_int@sem-arbeit destroy_conntrack(f6a96ea8)
Jun 22 15:12:53 s_int@sem-arbeit destroy_conntrack: returning ct=f6a96ea8 to slab
Jun 22 15:13:09 s_int@sem-arbeit icmp_error_track: too short
Jun 22 15:13:09 s_int@sem-arbeit ip_conntrack_in: new packet for f6a96ea8
Jun 22 15:13:09 s_int@sem-arbeit Altering reply tuple of f6a96ea8 to tuple c2a75d1c: 1 172.23.120.120:37966 -> 172.23.134.111:0
Jun 22 15:13:09 s_int@sem-arbeit destroy_conntrack(f6a96ea8)
Jun 22 15:13:09 s_int@sem-arbeit destroy_conntrack: returning ct=f6a96ea8 to slab
Jun 22 15:13:09 s_int@sem-arbeit icmp_error_track: too short
Jun 22 15:13:09 s_int@sem-arbeit ip_conntrack_in: new packet for f6ea0ea8
Jun 22 15:13:09 s_int@sem-arbeit Altering reply tuple of f6ea0ea8 to tuple c2a77d1c: 1 172.23.120.120:37966 -> 172.23.134.111:0
Jun 22 15:13:09 s_int@sem-arbeit destroy_conntrack(f6ea0ea8)
Jun 22 15:13:09 s_int@sem-arbeit destroy_conntrack: returning ct=f6ea0ea8 to slab
Jun 22 15:13:09 s_int@sem-arbeit icmp_error_track: too short
Jun 22 15:13:09 s_int@sem-arbeit ip_conntrack_in: new packet for f6ea0ea8
Jun 22 15:13:09 s_int@sem-arbeit Altering reply tuple of f6ea0ea8 to tuple c2a77d1c: 1 172.23.120.120:37966 -> 172.23.134.111:0
Jun 22 15:13:09 s_int@sem-arbeit destroy_conntrack(f6ea0ea8)
Jun 22 15:13:09 s_int@sem-arbeit destroy_conntrack: returning ct=f6ea0ea8 to slab
Jun 22 15:13:15 s_int@sem-arbeit ip_conntrack_in: new packet for f6ea0ea8
Jun 22 15:13:15 s_int@sem-arbeit Altering reply tuple of f6ea0ea8 to tuple c2a77d1c: 17 172.23.255.255:137 -> 172.23.2.17:137
Jun 22 15:13:15 s_int@sem-arbeit destroy_conntrack(f6ea0ea8)
Jun 22 15:13:15 s_int@sem-arbeit destroy_conntrack: returning ct=f6ea0ea8 to slab
Jun 22 15:13:16 s_int@sem-arbeit ip_conntrack_in: new packet for f6eb9ea8
Jun 22 15:13:16 s_int@sem-arbeit Altering reply tuple of f6eb9ea8 to tuple c03c1d34: 6 172.23.120.120:234 -> 172.23.2.30:33015
Jun 22 15:13:16 s_int@sem-arbeit destroy_conntrack(f6eb9ea8)
Jun 22 15:13:16 s_int@sem-arbeit destroy_conntrack: returning ct=f6eb9ea8 to slab
Jun 22 15:13:17 s_int@sem-arbeit ip_conntrack_in: new packet for f6eb9ea8
Jun 22 15:13:17 s_int@sem-arbeit Altering reply tuple of f6eb9ea8 to tuple c03c1d34: 17 172.23.255.255:137 -> 172.23.2.17:137
Jun 22 15:13:17 s_int@sem-arbeit destroy_conntrack(f6eb9ea8)
Jun 22 15:13:17 s_int@sem-arbeit destroy_conntrack: returning ct=f6eb9ea8 to slab
Jun 22 15:13:17 s_int@sem-arbeit ip_conntrack_in: new packet for f6eb9ea8
Jun 22 15:13:17 s_int@sem-arbeit Altering reply tuple of f6eb9ea8 to tuple c03c1d34: 17 172.23.255.255:137 -> 172.23.2.17:137
Jun 22 15:13:17 s_int@sem-arbeit destroy_conntrack(f6eb9ea8)
Jun 22 15:13:17 s_int@sem-arbeit destroy_conntrack: returning ct=f6eb9ea8 to slab
Jun 22 15:13:19 s_int@sem-arbeit ip_conntrack_in: new packet for f6ea0ea8
Jun 22 15:13:19 s_int@sem-arbeit Altering reply tuple of f6ea0ea8 to tuple c2a77d1c: 17 172.23.255.255:137 -> 172.23.2.17:137
Jun 22 15:13:19 s_int@sem-arbeit destroy_conntrack(f6ea0ea8)
Jun 22 15:13:19 s_int@sem-arbeit destroy_conntrack: returning ct=f6ea0ea8 to slab
Jun 22 15:13:19 s_int@sem-arbeit ip_conntrack_in: new packet for f6a96ea8
Jun 22 15:13:19 s_int@sem-arbeit Altering reply tuple of f6a96ea8 to tuple c2a75d1c: 17 172.23.255.255:138 -> 172.23.2.17:138
Jun 22 15:13:19 s_int@sem-arbeit destroy_conntrack(f6a96ea8)
Jun 22 15:13:19 s_int@sem-arbeit destroy_conntrack: returning ct=f6a96ea8 to slab

Re: [PATCH] update raw patch in POM

[Patrick McHardy]

Roberto Nibali wrote:
> Back with some results.
> 
> Jun 22 15:12:18 s_int@sem-arbeit NET: 11980617 messages suppressed.
> Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:23 s_int@sem-arbeit NET: 26269793 messages suppressed.
> Jun 22 15:12:23 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:28 s_int@sem-arbeit NET: 26417688 messages suppressed.
> Jun 22 15:12:28 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:33 s_int@sem-arbeit NET: 26284076 messages suppressed.
> Jun 22 15:12:33 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:38 s_int@sem-arbeit NET: 26310362 messages suppressed.
> Jun 22 15:12:38 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:43 s_int@sem-arbeit NET: 26308346 messages suppressed.
> Jun 22 15:12:43 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:48 s_int@sem-arbeit NET: 26244255 messages suppressed.
> Jun 22 15:12:48 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
> Jun 22 15:12:53 s_int@sem-arbeit ip_conntrack version 2.1 (8192
buckets, 65536 max) - 324 bytes per conntrack

This actually looks good, no leak, no crash. Not sure where the 30
second delay comes from, my guess is that packets are queued while
the neighbour is resolved, although its pretty long. To confirm that
theory you could play with the values in
/proc/sys/net/ipv4/neigh/default and see if it changes anything.

You said in an earlier mail regarding the wait-for-untracked-references
patch:

> This results in an endless loop when calling rmmod ip_conntrack. lsmod
> shows (deleted) but the process is in D state. No oops of course and
> no hang.
>
> But I cannot remove the ip_conntrack kernel module anymore. It's
> "stuck".

How long did you wait that time?

Regards
Patrick

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

Hello,

Was out rock climbing, that's why my reply took so long. The weather is too
perfect to be sitting in front of the computer ;).

>>Jun 22 15:12:18 s_int@sem-arbeit NET: 11980617 messages suppressed.
>>Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:18 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:23 s_int@sem-arbeit NET: 26269793 messages suppressed.
>>Jun 22 15:12:23 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:28 s_int@sem-arbeit NET: 26417688 messages suppressed.
>>Jun 22 15:12:28 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:33 s_int@sem-arbeit NET: 26284076 messages suppressed.
>>Jun 22 15:12:33 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:38 s_int@sem-arbeit NET: 26310362 messages suppressed.
>>Jun 22 15:12:38 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:43 s_int@sem-arbeit NET: 26308346 messages suppressed.
>>Jun 22 15:12:43 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:48 s_int@sem-arbeit NET: 26244255 messages suppressed.
>>Jun 22 15:12:48 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>Jun 22 15:12:53 s_int@sem-arbeit ip_conntrack version 2.1 (8192
> 
> buckets, 65536 max) - 324 bytes per conntrack
> 
> This actually looks good, no leak, no crash. Not sure where the 30
> second delay comes from, my guess is that packets are queued while
> the neighbour is resolved, although its pretty long.

What neighbour needs to be resolved? The neighbour cache is full, only 4
addresses are involved, gc threshold is high, so no trashing. Or are we talking
different issues?

> To confirm that
> theory you could play with the values in
> /proc/sys/net/ipv4/neigh/default and see if it changes anything.

I'll do that. How do you think I should instrument these values? And what does
the neighbour stuff have to do with conntrack timeouts?

> You said in an earlier mail regarding the wait-for-untracked-references
> patch:
>  
>>This results in an endless loop when calling rmmod ip_conntrack. lsmod
>>shows (deleted) but the process is in D state. No oops of course and
>>no hang.
>>
>>But I cannot remove the ip_conntrack kernel module anymore. It's
>>"stuck".
> 
> 
> How long did you wait that time?

Shoot, I really don't remember, sorry. I thought it was more than 30 seconds but
I really can't tell.

I'll run some more tests and see if this 30 seconds delay can be reduced.

Regards,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

Hi Patrick,

> This actually looks good, no leak, no crash. Not sure where the 30
> second delay comes from, my guess is that packets are queued while
> the neighbour is resolved, although its pretty long. To confirm that
> theory you could play with the values in
> /proc/sys/net/ipv4/neigh/default and see if it changes anything.

I've got a new trace with more sessions, however it looks the same. The delay is
not acceptable and I'd like to find out what the problem is. I've added the
output of readprofile and slabtop on top of the other statistics. Let me know if
you need more granularity. I'll go play with the neighbour settings now. You can
fetch the data from (I don't want to clutter the list with this anymore):

    http://www.drugphish.ch/~ratz/netfilter/

Best regards,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM

[Patrick McHardy]

Roberto Nibali wrote:

>>>Jun 22 15:12:48 s_int@sem-arbeit untracked_use_cnt: 2, conntrack_cnt: 0
>>>Jun 22 15:12:53 s_int@sem-arbeit ip_conntrack version 2.1 (8192
>>
>>buckets, 65536 max) - 324 bytes per conntrack
>>
>>This actually looks good, no leak, no crash. Not sure where the 30
>>second delay comes from, my guess is that packets are queued while
>>the neighbour is resolved, although its pretty long.
> 
> 
> What neighbour needs to be resolved? The neighbour cache is full, only 4
> addresses are involved, gc threshold is high, so no trashing. Or are we talking
> different issues?

It was just a guess, I can't think of anywhere else where packets
might have been queued for 30s, given that you have no packet
sockets and probably don't have a long enough device queue that
it would take 30s.

>>To confirm that
>>theory you could play with the values in
>>/proc/sys/net/ipv4/neigh/default and see if it changes anything.
> 
> 
> I'll do that. How do you think I should instrument these values? And what does
> the neighbour stuff have to do with conntrack timeouts?

Try halving all values and see if it has any effects on the time
it takes to unload the module.

>>How long did you wait that time?
> 
> 
> Shoot, I really don't remember, sorry. I thought it was more than 30 seconds but
> I really can't tell.
> 
> I'll run some more tests and see if this 30 seconds delay can be reduced.

I'm pretty sure the nf_reset + the wait-for-untracked-refs patches
should take care of the problem, but to be sure it would be good
to know where the delay came from.

Regards
Patrick

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

>>What neighbour needs to be resolved? The neighbour cache is full, only 4
>>addresses are involved, gc threshold is high, so no trashing. Or are we talking
>>different issues?
>  
> It was just a guess, I can't think of anywhere else where packets
> might have been queued for 30s, given that you have no packet
> sockets and probably don't have a long enough device queue that
> it would take 30s.

sem-arbeit:~# ip -s -s neigh show
172.23.2.30 dev eth0 lladdr 00:01:02:6c:23:f8 ref 3 used 0/0/69 nud reachable
172.23.2.31 dev eth0 lladdr 00:30:05:50:50:2b ref 1 used 3/0/224 nud reachable

That's all I have in the cache ;). The routing cache is more populated though:

sem-arbeit:~# ip -s -s route show cache
broadcast 255.255.255.255 from 172.23.10.16 dev lo  src 172.23.120.120
    cache <local,brd,src-direct>  users 1 age 136sec iif eth0
unreachable 172.27.1.10 from 172.27.232.50 dev lo  src 172.23.120.120
    cache  error 101 users 1 used 6 age 34sec iif eth0
local 172.23.120.120 from 172.23.2.31 dev lo  src 172.23.120.120
    cache <local,src-direct>  users 1 age 271sec iif eth0
broadcast 172.23.255.255 from 172.23.1.14 dev lo  src 172.23.120.120
    cache <local,brd,src-direct>  users 1 used 3 age 149sec iif eth0
unreachable 172.30.12.254 from 172.30.12.203 dev lo  src 172.23.120.120
    cache  error 101 users 1 used 29 age 11sec iif eth0
172.23.2.30 from 172.23.120.120 dev eth0
    cache  users 1 used 3 age 97sec mtu 1500 advmss 1460
local 172.23.120.120 from 172.23.134.111 dev lo  src 172.23.120.120
    cache <local,src-direct>  users 1 used 36 age 6sec iif eth0
172.23.2.30 from 172.23.120.120 tos lowdelay dev eth0
    cache  users 5 used 2 age 93sec mtu 1500 advmss 1460
unreachable 172.30.12.154 from 172.30.12.203 dev lo  src 172.23.120.120
    cache  error 101 users 1 used 5 age 182sec iif eth0
local 172.23.120.120 from 172.23.2.31 tos lowdelay dev lo  src 172.23.120.120
    cache <local,src-direct>  users 1 used 47504 age 0sec iif eth0
local 172.23.120.120 from 172.23.2.30 dev lo  src 172.23.120.120
    cache <local,src-direct>  users 1 used 37 age 93sec iif eth0
local 172.23.120.120 from 172.23.2.30 tos lowdelay dev lo  src 172.23.120.120
    cache <local,src-direct>  users 1 used 150 iif eth0
172.23.2.31 from 172.23.120.120 tos lowdelay dev eth0
    cache  users 5 used 3 age 225sec mtu 1500 advmss 1460
broadcast 255.255.255.255 from 172.23.10.19 dev lo  src 172.23.120.120
    cache <local,brd,src-direct>  users 1 used 1 age 100sec iif eth0
broadcast 172.23.255.255 from 172.23.232.138 dev lo  src 172.23.120.120
    cache <local,brd,src-direct>  users 1 used 1 age 32sec iif eth0
sem-arbeit:~#

>>>To confirm that
>>>theory you could play with the values in
>>>/proc/sys/net/ipv4/neigh/default and see if it changes anything.
>>
>>
>>I'll do that. How do you think I should instrument these values? And what does
>>the neighbour stuff have to do with conntrack timeouts?
> 
> 
> Try halving all values and see if it has any effects on the time
> it takes to unload the module.

Nope, I'll upload the new results shortly but the time is unchanged.

> I'm pretty sure the nf_reset + the wait-for-untracked-refs patches
> should take care of the problem, but to be sure it would be good
> to know where the delay came from.

Currently I do not run it with nf_reset patched kernels which is another really
strange thing. Some other timeout which is 30s? But I only see
udp_timeout_stream and icmp_timeout ...

Do you plan to submit the nf_reset and wait-for-untracked-refs patches for
mainline inclusion?

Best regards,
Robert Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM

[Patrick McHardy]

Roberto Nibali wrote:
>>Try halving all values and see if it has any effects on the time
>>it takes to unload the module.
> 
> Nope, I'll upload the new results shortly but the time is unchanged.
> 

Hmm I'm out of ideas.

>>I'm pretty sure the nf_reset + the wait-for-untracked-refs patches
>>should take care of the problem, but to be sure it would be good
>>to know where the delay came from.
> 
> Currently I do not run it with nf_reset patched kernels which is another really
> strange thing. Some other timeout which is 30s? But I only see
> udp_timeout_stream and icmp_timeout ...

If the nf_reset patch helps it must be somewhere after
ip_finish_output2(). This could be an arp queue, a device queue
or a packet socket queue. You could add an nf_reset to dev_queue_xmit
and see if it changes anything.

> Do you plan to submit the nf_reset and wait-for-untracked-refs patches for
> mainline inclusion?

There's no raw table in 2.4, so the wait-for-untracked-refs patch should
go in the 2.4 raw table patch. For 2.6 I'm not sure yet, Pablo has a
patch that changes how untracked works and makes this patch unnecessary.
The nf_reset patch with go in my next 2.4 update, which should happen
soon.

Regards
Patrick

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

>>>Try halving all values and see if it has any effects on the time
>>>it takes to unload the module.
>>
>>Nope, I'll upload the new results shortly but the time is unchanged.
>>
> 
> Hmm I'm out of ideas.

Well, maybe we're not in sync anymore regarding my test conducts:

Given, that
a1: wait-for-untracked-refs patch
a2: nf_reset patch


I have following test chart:


           |   a1 enabled   |  a1 disabled   |
-----------+----------------+----------------+
a2 enabled |  fix, no hang  |  not tested    |
-----------+----------------+----------------+
a2 disabled|    30s hang    |     crash      |
-----------+----------------+----------------+


> If the nf_reset patch helps it must be somewhere after
> ip_finish_output2(). This could be an arp queue, a device queue
> or a packet socket queue. You could add an nf_reset to dev_queue_xmit
> and see if it changes anything.

Maybe the above sketch explains the confusion I might have created.

> There's no raw table in 2.4, so the wait-for-untracked-refs patch should
> go in the 2.4 raw table patch.

Pablo, shall I do it and submit for POM?

> For 2.6 I'm not sure yet, Pablo has a
> patch that changes how untracked works and makes this patch unnecessary.

Hmm, is it possible to backport this to 2.4.x or do the changes need the 2.6.x
netfilter framework?

> The nf_reset patch with go in my next 2.4 update, which should happen
> soon.

Excellent, thank you for your patience,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

Re: [PATCH] update raw patch in POM

[Patrick McHardy]

Roberto Nibali wrote:
> Well, maybe we're not in sync anymore regarding my test conducts:
> 
> Given, that
> a1: wait-for-untracked-refs patch
> a2: nf_reset patch
> 
> 
> I have following test chart:
> 
> 
>            |   a1 enabled   |  a1 disabled   |
> -----------+----------------+----------------+
> a2 enabled |  fix, no hang  |  not tested    |
> -----------+----------------+----------------+
> a2 disabled|    30s hang    |     crash      |
> -----------+----------------+----------------+

Yes, I got that.

>>If the nf_reset patch helps it must be somewhere after
>>ip_finish_output2(). This could be an arp queue, a device queue
>>or a packet socket queue. You could add an nf_reset to dev_queue_xmit
>>and see if it changes anything.
> 
> Maybe the above sketch explains the confusion I might have created.

I think both patches together are the correct fix, I just wanted
to understand where the hang comes from to be sure.

>>There's no raw table in 2.4, so the wait-for-untracked-refs patch should
>>go in the 2.4 raw table patch.
> 
> 
> Pablo, shall I do it and submit for POM?

Yes, please.

>>For 2.6 I'm not sure yet, Pablo has a
>>patch that changes how untracked works and makes this patch unnecessary.
> 
> Hmm, is it possible to backport this to 2.4.x or do the changes need the 2.6.x
> netfilter framework?

It is possible, but it is not yet decided if we're going to
submit that change.

Regards
Patrick

Re: [PATCH] update raw patch in POM

[Roberto Nibali]

>>Maybe the above sketch explains the confusion I might have created.
> 
> I think both patches together are the correct fix, I just wanted
> to understand where the hang comes from to be sure.

Ok.

>>>There's no raw table in 2.4, so the wait-for-untracked-refs patch should
>>>go in the 2.4 raw table patch.
>>
>>
>>Pablo, shall I do it and submit for POM?
> 
> Yes, please.

I'll do it tomorrow, today is too a nice day to hack over here.

> It is possible, but it is not yet decided if we're going to
> submit that change.

I could certainly be a test candidate since we still only deploy 2.4.x based
packet filters and have about 200 out there in the world.

Thanks again to all people that helped me chasing down this defect code,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------