* netfilter modul ipt_recent hickup with suspend to ram
@ 2007-04-16 16:46 Toralf Förster
2007-04-17 15:02 ` Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: Toralf Förster @ 2007-04-16 16:46 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1.1: Type: text/plain, Size: 505 bytes --]
I'm wondering why after a "suspend to ram" or a "suspend to disk" the amount of
ip adresses increases drastically w/o removing old addresses.
I'll attach the content of /proc/net/ipt_recent/UDP got at 17:35 (file 1) and at
18:37 (file 2), I suspended to ram at 17:36 at waked up the system at 17:49, after
wakeup I restarted the ppp0 interface and got a new ip address.
My system is a Thinkpad T41 running a stable Gentoo with kernel
2.6.19-gentoo-r5.
--
MfG/Sincerely
Toralf Förster
[-- Attachment #1.2: UDP.1 --]
[-- Type: text/plain, Size: 2115 bytes --]
src=77.128.2.214 ttl: 119 last_seen: 830291 oldest_pkt: 8 4294893265, 4294895267, 287147, 289139, 647869, 649855, 828304, 830291
src=84.163.170.223 ttl: 120 last_seen: 722803 oldest_pkt: 10 4294916510, 4294918536, 129532, 131574, 309931, 311960, 490367, 492377, 720805, 722803
src=84.173.43.126 ttl: 56 last_seen: 694412 oldest_pkt: 6 507935, 509899, 513940, 688395, 690397, 694412
src=204.16.209.141 ttl: 54 last_seen: 4294905219 oldest_pkt: 2 4294905217, 4294905219
src=221.130.192.55 ttl: 52 last_seen: 341443 oldest_pkt: 4 341427, 341435, 341437, 341443
src=124.247.123.116 ttl: 48 last_seen: 377667 oldest_pkt: 1 377667
src=60.12.166.198 ttl: 45 last_seen: 422838 oldest_pkt: 2 422836, 422838
src=90.186.181.231 ttl: 112 last_seen: 661232 oldest_pkt: 6 4294894923, 4294896104, 107269, 109249, 659252, 661232
src=217.233.248.77 ttl: 121 last_seen: 433787 oldest_pkt: 9 4294814741, 4294816751, 4294820801, 237928, 239934, 243932, 427714, 429739, 433787
src=129.147.224.96 ttl: 55 last_seen: 560479 oldest_pkt: 1 560479
src=24.14.106.170 ttl: 108 last_seen: 4294932082 oldest_pkt: 1 4294932082
src=55.203.42.129 ttl: 60 last_seen: 725885 oldest_pkt: 2 725883, 725885
src=58.19.183.42 ttl: 46 last_seen: 610785 oldest_pkt: 1 610785
src=221.208.208.89 ttl: 45 last_seen: 724889 oldest_pkt: 2 723279, 724889
src=24.64.212.252 ttl: 64 last_seen: 151580 oldest_pkt: 3 151578, 151580, 151580
src=88.1.251.154 ttl: 116 last_seen: 206228 oldest_pkt: 2 206224, 206228
src=62.214.212.69 ttl: 120 last_seen: 820003 oldest_pkt: 10 4294863238, 4294865270, 76558, 78586, 457366, 459368, 637583, 639582, 817985, 820003
src=221.208.208.101 ttl: 42 last_seen: 4294889165 oldest_pkt: 1 4294889165
src=84.184.197.110 ttl: 120 last_seen: 825844 oldest_pkt: 9 4312, 6368, 10364, 595581, 597631, 601661, 819831, 821832, 825844
src=201.236.165.79 ttl: 113 last_seen: 4294802527 oldest_pkt: 2 4294802519, 4294802527
src=28.42.173.12 ttl: 59 last_seen: 123923 oldest_pkt: 1 123923
src=60.12.192.35 ttl: 46 last_seen: 626708 oldest_pkt: 2 626696, 626708
src=213.39.139.127 ttl: 63 last_seen: 34787 oldest_pkt: 4 31785, 32807, 33803, 34787
[-- Attachment #1.3: UDP.2 --]
[-- Type: text/plain, Size: 4680 bytes --]
src=77.128.2.214 ttl: 119 last_seen: 830291 oldest_pkt: 8 4294893265, 4294895267, 287147, 289139, 647869, 649855, 828304, 830291
src=71.109.130.122 ttl: 114 last_seen: 3922981 oldest_pkt: 1 3922981
src=103.166.103.20 ttl: 59 last_seen: 2780964 oldest_pkt: 1 2780964
src=204.16.209.160 ttl: 54 last_seen: 3815599 oldest_pkt: 1 3815599
src=207.253.114.39 ttl: 113 last_seen: 2833120 oldest_pkt: 1 2833120
src=84.163.170.223 ttl: 120 last_seen: 722803 oldest_pkt: 10 4294916510, 4294918536, 129532, 131574, 309931, 311960, 490367, 492377, 720805, 722803
src=60.11.125.55 ttl: 45 last_seen: 2966190 oldest_pkt: 2 2941018, 2966190
src=84.173.43.126 ttl: 56 last_seen: 694412 oldest_pkt: 6 507935, 509899, 513940, 688395, 690397, 694412
src=24.226.198.88 ttl: 117 last_seen: 3472234 oldest_pkt: 1 3472234
src=204.16.209.141 ttl: 54 last_seen: 4294905219 oldest_pkt: 2 4294905217, 4294905219
src=81.198.228.177 ttl: 48 last_seen: 3429317 oldest_pkt: 3 3428331, 3428823, 3429317
src=221.130.192.55 ttl: 52 last_seen: 341443 oldest_pkt: 4 341427, 341435, 341437, 341443
src=124.247.123.116 ttl: 48 last_seen: 377667 oldest_pkt: 1 377667
src=202.97.238.204 ttl: 47 last_seen: 3002133 oldest_pkt: 2 3002133, 3002133
src=60.12.166.198 ttl: 45 last_seen: 422838 oldest_pkt: 2 422836, 422838
src=172.201.79.184 ttl: 114 last_seen: 3973235 oldest_pkt: 2 3973218, 3973235
src=90.186.181.231 ttl: 112 last_seen: 841476 oldest_pkt: 8 4294894923, 4294896104, 107269, 109249, 659252, 661232, 839456, 841476
src=217.233.248.77 ttl: 121 last_seen: 433787 oldest_pkt: 9 4294814741, 4294816751, 4294820801, 237928, 239934, 243932, 427714, 429739, 433787
src=89.196.28.12 ttl: 116 last_seen: 3635806 oldest_pkt: 19 3616380, 3617064, 3617862, 3618872, 3619862, 3621668, 3622588, 3624024, 3625060, 3625811, 3627083, 3628433, 3629049, 3630531, 3632947, 3633081, 3633857, 3634932, 3635806
src=129.147.224.96 ttl: 55 last_seen: 560479 oldest_pkt: 1 560479
src=24.14.106.170 ttl: 108 last_seen: 4294932082 oldest_pkt: 1 4294932082
src=55.203.42.129 ttl: 60 last_seen: 725885 oldest_pkt: 2 725883, 725885
src=57.36.209.198 ttl: 55 last_seen: 2136174 oldest_pkt: 1 2136174
src=58.19.183.42 ttl: 46 last_seen: 610785 oldest_pkt: 1 610785
src=204.16.210.172 ttl: 54 last_seen: 2811018 oldest_pkt: 2 2811018, 2811018
src=204.16.209.120 ttl: 54 last_seen: 4000364 oldest_pkt: 1 4000364
src=114.131.237.102 ttl: 60 last_seen: 2503546 oldest_pkt: 1 2503546
src=217.145.252.43 ttl: 112 last_seen: 2576396 oldest_pkt: 1 2576396
src=154.107.166.26 ttl: 60 last_seen: 3215258 oldest_pkt: 1 3215258
src=218.27.16.156 ttl: 45 last_seen: 2335029 oldest_pkt: 1 2335029
src=221.208.208.89 ttl: 45 last_seen: 724889 oldest_pkt: 2 723279, 724889
src=89.55.165.234 ttl: 119 last_seen: 3039460 oldest_pkt: 1 3039460
src=24.64.212.252 ttl: 64 last_seen: 151580 oldest_pkt: 3 151578, 151580, 151580
src=88.1.251.154 ttl: 116 last_seen: 206228 oldest_pkt: 2 206224, 206228
src=204.16.209.130 ttl: 54 last_seen: 2934323 oldest_pkt: 2 2934321, 2934323
src=62.214.212.69 ttl: 120 last_seen: 820003 oldest_pkt: 10 4294863238, 4294865270, 76558, 78586, 457366, 459368, 637583, 639582, 817985, 820003
src=221.208.208.101 ttl: 42 last_seen: 4294889165 oldest_pkt: 1 4294889165
src=84.58.91.60 ttl: 119 last_seen: 3836586 oldest_pkt: 1 3836586, 3817522, 3818510, 3819744, 3820682, 3821574, 3822504, 3823562, 3824668, 3825518, 3826512, 3827519, 3828521, 3829503, 3830511, 3831677, 3832509, 3833577, 3835097, 3835659
src=84.184.197.110 ttl: 120 last_seen: 825844 oldest_pkt: 9 4312, 6368, 10364, 595581, 597631, 601661, 819831, 821832, 825844
src=193.170.123.171 ttl: 109 last_seen: 2483896 oldest_pkt: 1 2483896
src=221.130.192.123 ttl: 52 last_seen: 2611312 oldest_pkt: 1 2611312
src=202.97.238.205 ttl: 46 last_seen: 2386609 oldest_pkt: 2 2386607, 2386609
src=201.236.165.79 ttl: 113 last_seen: 4294802527 oldest_pkt: 2 4294802519, 4294802527
src=208.255.137.99 ttl: 112 last_seen: 4376813 oldest_pkt: 1 4376813
src=28.42.173.12 ttl: 59 last_seen: 123923 oldest_pkt: 1 123923
src=60.12.192.35 ttl: 46 last_seen: 626708 oldest_pkt: 2 626696, 626708
src=202.97.238.130 ttl: 46 last_seen: 2011038 oldest_pkt: 1 2011038
src=84.39.91.252 ttl: 113 last_seen: 2388065 oldest_pkt: 1 2388065
src=84.179.117.69 ttl: 121 last_seen: 1898113 oldest_pkt: 1 1898113, 1879111, 1880132, 1881112, 1882828, 1883110, 1884112, 1885122, 1886112, 1887112, 1888110, 1889112, 1890113, 1891117, 1892137, 1893155, 1894113, 1895113, 1896113, 1897113
src=114.92.17.109 ttl: 47 last_seen: 2542990 oldest_pkt: 1 2542990
src=212.155.152.87 ttl: 55 last_seen: 2262080 oldest_pkt: 1 2262080
src=213.39.139.127 ttl: 63 last_seen: 34787 oldest_pkt: 4 31785, 32807, 33803, 34787
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: netfilter modul ipt_recent hickup with suspend to ram
2007-04-16 16:46 netfilter modul ipt_recent hickup with suspend to ram Toralf Förster
@ 2007-04-17 15:02 ` Patrick McHardy
2007-04-19 17:20 ` Toralf Förster
0 siblings, 1 reply; 4+ messages in thread
From: Patrick McHardy @ 2007-04-17 15:02 UTC (permalink / raw)
To: Toralf Förster; +Cc: netfilter-devel
Toralf Förster wrote:
> I'm wondering why after a "suspend to ram" or a "suspend to disk" the amount of
> ip adresses increases drastically w/o removing old addresses.
Probably some software running at wakeup.
> I'll attach the content of /proc/net/ipt_recent/UDP got at 17:35 (file 1) and at
> 18:37 (file 2), I suspended to ram at 17:36 at waked up the system at 17:49, after
> wakeup I restarted the ppp0 interface and got a new ip address.
So you made a new internet connection and waited for another 48 minutes?
That is a really bad test, who knows what happend in between.
Try: cat /proc/net/..., suspend, wakeup, cat /proc/net/... again,
without doing anything else in between.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: netfilter modul ipt_recent hickup with suspend to ram
2007-04-17 15:02 ` Patrick McHardy
@ 2007-04-19 17:20 ` Toralf Förster
2007-04-19 19:24 ` Samuel Jean
0 siblings, 1 reply; 4+ messages in thread
From: Toralf Förster @ 2007-04-19 17:20 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1621 bytes --]
Am Dienstag, 17. April 2007 17:02 schrieb Patrick McHardy:
> Toralf Förster wrote:
> > I'm wondering why after a "suspend to ram" or a "suspend to disk" the amount of
> > ip adresses increases drastically w/o removing old addresses.
>
>
> Probably some software running at wakeup.
>
> > I'll attach the content of /proc/net/ipt_recent/UDP got at 17:35 (file 1) and at
> > 18:37 (file 2), I suspended to ram at 17:36 at waked up the system at 17:49, after
> > wakeup I restarted the ppp0 interface and got a new ip address.
>
>
> So you made a new internet connection and waited for another 48 minutes?
> That is a really bad test, who knows what happend in between.
>
> Try: cat /proc/net/..., suspend, wakeup, cat /proc/net/... again,
> without doing anything else in between.
Ok, without suspend I did:
tfoerste@n22 /proc/net/ipt_recent $ sudo /etc/init.d/net.ppp0 stop
* Stopping ppp0
* Bringing down ppp0
* Stopping pppd on ppp0 [ ok ]
tfoerste@n22 /proc/net/ipt_recent $ wc *
0 0 0 ICMP
879 9422 81007 TCP
569 4627 39211 UDP
1448 14049 120218 total
tfoerste@n22 /proc/net/ipt_recent $ date
Thu Apr 19 19:09:29 CEST 2007
tfoerste@n22 /proc/net/ipt_recent $ wc *
0 0 0 ICMP
879 9422 81007 TCP
569 4627 39211 UDP
1448 14049 120218 total
tfoerste@n22 /proc/net/ipt_recent $ date
Thu Apr 19 19:17:57 CEST 2007
Might be I misunderstand something but shouldn't the recent module delete entries after 60 seconds or so ?
--
MfG/Sincerely
Toralf Förster
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: netfilter modul ipt_recent hickup with suspend to ram
2007-04-19 17:20 ` Toralf Förster
@ 2007-04-19 19:24 ` Samuel Jean
0 siblings, 0 replies; 4+ messages in thread
From: Samuel Jean @ 2007-04-19 19:24 UTC (permalink / raw)
To: Toralf Förster; +Cc: netfilter-devel
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 423 bytes --]
On Thu, Apr 19, 2007, Toralf Förster <toralf.foerster@gmx.de> said:
> Might be I misunderstand something but shouldn't the recent module
> delete entries after 60 seconds or so ?
IIRC. There is no garbage collector in this module. It justs purge entries
and allow other packets to override the expired entries.
If what I assume is right, you won't see any change to that file if the
rules using this module are not hit.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-04-19 19:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-04-16 16:46 netfilter modul ipt_recent hickup with suspend to ram Toralf Förster
2007-04-17 15:02 ` Patrick McHardy
2007-04-19 17:20 ` Toralf Förster
2007-04-19 19:24 ` Samuel Jean
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.