Mysterious string "<4>" in LOG

All of lore.kernel.org
 help / color / mirror / Atom feed

* Mysterious string "<4>"  in LOG
@ 2012-09-15 10:20 U.Mutlu
  2012-09-15 10:34 ` Marco Padovan
  0 siblings, 1 reply; 3+ messages in thread
From: U.Mutlu @ 2012-09-15 10:20 UTC (permalink / raw)
  To: netfilter

Hello,

A mysterious string "<4>" gets prepended in LOG:
Rule:
  iptables -A INPUT  -m state --state INVALID -m limit --limit 7200/h -j LOG --log-prefix "INPUT INVALID "

Result (sanitized):
Sep 15 11:46:17 s7 kernel: [227009.792828] <4>INPUT INVALID IN=eth0 OUT= 
MAC=00:1b:21:ad:7b:d3:00:0c:db:4e:e8:00:08:00 SRC=**.210.155.237 DST=**.114.132.147 LEN=40 TOS=0x00 PREC=0x00 
TTL=52 ID=49676 PROTO=TCP SPT=6667 DPT=46271 WINDOW=0 RES=0x00 ACK SYN URGP=0

Happens with all LOG entries.
Is the string "<4>" in front of "INPUT INVALID" a new feature, or is it garbage due to a bug?


My system:

# iptables --version
iptables v1.4.14

# uname -a
Linux s7 3.6.0-rc5-my1 #1 SMP Wed Sep 12 19:22:44 CEST 2012 x86_64 GNU/Linux

# dpkg -l | grep -i iptables
ii  iptables                              1.4.14-3                   amd64        administration tools for 
packet filtering and NAT
ii  iptables-dev                          1.4.14-3                   amd64        iptables development files
ii  xtables-addons-common                 1.42-2                     amd64        Extensions targets and 
matches for iptables [tools, libs]
ii  xtables-addons-dkms                   1.42-2                     all          Extensions targets and 
matches for iptables
ii  xtables-addons-source                 1.42-2                     all          Extensions targets and 
matches for iptables [modules sources]



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Mysterious string "<4>"  in LOG
  2012-09-15 10:20 Mysterious string "<4>" in LOG U.Mutlu
@ 2012-09-15 10:34 ` Marco Padovan
  2012-09-15 10:54   ` U.Mutlu
  0 siblings, 1 reply; 3+ messages in thread
From: Marco Padovan @ 2012-09-15 10:34 UTC (permalink / raw)
  To: netfilter

http://www.spinics.net/lists/netfilter/msg53327.html

Il 15/09/2012 12:20, U.Mutlu ha scritto:
> Hello,
>
> A mysterious string "<4>" gets prepended in LOG:
> Rule:
>  iptables -A INPUT  -m state --state INVALID -m limit --limit 7200/h
> -j LOG --log-prefix "INPUT INVALID "
>
> Result (sanitized):
> Sep 15 11:46:17 s7 kernel: [227009.792828] <4>INPUT INVALID IN=eth0
> OUT= MAC=00:1b:21:ad:7b:d3:00:0c:db:4e:e8:00:08:00 SRC=**.210.155.237
> DST=**.114.132.147 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=49676 PROTO=TCP
> SPT=6667 DPT=46271 WINDOW=0 RES=0x00 ACK SYN URGP=0
>
> Happens with all LOG entries.
> Is the string "<4>" in front of "INPUT INVALID" a new feature, or is
> it garbage due to a bug?
>
>
> My system:
>
> # iptables --version
> iptables v1.4.14
>
> # uname -a
> Linux s7 3.6.0-rc5-my1 #1 SMP Wed Sep 12 19:22:44 CEST 2012 x86_64
> GNU/Linux
>
> # dpkg -l | grep -i iptables
> ii  iptables                              1.4.14-3                  
> amd64        administration tools for packet filtering and NAT
> ii  iptables-dev                          1.4.14-3                  
> amd64        iptables development files
> ii  xtables-addons-common                 1.42-2                    
> amd64        Extensions targets and matches for iptables [tools, libs]
> ii  xtables-addons-dkms                   1.42-2                    
> all          Extensions targets and matches for iptables
> ii  xtables-addons-source                 1.42-2                    
> all          Extensions targets and matches for iptables [modules
> sources]
>
>
> -- 
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Mysterious string "<4>"  in LOG
  2012-09-15 10:34 ` Marco Padovan
@ 2012-09-15 10:54   ` U.Mutlu
  0 siblings, 0 replies; 3+ messages in thread
From: U.Mutlu @ 2012-09-15 10:54 UTC (permalink / raw)
  To: netfilter

Thanks, but it's still confusing.
What steps are needed to disable this at user level?
Is a kernel recompilation necessary?


Marco Padovan wrote, On 09/15/2012 12:34 PM:
> http://www.spinics.net/lists/netfilter/msg53327.html
>
> Il 15/09/2012 12:20, U.Mutlu ha scritto:
>> Hello,
>>
>> A mysterious string "<4>" gets prepended in LOG:
>> Rule:
>>   iptables -A INPUT  -m state --state INVALID -m limit --limit 7200/h
>> -j LOG --log-prefix "INPUT INVALID "
>>
>> Result (sanitized):
>> Sep 15 11:46:17 s7 kernel: [227009.792828] <4>INPUT INVALID IN=eth0
>> OUT= MAC=00:1b:21:ad:7b:d3:00:0c:db:4e:e8:00:08:00 SRC=**.210.155.237
>> DST=**.114.132.147 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=49676 PROTO=TCP
>> SPT=6667 DPT=46271 WINDOW=0 RES=0x00 ACK SYN URGP=0
>>
>> Happens with all LOG entries.
>> Is the string "<4>" in front of "INPUT INVALID" a new feature, or is
>> it garbage due to a bug?
<snip>



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2012-09-15 10:54 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-09-15 10:20 Mysterious string "<4>" in LOG U.Mutlu
2012-09-15 10:34 ` Marco Padovan
2012-09-15 10:54   ` U.Mutlu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.