From: Giuliano Pochini <pochini@shiny.it>
To: Alexey Vlasov <renton@renton.name>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Instead of IP addresses the kernel started to show zero's
Date: Sun, 30 Sep 2012 23:25:59 +0200 [thread overview]
Message-ID: <20120930232559.03a0ce4c@wc1> (raw)
In-Reply-To: <20120925102607.GC23296@beaver>
On Tue, 25 Sep 2012 14:26:07 +0400
Alexey Vlasov <renton@renton.name> wrote:
> Hi.
>
> Here it writes LOG target from syslog:
>
> Sep 25 03:23:49 l24 kernel: ip:SYN-OUTPUT-HTTP IN= OUT=eth0
> SRC=0000000000000000 DST=0000000000000000 LEN=60 TOS=0x00 PREC=0x00
> TTL=64 ID=22467 DF PROTO=TCP SPT=52829 DPT=80 WINDOW=14600 RES=0x00 SYN
> URGP=0 UID=564373 GID=155
>
> This is recent, here go zero's again:
> # cat /proc/net/xt_recent/ssh-brute
> ...
> src=0000000000000000 ttl: 122 last_seen: 4371027622 oldest_pkt: 1
> 4371027622
>
> Can it be fixed without restarting the box?
> Thanks!
>
> Kernel 3.4.6.
It look similar to a problem that occurred on some 3.x heavy loaded
machines. After a while they begin to send packets with dst=0.0.0.0. We had
to revert to 2.6 on our production machines.
tcpdump output looks like this:
17:06:29.272225 IP 0.0.0.0.http > 0.0.0.0.1687: . ack 232 win 15400
17:06:29.272671 IP 0.0.0.0.http > 0.0.0.0.1687: P 0:511(511) ack 232 win 15400
17:06:29.272689 IP 0.0.0.0.http > 0.0.0.0.1687: F 511:511(0) ack 232 win 15400
17:06:29.273249 IP 0.0.0.0.http > 0.0.0.0.65307: . ack 62552748 win 1006 <nop,nop,timestamp 1760963 478909562>
17:06:29.273662 IP 0.0.0.0.http > 0.0.0.0.65307: P 0:511(511) ack 1 win 1006 <nop,nop,timestamp 1760963 478909562>
17:06:29.273678 IP 0.0.0.0.http > 0.0.0.0.65307: F 511:511(0) ack 1 win 1006 <nop,nop,timestamp 1760963 478909562>
17:06:29.278683 IP 0.0.0.0.http > 0.0.0.0.12021: . ack 1 win 12240
17:06:29.288707 IP 0.0.0.0.http > 0.0.0.0.28308: . ack 1049058319 win 12420
17:06:29.289406 IP 0.0.0.0.http > 0.0.0.0.28308: . ack 57 win 12420
17:06:29.289834 IP 0.0.0.0.http > 0.0.0.0.28308: P 0:487(487) ack 57 win 12420
17:06:29.289851 IP 0.0.0.0.http > 0.0.0.0.28308: F 487:487(0) ack 57 win 12420
17:06:29.291767 IP 0.0.0.0.http > 0.0.0.0.11407: P 0:472(472) ack 171 win 1275 <nop,nop,timestamp 1760982 2400635630>
17:06:29.292657 IP 0.0.0.0.http > 0.0.0.0.50511: . ack 1 win 14400
17:06:29.293502 IP 0.0.0.0.http > 0.0.0.0.12381: . ack 558 win 14960
17:06:29.295080 IP 0.0.0.0.http > 0.0.0.0.10980: . ack 2 win 16692
When the network traffic slows down the machine recovers to normal operation.
I found another report about this issue:
https://bbs.archlinux.org/viewtopic.php?id=129304
--
Giuliano.
next prev parent reply other threads:[~2012-09-30 21:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-25 10:26 Instead of IP addresses the kernel started to show zero's Alexey Vlasov
2012-09-30 21:25 ` Giuliano Pochini [this message]
2012-09-30 23:03 ` Borislav Petkov
-- strict thread matches above, loose matches on Subject: below --
2012-09-21 18:27 Alexey Vlasov
2012-10-09 12:36 ` Dan Carpenter
2012-10-09 12:50 ` Eric Dumazet
2012-10-09 13:03 ` Dan Carpenter
2012-10-20 11:18 ` Giuliano Pochini
2012-10-26 10:58 ` Alexey Vlasov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120930232559.03a0ce4c@wc1 \
--to=pochini@shiny.it \
--cc=linux-kernel@vger.kernel.org \
--cc=renton@renton.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox