Re: [Fwd: Question with printk warnings in ip_conntrack with 2.4.20.]

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: jpiszcz <jpiszcz@lucidpixels.com>
To: linux-kernel@vger.kernel.org
Subject: Re: [Fwd: Question with printk warnings in ip_conntrack with 2.4.20.]
Date: Thu, 05 Dec 2002 18:29:19 -0500	[thread overview]
Message-ID: <3DEFE14F.8040403@lucidpixels.com> (raw)

  Stange?  I am just using vcheck (perl script) that goes out and checks 
out software for the latest versions.

Here is an example of what happens when I run it:
http://www.tu-ilmenau.de/~gomar/stuff/vcheck/

All it does is goes out to http/ftps site, matches a regex to check for 
the latest version of whatever you have, ie: sample entry:

prog util-linux = {
  version   = 2.11y
  urgency   = high
  dl        = no
  lastcheck = "2002-12-05 06:07"
  url       = 
ftp://ftp.win.tue.nl/pub/home/aeb/linux-local/utils/util-linux/
  regex     = util-linux-(__VER__)\.tar
}

This program is very useful and those warnings highly annoying. :)
Will there possibly be a /proc or kernel config option for warnings such 
as these?


Dec  5 18:20:23 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->199.232.41.7, reusing
Dec  5 18:20:25 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->204.214.92.161, reusing
Dec  5 18:20:27 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->209.249.29.67, reusing
Dec  5 18:20:30 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->209.249.29.67, reusing
Dec  5 18:20:35 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->195.37.77.171, reusing
Dec  5 18:21:00 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->216.180.224.6, reusing
Dec  5 18:21:06 lucidpixels kernel: BLOCK: IN=eth1 OUT= 
MAC=00:a0:24:05:eb:87:00:c0:7b:b1:8d:3b:08:00 SRC=130.239.18.137 
DST=66.45.37.187 LEN=1500 TOS=0x00 PREC=0x00 TTL=232 ID=47301 DF 
PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=0
Dec  5 18:21:18 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->130.239.18.137, reusing
Dec  5 18:21:29 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->130.239.18.137, reusing
Dec  5 18:21:38 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->195.40.6.41, reusing
Dec  5 18:21:42 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->204.80.150.47, reusing
Dec  5 18:21:44 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->199.232.41.7, reusing
Dec  5 18:21:47 lucidpixels kernel: BLOCK: IN=eth1 OUT= 
MAC=00:a0:24:05:eb:87:00:c0:7b:b1:8d:3b:08:00 SRC=130.239.18.137 
DST=66.45.37.187 LEN=1500 TOS=0x00 PREC=0x00 TTL=232 ID=28140 DF 
PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=2
Dec  5 18:21:57 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->199.232.41.7, reusing
Dec  5 18:22:20 lucidpixels last message repeated 3 times
Dec  5 18:22:21 lucidpixels kernel: BLOCK: IN=eth1 OUT= 
MAC=00:a0:24:05:eb:87:00:c0:7b:b1:8d:3b:08:00 SRC=130.239.18.173 
DST=66.45.37.187 LEN=1500 TOS=0x00 PREC=0x00 TTL=232 ID=48463 DF 
PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=0
Dec  5 18:22:25 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->130.239.18.173, reusing
Dec  5 18:22:34 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->130.239.18.137, reusing
Dec  5 18:22:36 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->199.232.41.7, reusing
Dec  5 18:22:42 lucidpixels kernel: ip_conntrack: max number of expected 
connections 1 of ftp reached for 192.168.168.12->143.239.1.60, reusing
Dec  5 18:22:43 lucidpixels kernel: BLOCK: IN=eth1 OUT= 
MAC=00:a0:24:05:eb:87:00:c0:7b:b1:8d:3b:08:00 SRC=130.239.18.173 
DST=66.45.37.187 LEN=1500 TOS=0x00 PREC=0x00 TTL=232 ID=63220 DF 
PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=2

Harald Welte wrote:

>>Nov 29 03:29:26 lucidpixels kernel: ip_conntrack: max number of expected 
>>connections 1 of ftp reached for 192.168.xxx.xxx->129.128.5.191, reusing
>>Nov 29 03:29:30 lucidpixels kernel: ip_conntrack: max number of expected 
>>connections 1 of ftp reached for 192.168.xxx.xxx->129.132.7.170, reusing
>>Nov 29 03:29:36 lucidpixels kernel: ip_conntrack: max number of expected 
>>connections 1 of ftp reached for 192.168.xxx.xxx->195.113.31.123, reusing
>>
>>These fill up my logs (kern.info) which I use for logging iptables 
>>blocked packets.
>>    
>>
>
>the issue is that somebody is doing something very strange to your ftp
>server.  Inside an FTP session, there's always only one expectation,
>since there is only one unestablished data session per control session
>at any given point in time.
>
>  
>
>>Is there anyway to turn this feature off dynamically or should one just 
>>comment out line #970 in 
>>/usr/src/linux/net/ipv4/netfilter/ip_conntrack_core.c ?
>>    
>>
>
>feel free to remove the comment.  but in normal ftp protocol behaviour,
>the lines above should never be printed.
>
>  
>

next             reply	other threads:[~2002-12-05 23:21 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-12-05 23:29 jpiszcz [this message]
     [not found] <3DEFE07D.4020909@lucidpixels.com>
2002-12-06 13:59 ` [Fwd: Question with printk warnings in ip_conntrack with 2.4.20.] Jozsef Kadlecsik
2002-12-06 14:27   ` jpiszcz
     [not found] <1038618763.22065.1.camel@rth.ninka.net>
2002-12-05 20:07 ` Harald Welte

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3DEFE14F.8040403@lucidpixels.com \
    --to=jpiszcz@lucidpixels.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox