On Tue, 28 Oct 2008 18:40:17 +0100 Patrick McHardy <kaber@xxxxxxxxx> wrote: > Seems likely. Is that an SMP machine? Its possible that the ringbuffer > simply overflows before the logging daemon gets a chance to capture it, > but that should only cause truncated lines. Yes, SMP (Athlon64 X2 and I noticed it on a Xeon 3040 too). > What do your logging rules that might be responsible for this look like? My rules are pretty simple: # Generated by iptables-save v1.4.2 on Tue Oct 28 15:49:09 2008 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [454613:1227743602] :FLDR - [0:0] :LDR - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 137:139 -j ACCEPT -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 137:138 -j ACCEPT -A INPUT -p udp -m udp --dport 123 -j ACCEPT -A INPUT -p tcp -m tcp --dport 1863 -m comment --comment "AMSN" -j ACCEPT -A INPUT -p udp -m udp --dport 1194:1195 -m comment --comment "OpenVPN" -j ACCEPT -A INPUT -p tcp -m tcp --dport 6346 -m comment --comment "gnutella" -j ACCEPT -A INPUT -p udp -m udp --dport 6346 -m comment --comment "gnutella" -j ACCEPT -A INPUT -p tcp -m tcp --dport 6881:6899 -m comment --comment "AMSN" -j ACCEPT -A INPUT -p tcp -m tcp --dport 5190:5199 -m comment --comment "ICQ" -j ACCEPT -A INPUT -p tcp -m tcp --dport 8010 -m comment --comment "Jabber" -j ACCEPT -A INPUT -p tcp -m tcp --dport 23399 -m comment --comment "Skype" -j ACCEPT -A INPUT -p tcp -m tcp --dport 51526 -m comment --comment "Azureus" -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -p udp -m udp --sport 5001 --dport 5001 -j ACCEPT -A INPUT -j LDR -A FORWARD -s 192.168.1.0/24 -m state --state NEW -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -j FLDR -A FLDR -j LOG --log-prefix "DROP FORWARD: " --log-level 6 -A FLDR -j DROP -A LDR -j LOG --log-prefix "DROP INPUT: " --log-level 6 -A LDR -j DROP COMMIT # Completed on Tue Oct 28 15:49:09 2008 > I can't see anything in that report that would ring a bell. > Are you using any of the more unusual networking features, > like QoS, policy routing etc? No. Nothing special. The interesting is that this behaviour started at 2.6.25 kernel version, but I couldn't find anything that was changed between .24 and .25 to cause this. Very strange. Is there a way I can trace the function that generates the log output syslog line? I use Function Tracer included in 2.6.27 kernel already, but I need a way to stop the tracing it exactly at the point when this happens, otherwise the tracing buffer will be replaced... -- -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
