Hi,
Jozsef Kadlecsik schrieb:
In the first dump there is no dropped packet and the second one contains a
single packet. Neither of the dumps help. I need a full record of a TCP
session in which packets were marked as INVALID. If you can attach the log
record, that'd be even better.
Sorry, my fault.
Here's what I've done now:
- "tcpdump -s0" on the external interface
- I log invalid packets using this iptables rule:
iptables -t mangle -A PREROUTING -m state --state INVALID -j LOG
- locate "invalid" dropped in kernel.log
- tcpdump -r -w on port identified above to create a session dump.
I've uploaded such a session dump and the corresponding log line to
http://baetzler.de/sandbox/dump.tar.bz2
I'm running a Debian flavour 2.6.25 kernel (nf_conntrack version 0.5.0
(16384 buckets, 65536 max)).
If there's a better/different method to do this or to get additional
debugging info, please let me know. I'm currently running a kernel
compiled with debugging info for netfilter enabled, but this does not
seem to produce any additional output in kernel.log.
TIA,
Thomas
--
BRINGE Informationstechnik GmbH
Zur Seeplatte 12
D-76228 Karlsruhe
Germany
Fon: +49 721 94246-0
Fon: +49 171 5438457
Fax: +49 721 94246-66
Web: http://www.bringe.de/
Geschäftsführer: Dipl.-Ing. (FH) Martin Bringe
Ust.Id: DE812936645, HRB 108943 Mannheim
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
