lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 23 Aug 2007 22:47:57 +0600
From:	"Alexander E. Patrakov" <patrakov@....usu.ru>
To:	linux-kernel@...r.kernel.org
Cc:	madduck@...duck.net
Subject: Re: what does this mean: "kernel: 7.0.0.1:53 L=79 S=0x00 I=39869
   F=0x4000 T=64"

martin f krafft wrote:
> also sprach Alexander E. Patrakov <patrakov@....usu.ru> [2007.08.23.1730 +0200]:
>>> I am staring at this log message:
>>>   kernel: 7.0.0.1:53 L=79 S=0x00 I=39869 F=0x4000 T=64
>>> and I cannot figure out what it's trying to tell me. Could someone
>>> please enlighten me?
>> Looks like some DNS packet got logged by your firewall rules.
> 
> But my firewall rules certainly do not log DNS packets, and if they
> did, it would look very differently, no? I always prefix my iptables
> LOG messages anyway.

Sorry. Indeed, it differs very much from the normal packet log and 
cannot be obtained by truncation:

Aug 20 13:25:39 dsa kernel: packet trace: IN=eth0 OUT=eth2 
SRC=192.168.0.96 DST=192.36.143.150 LEN=76 TOS=0x00 PREC=0x00 TTL=63 
ID=0 DF PROTO=UDP SPT=123 DPT=123 LEN=56

> This is a Xen client, if it makes a difference.

None of the results of grep -r 'L=%' linux-2.6.22.1 match your string. 
So this must indeed be something out-of-tree - but Xen-3.1.0 or 3.0.4 
doesn't match either. Or function that produced this message in the log 
doesn't use printf-like functions for formatting numbers.

However, the style does look similar to a message in ipw2100.c:

IPW_DEBUG_TX("TX%d V=%p P=%04X T=%04X L=%d\n", i,
              &txq->drv[i],
              (u32) (txq->nic + i * sizeof(struct ipw2100_bd)),
              txq->drv[i].host_addr, txq->drv[i].buf_length);

-- 
Alexander E. Patrakov
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ