lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 18 Mar 2012 03:15:54 +0000
From:	Ben Hutchings <ben@...adent.org.uk>
To:	Reinhard Karcher <reinhard.karcher@....net>
Cc:	664064@...s.debian.org, netdev <netdev@...r.kernel.org>
Subject: Re: Bug#664064: linux-image-3.3.0-rc6-amd64: 4 messages every
 minute in syslog from netlink

[Please reply to all, not just to me.]

On Thu, 2012-03-15 at 19:01 +0100, Reinhard Karcher wrote:
> Am 15.03.2012 18:14, schrieb Ben Hutchings:
> > On Thu, 2012-03-15 at 13:00 +0100, Reinhard Karcher wrote:
> >> Package: linux-2.6
> >> Version: 3.3~rc6-1~experimental.1
> >> Severity: normal
> >>
> >> The kernel log says all!
> >> I have 2 laptops showing the messages, both amd64.
> >> One of them runs a 32-bit system in a VM with the linux-image-3.3.0-rc6-686-pae kernel,
> >> that does not have this problem.
> >> The amd64 kernel from unstable (3.2.0-2) does not show the messages.
> >>
> >> Reinhard
> >>
> >> -- Package-specific info:
> >> ** Version:
> >> Linux version 3.3.0-rc6-amd64 (Debian 3.3~rc6-1~experimental.1) (debian-kernel@...ts.debian.org) (gcc version 4.6.3 (Debian 4.6.3-1) ) #1 SMP Mon Mar 5 20:53:11 UTC 2012
> >>
> >> ** Command line:
> >> BOOT_IMAGE=/boot/vmlinuz-3.3.0-rc6-amd64 root=UUID=9bb56ba6-3117-47d6-b07c-2cca477643e9 ro quiet cgroup_enable=memory
> >>
> >> ** Not tainted
> >>
> >> ** Kernel log:
> >> [46368.760279] netlink: 140 bytes leftover after parsing attributes.
[...]
> The same system, but using the kernel from unstable and not from 
> experimental does not show the messages, so they are related to the 
> experimetal kernel.
> Does this tell anything?
> root@...llon:/home/reinhard# lsof | grep netlink
> dnsmasq   1862     dnsmasq  mem       REG                8,2     24712 
>    7391593 /usr/lib/libnfnetlink.so.0.2.0 
> 
> kded4     2839    reinhard  mem       REG                8,2     12272 
>    9683029 /usr/lib/ntrack/modules/ntrack-rtnetlink.so 

Well, netlink is a protocol, not a file.  But most programs using
netlink will probably use a library with 'netlink' or 'libnl' in its
name, so this does provide some clues.

[later:]
> Some further investigation showed that the 1st occurrence of the message 
> is related to the start of KDE. After stopping X (and KDE) there are no 
> new messages logged.

OK, so it's something running in your KDE session.  And the results you
got from lsof suggest that it's some kind of network monitor that's
hosted by kded4, using the ntrack library
<https://launchpad.net/ntrack>.  I've never heard of this before.

ntrack appearently has the option to use either libnl or its own
built-in netlink protocol code, and is using the latter on your system.
If you install ntrack-module-libnl-0 and remove
ntrack-module-rtnetlink-0, does this fix the problem?

Ben.

-- 
Ben Hutchings
Larkinson's Law: All laws are basically false.

Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ