LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 08-22-2003, 11:23 AM   #1
toovato
Member
 
Registered: Jul 2003
Location: Ft Lauderdale, FL
Distribution: debian
Posts: 48

Rep: Reputation: 15
freeswan kernel module - syslog a disaster


Hello all:

Debian woody kernel 2.4.20 unstable



Previously was using kernel 2.4.21 unstable with no errors. I wanted to use freeswan, and it will only compile against 2.4.20.

So I compiled the standard debian way with initrd and freeswan patch (freeswan 2.01)

Syslog is now a mess, and the freeswan server brings my internet connection to a snails pace, if it works at all.

I have included a section of my syslog from boottime, along with some other info. Any light you can shed would be helpfull.

/var/log/messages:

Aug 20 03:53:28 noc kernel: EXT3-fs: mounted filesystem with ordered data mode.
Aug 20 03:53:28 noc kernel: parport0: PC-style at 0x378 (0x778) [PCSPP,TRISTATE,
EPP]
Aug 20 03:53:28 noc kernel: parport0: irq 7 detected
Aug 20 03:53:28 noc kernel: lp0: using parport0 (polling).
Aug 20 03:53:28 noc kernel: JEDEC: Found no ICH2 rom device at location zero
Aug 20 03:53:28 noc last message repeated 30 times
Aug 20 03:53:28 noc kernel: printing eip:
Aug 20 03:53:28 noc kernel: d0a5319a
Aug 20 03:53:28 noc kernel: Oops: 0002
Aug 20 03:53:28 noc kernel: CPU: 0
Aug 20 03:53:28 noc kernel: EIP: 0010:[af_packet:__insmod_af_packet_O/lib/mod
ules/2.4.20/kernel/net/packet/a+-16809574/96] Not tainted
Aug 20 03:53:28 noc kernel: EFLAGS: 00010286
Aug 20 03:53:28 noc kernel: eax: 000000aa ebx: 000aaaaa ecx: d0a53760 edx:
d167faaa
Aug 20 03:53:28 noc kernel: esi: cfb8de70 edi: d0a53760 ebp: 00000000 esp:
cfb8dcc8
Aug 20 03:53:28 noc kernel: ds: 0018 es: 0018 ss: 0018
Aug 20 03:53:28 noc kernel: Process modprobe.moduti (pid: 235, stackpage=cfb8d00
0)
Aug 20 03:53:28 noc kernel: Stack: d1a588d2 d0a53760 000000aa 000aaaaa ffffffff
00000282 00000001 00000282
Aug 20 03:53:28 noc kernel: 00000001 c0287014 00000001 00000002 00000000
cfb8de70 d0a53760 d1a59090
Aug 20 03:53:28 noc kernel: d0a53760 d1a563ab d0a53760 00000000 00000000
cfb8de70 d1a59098 d0a53760
Aug 20 03:53:28 noc kernel: Call Trace: [af_packet:__insmod_af_packet_O/lib/m
odules/2.4.20/kernel/net/packet/a+-10030/96] [af_packet:__insmod_af_packet_O/lib
/modules/2.4.20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_
O/lib/modules/2.4.20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_pa
cket_O/lib/modules/2.4.20/kernel/net/packet/a+-8048/96] [af_packet:__insmod_af_p
acket_O/lib/modules/2.4.20/kernel/net/packet/a+-16808096/96]
Aug 20 03:53:28 noc kernel: [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-19541/96] [af_packet:__insmod_af_packet_O/lib/modules/2.4.
20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_O/lib/modules
/2.4.20/kernel/net/packet/a+-8040/96] [af_packet:__insmod_af_packet_O/lib/module
s/2.4.20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_O/lib/m
odules/2.4.20/kernel/net/packet/a+-20162/96] [af_packet:__insmod_af_packet_O/lib
/modules/2.4.20/kernel/net/packet/a+-16808096/96]
Aug 20 03:53:28 noc kernel: [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-8048/96] [af_packet:__insmod_af_packet_O/lib/modules/2.4.2
0/kernel/net/packet/a+-18788859/96] [af_packet:__insmod_af_packet_O/lib/modules/
2.4.20/kernel/net/packet/a+-18788974/96] [af_packet:__insmod_af_packet_O/lib/mod
ules/2.4.20/kernel/net/packet/a+-18863221/96] [fsync_buffers_list+190/384] [copy
_files+220/672]
Aug 20 03:53:28 noc kernel: [schedule+515/832] [do_fork+1191/1792] [sys_wait4+
305/992] [sys_waitpid+39/48] [af_packet:__insmod_af_packet_O/lib/modules/2.4.20/
kernel/net/packet/a+-8040/96] [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-16808096/96]
Aug 20 03:53:28 noc kernel: [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-20353/96] [af_packet:__insmod_af_packet_O/lib/modules/2.4.
20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_O/lib/modules
/2.4.20/kernel/net/packet/a+-8048/96] [af_packet:__insmod_af_packet_O/lib/module
s/2.4.20/kernel/net/packet/a+-8040/96] [af_packet:__insmod_af_packet_O/lib/modul
es/2.4.20/kernel/net/packet/a+-16808501/96] [af_packet:__insmod_af_packet_O/lib/
modules/2.4.20/kernel/net/packet/a+-9881/96]
Aug 20 03:53:28 noc kernel: [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_O/lib/modules/2
.4.20/kernel/net/packet/a+-8048/96] [af_packet:__insmod_af_packet_O/lib/modules/
2.4.20/kernel/net/packet/a+-16826026/96] [af_packet:__insmod_af_packet_O/lib/mod
ules/2.4.20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_O/li
b/modules/2.4.20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet
_O/lib/modules/2.4.20/kernel/net/packet/a+-16808915/96]
Aug 20 03:53:28 noc kernel: [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-16808501/96] [af_packet:__insmod_af_packet_O/lib/modules/2
.4.20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_O/lib/modu
les/2.4.20/kernel/net/packet/a+-16808547/96] [af_packet:__insmod_af_packet_O/lib
/modules/2.4.20/kernel/net/packet/a+-16808024/96] [sys_init_module+1211/1584] [a
f_packet:__insmod_af_packet_O/lib/modules/2.4.20/kernel/net/packet/a+-16809888/9
6]
Aug 20 03:53:28 noc kernel: [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-16808184/96] [af_packet:__insmod_af_packet_O/lib/modules/2
.4.20/kernel/net/packet/a+-16809888/96] [system_call+51/56]
Aug 20 03:53:28 noc kernel:
Aug 20 03:53:28 noc kernel: Code: 88 82 00 00 40 00 f0 83 44 24 00 00 c3 89 f6 8
d bc 27 00 00
Aug 20 03:53:28 noc kernel: ttyS0: LSR safety check engaged!
Aug 20 03:53:28 noc kernel: ttyS0: LSR safety check engaged!
Aug 20 03:53:28 noc kernel: ttyS1: LSR safety check engaged!
Aug 20 03:53:28 noc kernel: ttyS1: LSR safety check engaged!
Aug 20 03:53:29 noc lpd[413]: restarted
Aug 20 03:53:32 noc xfs: ignoring font path element /usr/lib/X11/fonts/CID/ (unr
eadable)



noc:/etc# cat modules.conf|more
### This file is automatically generated by update-modules"
#
# Please do not edit this file directly. If you want to change or add
# anything please take a look at the files in /etc/modutils and read
# the manpage for update-modules.
#
### update-modules: start processing /etc/modutils/0keep
# DO NOT MODIFY THIS FILE!
# This file is not marked as conffile to make sure if you upgrade modutils
# it will be restored in case some modifications have been made.
#
# The keep command is necessary to prevent insmod and friends from ignoring
# the builtin defaults of a path-statement is encountered. Until all other
# packages use the new `add path'-statement this keep-statement is essential
# to keep your system working
keep

### update-modules: end processing /etc/modutils/0keep

### update-modules: start processing /etc/modutils/actions
# Special actions that are needed for some modules

# The BTTV module does not load the tuner module automatically,
# so do that in here
post-install bttv insmod tuner
post-remove bttv rmmod tuner


### update-modules: end processing /etc/modutils/actions

### update-modules: start processing /etc/modutils/aliases
# Aliases to tell insmod/modprobe which modules to use

# Uncomment the network protocols you don't want loaded:
# alias net-pf-1 off # Unix
# alias net-pf-2 off # IPv4
# alias net-pf-3 off # Amateur Radio AX.25
# alias net-pf-4 off # IPX
# alias net-pf-5 off # DDP / appletalk
# alias net-pf-6 off # Amateur Radio NET/ROM
# alias net-pf-9 off # X.25
# alias net-pf-10 off # IPv6
# alias net-pf-11 off # ROSE / Amateur Radio X.25 PLP
# alias net-pf-19 off # Acorn Econet

alias char-major-10-175 agpgart
alias char-major-10-200 tun
alias char-major-81 bttv
alias char-major-108 ppp_generic
alias /dev/ppp ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldisc-14 ppp_synctty
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate

# Crypto modules (see kerneli.org)
alias loop-xfer-gen-0 loop_gen
alias loop-xfer-3 loop_fish2
alias loop-xfer-gen-10 loop_gen
alias cipher-2 des
alias cipher-3 fish2
alias cipher-4 blowfish
alias cipher-6 idea
alias cipher-7 serp6f
alias cipher-8 mars6
alias cipher-11 rc62
alias cipher-15 dfc2
alias cipher-16 rijndael
alias cipher-17 rc5


### update-modules: end processing /etc/modutils/aliases

### update-modules: start processing /etc/modutils/apm
alias char-major-10-134 apm
alias /dev/apm_bios /dev/misc/apm_bios
alias /dev/misc/apm_bios apm

### update-modules: end processing /etc/modutils/apm

### update-modules: start processing /etc/modutils/paths
# This file contains a list of paths that modprobe should scan,
# beside the once that are compiled into the modutils tools
# themselves.


### update-modules: end processing /etc/modutils/paths

### update-modules: start processing /etc/modutils/ppp
alias /dev/ppp ppp_generic
alias char-major-108 ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldisc-14 ppp_synctty
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate

### update-modules: end processing /etc/modutils/ppp

### update-modules: start processing /etc/modutils/scsi-emu
options ide-cd ignore=hdd

alias scd0 sr_mod

pre-install sg modprobe ide-scsi
pre-install sr_mod modprobe ide-scsi
pre-install ide-scsi modprobe ide-cd

### update-modules: end processing /etc/modutils/scsi-emu

### update-modules: start processing /etc/modutils/setserial
#
# This is what I wanted to do, but logger is in /usr/bin, which isn't loaded
# when the module is first loaded into the kernel at boot time!
#
#post-install serial /etc/init.d/setserial start | logger -p daemon.info -t "set
serial-module reload"
#pre-remove serial /etc/init.d/setserial stop | logger -p daemon.info -t "setser
ial-module uload"
#
alias /dev/tts serial
alias /dev/tts/0 serial
alias /dev/tts/1 serial
alias /dev/tts/2 serial
alias /dev/tts/3 serial
post-install serial /etc/init.d/setserial modload > /dev/null 2> /dev/null
pre-remove serial /etc/init.d/setserial modsave > /dev/null 2> /dev/null

### update-modules: end processing /etc/modutils/setserial

### update-modules: start processing /etc/modutils/arch/i386
alias parport_lowlevel parport_pc
alias char-major-10-144 nvram
alias binfmt-0064 binfmt_aout
alias char-major-10-135 rtc

### update-modules: end processing /etc/modutils/arch/i386


noc:/etc# cat modules
# /etc/modules: kernel modules to load at boot time.
#
# This file should contain the names of kernel modules that are
# to be loaded at boot time, one per line. Comments begin with
# a "#", and everything on the line after them are ignored.

usb-uhci
input
usbkbd
keybdev
agpgart
i810
mga
r128
radeon
tdfx
3c59x
ip_gre
ipip
ip_conntrack
ip_conntrack_ftp
ip_nat_ftp
ip_conntrack_irc
ip_nat_irc
ip_nat_snmp_basic
ip_queue
ipt_LOG
ipt_MARK
ipt_MASQUERADE
ipt_MIRROR
ipt_REDIRECT
ipt_REJECT
ipt_limit
ipt_TCPMSS
ipt_state
ipt_length
ipt_mac
ipt_tos
ipt_TOS
ipt_owner
ipt_tcpmss
ipt_mark
ipt_multiport
ipt_ttl
iptable_mangle
iptable_filter
ipt_unclean
ide-scsi
ipt_ULOG
ipt_conntrack
ipt_ah
ipt_pkttype
ipt_helper
ipt_esp
ipt_dscp
ipt_ecn
ipt_DSCP
ipt_ECN
ip_nat_tftp
arp_tables
arptable_filter
ip_conntrack_amanda
ip_nat_amanda
usb-storage
tulip
 
Old 08-24-2003, 02:28 AM   #2
toovato
Member
 
Registered: Jul 2003
Location: Ft Lauderdale, FL
Distribution: debian
Posts: 48

Original Poster
Rep: Reputation: 15
An update

Tried another compile with 2.4.20 kernel with same syslog entries - still bad data

Did some more searching and found why freeswan kernel module would not compile against 2.4.21 - the 2.5 IPsec stack has been included in 2.4.21 - so a patch was necessary to the module source, which involved some edits to four source files and some new header information
anyway long story short it compiled.
Good news: the bad syslog entries disapeared.
Bad news: Connection is still hazy
The connection to the internet is real slow on first start of IPsec server - then it settles down to "normal" after a minute or two
meaning speed returns to semi-normal, but I am unable to access certain sites indescriminately -
syslog shows dropped packets during the connection losses as I surf the internet:
Aug 24 03:03:06 noc kernel: IN=eth0 OUT= MAC=00:04:75:a1:b3:e9:00:60:0f:4f:d3:e2:08:00 SRC=63.211.210.20 DST=68.209.111.12 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=44238 PROTO=TCP SPT=80 DPT=37754 WINDOW=17520 RES=0x00 ACK URGP=0
Aug 24 03:03:20 noc kernel: IN=eth0 OUT= MAC=00:04:75:a1:b3:e9:00:60:0f:4f:d3:e2:08:00 SRC=63.211.210.20 DST=68.209.111.12 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=24910 PROTO=TCP SPT=80 DPT=37753 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 24 03:03:20 noc kernel: IN=eth0 OUT= MAC=00:04:75:a1:b3:e9:00:60:0f:4f:d3:e2:08:00 SRC=63.211.210.20 DST=68.209.111.12 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=24947 PROTO=TCP SPT=80 DPT=37754 WINDOW=0 RES=0x00 ACK RST URGP=0

my current IPTables config should match any ip_conntrack entry (related,established), so the culprit might be there -
so I am trying to find a quick monitor of ip_conntrack - as tail -f doesnt seem to work on this file
no idea why ipsec would interfere with this file, or if that is the real source yet

anyone know a good gui for ip_conntrack? or why ipsec would change connection states there?

noc:/usr/src/kernel-source-2.4.21# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:10000 flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:www flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:https flags:SYN,RST,ACK/SYN
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- launchmodem anywhere udp spt:domain
ACCEPT udp -- launchmodem anywhere udp spt:domain
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem install Freeswan 1.98b on Linux kernel 2.4.25 MSwal2846 Linux - Software 1 03-29-2004 10:35 AM
kernel disaster... teona Linux - Newbie 2 12-25-2003 07:31 PM
AHHH!!! kernel upgrade disaster! axion0917 Linux - General 35 12-11-2003 06:45 AM
Newbie Kernel re-compile disaster Neorio Linux - General 7 10-23-2003 02:52 AM
kERNEL DISASTER nelsonnery Linux - Newbie 1 10-09-2003 04:46 AM


All times are GMT -5. The time now is 05:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration