'dmesg' throws up garbage

Ashrack · 08-04-2006, 07:39 AM

I connect thru PPPOE! And I've set up my INET connection with 'pppoeconf'
But now when the PPP connection is established the DMESG log gets polluted with this:

Code:

[17181159.676000] Inbound IN=ppp0 OUT= MAC= SRC=221.209.110.45 DST=193.95.194.241 LEN=486 TOS=0x00 PREC=0x00 TTL=40 ID=0 DF PROTO=UDP SPT=49308 DPT=1027 LEN=466
[17181165.412000] Inbound IN=ppp0 OUT= MAC= SRC=200.88.50.148 DST=193.95.194.241 LEN=90 TOS=0x00 PREC=0x00 TTL=108 ID=21511 PROTO=UDP SPT=16988 DPT=32768 LEN=70
[17181186.240000] Inbound IN=ppp0 OUT= MAC= SRC=193.95.200.216 DST=193.95.194.241 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=12455 DF PROTO=TCP SPT=4075 DPT=445 WINDOW=64800 RES=0x00 SYN URGP=0
[17181189.232000] Inbound IN=ppp0 OUT= MAC= SRC=193.95.200.216 DST=193.95.194.241 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=12727 DF PROTO=TCP SPT=4075 DPT=445 WINDOW=64800 RES=0x00 SYN URGP=0

How to I disable PPPOE writting to DMESG?
Its very annyoing since I cant view the messeages now anymore!! And I have observed the same behavior on 2 computers!!!

Code:

ifconfig
##4 my lan
eth0      Link encap:Ethernet  HWaddr 00:08:A1:75:1C:87
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0 
          inet6 addr: fe80::208:a1ff:fe75:1c87/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:252 errors:0 dropped:0 overruns:0 frame:0
          TX packets:157 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:23144 (22.6 KiB)  TX bytes:22295 (21.7 KiB)
          Interrupt:10 Base address:0xe400

##4 PPPOE connetion
eth1      Link encap:Ethernet  HWaddr 00:08:A1:0E:0A:F9
          inet6 addr: fe80::208:a1ff:fe0e:af9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28358 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22131 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:25787865 (24.5 MiB)  TX bytes:2887201 (2.7 MiB)
          Interrupt:3 Base address:0xe800

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:50 errors:0 dropped:0 overruns:0 frame:0
          TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3636 (3.5 KiB)  TX bytes:3636 (3.5 KiB)

### The PPPOE connection
ppp0      Link encap:Point-to-Point Protocol
          inet addr:193.77.18.15  P-t-P:213.250.19.90  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:27803 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21717 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:25102751 (23.9 MiB)  TX bytes:2396808 (2.2 MiB)

Using UBUNTU DAPPER

peter_robb · 08-04-2006, 08:22 AM

Check your iptables rules for -j LOG rules,
then have a look at http://wiki.linuxquestions.org/wiki/...ables_messages

Ashrack · 08-04-2006, 09:38 AM

How do I check my IPTABLES rule?
And also I checked that link but I still havent a clue what to do?

peter_robb · 08-04-2006, 09:54 AM

do iptables-save to list them out.

The link depends on whether you have any -j LOG rules or not.

Ashrack · 08-04-2006, 10:28 AM

here's my output:

Code:

tom@ashrack:~$ sudo iptables-save |grep 'log'
-A INPUT -j LOG --log-prefix "Unknown Input" --log-level 6
-A FORWARD -j LOG --log-prefix "Unknown Forward" --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSO -m limit --limit 5/sec -j LOG --log-prefix "Outbound " --log-level 6
-A OUTPUT -j LOG --log-prefix "Unknown Output" --log-level 6

so what to do now? I've read your link but Im no closer to a sollution

peter_robb · 08-04-2006, 11:19 AM

Basically you need to install ulogd, make the changes to it's config file, make the changes to the /etc/logrotate.d/ulogd file, and change some iptables rules as per the link.

Ashrack · 08-04-2006, 12:55 PM

I did all of that! And after that I restarted /etc/init.d/ulogd
But in 'dmesg' I still get the netlink packets!
Probably I should restart it right, but is there a way I can achieve this without restarting it, since 5PCs are curently connected to this machine since this machine is responsible for ICS,DHCP,FileServer

peter_robb · 08-04-2006, 02:29 PM

What are your iptables rules using now?

-j ULOG --ulog-nlgroup x --ulog-prefix xxx ??

Ashrack · 08-05-2006, 04:39 AM

I restarted the server hoping it will work but I still get the same garbage in 'dmesg'

And heres the new output:

Code:

tom@ashrack:~$ sudo iptables-save |grep 'log'
-A INPUT -j LOG --log-prefix "Unknown Input" --log-level 6
-A FORWARD -j LOG --log-prefix "Unknown Forward" --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSO -m limit --limit 5/sec -j LOG --log-prefix "Outbound " --log-level 6
-A OUTPUT -j LOG --log-prefix "Unknown Output" --log-level 6

Hope this is what U want, cos I didnt quite understand what U meant with:

Quote:

What are your iptables rules using now?

-j ULOG --ulog-nlgroup x --ulog-prefix xxx ??

*edit:upon further examination I found that I dont have /proc/kmesg but instead its /proc/kmsg*
Could that be the problem++

peter_robb · 08-05-2006, 05:46 PM

Ok, don't do sudo iptables-save |grep 'log'

Just do iptables-save..
Any rules with -j LOG need to be changed to the suggested -j ULOG style.

I don't recognise the rules style, so I can't say where they are saved/stored..

deVas · 08-05-2006, 05:53 PM

Try to configure your firewall script.
deVas

Ashrack · 08-06-2006, 04:00 AM

Quote:

Originally Posted by deVas

Try to configure your firewall script.
deVas

Am using FIRESTARTER! Where do I change the scripts then??

Ashrack · 08-06-2006, 04:02 AM

Quote:

Originally Posted by peter_robb

Ok, don't do sudo iptables-save |grep 'log'

Just do iptables-save..
Any rules with -j LOG need to be changed to the suggested -j ULOG style.

I don't recognise the rules style, so I can't say where they are saved/stored..

When doing 'sudo iptable-save'
THere are a lot of '-j LOG' but none -j ULOG style.
What to do now?

deVas · 08-06-2006, 11:30 AM

I assume the firewall (script) put the iptables rules, so to be consitent with the firewall script (which will override your manual settings on every boot) change the firewall configuration.
Type

Code:

man firestarter

, try

Code:

zless /usr/share/docs/firestarter/README

or the www.
devas

peter_robb · 08-07-2006, 12:22 PM

I'm not too sure Firestarter knows about the ULOG target..
Time to check!