DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Previously was using kernel 2.4.21 unstable with no errors. I wanted to use freeswan, and it will only compile against 2.4.20.
So I compiled the standard debian way with initrd and freeswan patch (freeswan 2.01)
Syslog is now a mess, and the freeswan server brings my internet connection to a snails pace, if it works at all.
I have included a section of my syslog from boottime, along with some other info. Any light you can shed would be helpfull.
/var/log/messages:
Aug 20 03:53:28 noc kernel: EXT3-fs: mounted filesystem with ordered data mode.
Aug 20 03:53:28 noc kernel: parport0: PC-style at 0x378 (0x778) [PCSPP,TRISTATE,
EPP]
Aug 20 03:53:28 noc kernel: parport0: irq 7 detected
Aug 20 03:53:28 noc kernel: lp0: using parport0 (polling).
Aug 20 03:53:28 noc kernel: JEDEC: Found no ICH2 rom device at location zero
Aug 20 03:53:28 noc last message repeated 30 times
Aug 20 03:53:28 noc kernel: printing eip:
Aug 20 03:53:28 noc kernel: d0a5319a
Aug 20 03:53:28 noc kernel: Oops: 0002
Aug 20 03:53:28 noc kernel: CPU: 0
Aug 20 03:53:28 noc kernel: EIP: 0010:[af_packet:__insmod_af_packet_O/lib/mod
ules/2.4.20/kernel/net/packet/a+-16809574/96] Not tainted
Aug 20 03:53:28 noc kernel: EFLAGS: 00010286
Aug 20 03:53:28 noc kernel: eax: 000000aa ebx: 000aaaaa ecx: d0a53760 edx:
d167faaa
Aug 20 03:53:28 noc kernel: esi: cfb8de70 edi: d0a53760 ebp: 00000000 esp:
cfb8dcc8
Aug 20 03:53:28 noc kernel: ds: 0018 es: 0018 ss: 0018
Aug 20 03:53:28 noc kernel: Process modprobe.moduti (pid: 235, stackpage=cfb8d00
0)
Aug 20 03:53:28 noc kernel: Stack: d1a588d2 d0a53760 000000aa 000aaaaa ffffffff
00000282 00000001 00000282
Aug 20 03:53:28 noc kernel: 00000001 c0287014 00000001 00000002 00000000
cfb8de70 d0a53760 d1a59090
Aug 20 03:53:28 noc kernel: d0a53760 d1a563ab d0a53760 00000000 00000000
cfb8de70 d1a59098 d0a53760
Aug 20 03:53:28 noc kernel: Call Trace: [af_packet:__insmod_af_packet_O/lib/m
odules/2.4.20/kernel/net/packet/a+-10030/96] [af_packet:__insmod_af_packet_O/lib
/modules/2.4.20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_
O/lib/modules/2.4.20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_pa
cket_O/lib/modules/2.4.20/kernel/net/packet/a+-8048/96] [af_packet:__insmod_af_p
acket_O/lib/modules/2.4.20/kernel/net/packet/a+-16808096/96]
Aug 20 03:53:28 noc kernel: [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-19541/96] [af_packet:__insmod_af_packet_O/lib/modules/2.4.
20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_O/lib/modules
/2.4.20/kernel/net/packet/a+-8040/96] [af_packet:__insmod_af_packet_O/lib/module
s/2.4.20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_O/lib/m
odules/2.4.20/kernel/net/packet/a+-20162/96] [af_packet:__insmod_af_packet_O/lib
/modules/2.4.20/kernel/net/packet/a+-16808096/96]
Aug 20 03:53:28 noc kernel: [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-8048/96] [af_packet:__insmod_af_packet_O/lib/modules/2.4.2
0/kernel/net/packet/a+-18788859/96] [af_packet:__insmod_af_packet_O/lib/modules/
2.4.20/kernel/net/packet/a+-18788974/96] [af_packet:__insmod_af_packet_O/lib/mod
ules/2.4.20/kernel/net/packet/a+-18863221/96] [fsync_buffers_list+190/384] [copy
_files+220/672]
Aug 20 03:53:28 noc kernel: [schedule+515/832] [do_fork+1191/1792] [sys_wait4+
305/992] [sys_waitpid+39/48] [af_packet:__insmod_af_packet_O/lib/modules/2.4.20/
kernel/net/packet/a+-8040/96] [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-16808096/96]
Aug 20 03:53:28 noc kernel: [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-20353/96] [af_packet:__insmod_af_packet_O/lib/modules/2.4.
20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_O/lib/modules
/2.4.20/kernel/net/packet/a+-8048/96] [af_packet:__insmod_af_packet_O/lib/module
s/2.4.20/kernel/net/packet/a+-8040/96] [af_packet:__insmod_af_packet_O/lib/modul
es/2.4.20/kernel/net/packet/a+-16808501/96] [af_packet:__insmod_af_packet_O/lib/
modules/2.4.20/kernel/net/packet/a+-9881/96]
Aug 20 03:53:28 noc kernel: [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_O/lib/modules/2
.4.20/kernel/net/packet/a+-8048/96] [af_packet:__insmod_af_packet_O/lib/modules/
2.4.20/kernel/net/packet/a+-16826026/96] [af_packet:__insmod_af_packet_O/lib/mod
ules/2.4.20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_O/li
b/modules/2.4.20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet
_O/lib/modules/2.4.20/kernel/net/packet/a+-16808915/96]
Aug 20 03:53:28 noc kernel: [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-16808501/96] [af_packet:__insmod_af_packet_O/lib/modules/2
.4.20/kernel/net/packet/a+-16808096/96] [af_packet:__insmod_af_packet_O/lib/modu
les/2.4.20/kernel/net/packet/a+-16808547/96] [af_packet:__insmod_af_packet_O/lib
/modules/2.4.20/kernel/net/packet/a+-16808024/96] [sys_init_module+1211/1584] [a
f_packet:__insmod_af_packet_O/lib/modules/2.4.20/kernel/net/packet/a+-16809888/9
6]
Aug 20 03:53:28 noc kernel: [af_packet:__insmod_af_packet_O/lib/modules/2.4.20
/kernel/net/packet/a+-16808184/96] [af_packet:__insmod_af_packet_O/lib/modules/2
.4.20/kernel/net/packet/a+-16809888/96] [system_call+51/56]
Aug 20 03:53:28 noc kernel:
Aug 20 03:53:28 noc kernel: Code: 88 82 00 00 40 00 f0 83 44 24 00 00 c3 89 f6 8
d bc 27 00 00
Aug 20 03:53:28 noc kernel: ttyS0: LSR safety check engaged!
Aug 20 03:53:28 noc kernel: ttyS0: LSR safety check engaged!
Aug 20 03:53:28 noc kernel: ttyS1: LSR safety check engaged!
Aug 20 03:53:28 noc kernel: ttyS1: LSR safety check engaged!
Aug 20 03:53:29 noc lpd[413]: restarted
Aug 20 03:53:32 noc xfs: ignoring font path element /usr/lib/X11/fonts/CID/ (unr
eadable)
noc:/etc# cat modules.conf|more
### This file is automatically generated by update-modules"
#
# Please do not edit this file directly. If you want to change or add
# anything please take a look at the files in /etc/modutils and read
# the manpage for update-modules.
#
### update-modules: start processing /etc/modutils/0keep
# DO NOT MODIFY THIS FILE!
# This file is not marked as conffile to make sure if you upgrade modutils
# it will be restored in case some modifications have been made.
#
# The keep command is necessary to prevent insmod and friends from ignoring
# the builtin defaults of a path-statement is encountered. Until all other
# packages use the new `add path'-statement this keep-statement is essential
# to keep your system working
keep
### update-modules: end processing /etc/modutils/0keep
### update-modules: start processing /etc/modutils/actions
# Special actions that are needed for some modules
# The BTTV module does not load the tuner module automatically,
# so do that in here
post-install bttv insmod tuner
post-remove bttv rmmod tuner
### update-modules: end processing /etc/modutils/actions
### update-modules: start processing /etc/modutils/aliases
# Aliases to tell insmod/modprobe which modules to use
# Uncomment the network protocols you don't want loaded:
# alias net-pf-1 off # Unix
# alias net-pf-2 off # IPv4
# alias net-pf-3 off # Amateur Radio AX.25
# alias net-pf-4 off # IPX
# alias net-pf-5 off # DDP / appletalk
# alias net-pf-6 off # Amateur Radio NET/ROM
# alias net-pf-9 off # X.25
# alias net-pf-10 off # IPv6
# alias net-pf-11 off # ROSE / Amateur Radio X.25 PLP
# alias net-pf-19 off # Acorn Econet
alias char-major-10-175 agpgart
alias char-major-10-200 tun
alias char-major-81 bttv
alias char-major-108 ppp_generic
alias /dev/ppp ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldisc-14 ppp_synctty
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
# Crypto modules (see kerneli.org)
alias loop-xfer-gen-0 loop_gen
alias loop-xfer-3 loop_fish2
alias loop-xfer-gen-10 loop_gen
alias cipher-2 des
alias cipher-3 fish2
alias cipher-4 blowfish
alias cipher-6 idea
alias cipher-7 serp6f
alias cipher-8 mars6
alias cipher-11 rc62
alias cipher-15 dfc2
alias cipher-16 rijndael
alias cipher-17 rc5
### update-modules: end processing /etc/modutils/aliases
### update-modules: start processing /etc/modutils/apm
alias char-major-10-134 apm
alias /dev/apm_bios /dev/misc/apm_bios
alias /dev/misc/apm_bios apm
### update-modules: end processing /etc/modutils/apm
### update-modules: start processing /etc/modutils/paths
# This file contains a list of paths that modprobe should scan,
# beside the once that are compiled into the modutils tools
# themselves.
### update-modules: end processing /etc/modutils/paths
### update-modules: start processing /etc/modutils/ppp
alias /dev/ppp ppp_generic
alias char-major-108 ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldisc-14 ppp_synctty
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
### update-modules: end processing /etc/modutils/ppp
### update-modules: end processing /etc/modutils/scsi-emu
### update-modules: start processing /etc/modutils/setserial
#
# This is what I wanted to do, but logger is in /usr/bin, which isn't loaded
# when the module is first loaded into the kernel at boot time!
#
#post-install serial /etc/init.d/setserial start | logger -p daemon.info -t "set
serial-module reload"
#pre-remove serial /etc/init.d/setserial stop | logger -p daemon.info -t "setser
ial-module uload"
#
alias /dev/tts serial
alias /dev/tts/0 serial
alias /dev/tts/1 serial
alias /dev/tts/2 serial
alias /dev/tts/3 serial
post-install serial /etc/init.d/setserial modload > /dev/null 2> /dev/null
pre-remove serial /etc/init.d/setserial modsave > /dev/null 2> /dev/null
### update-modules: end processing /etc/modutils/setserial
### update-modules: start processing /etc/modutils/arch/i386
alias parport_lowlevel parport_pc
alias char-major-10-144 nvram
alias binfmt-0064 binfmt_aout
alias char-major-10-135 rtc
### update-modules: end processing /etc/modutils/arch/i386
noc:/etc# cat modules
# /etc/modules: kernel modules to load at boot time.
#
# This file should contain the names of kernel modules that are
# to be loaded at boot time, one per line. Comments begin with
# a "#", and everything on the line after them are ignored.
Tried another compile with 2.4.20 kernel with same syslog entries - still bad data
Did some more searching and found why freeswan kernel module would not compile against 2.4.21 - the 2.5 IPsec stack has been included in 2.4.21 - so a patch was necessary to the module source, which involved some edits to four source files and some new header information
anyway long story short it compiled.
Good news: the bad syslog entries disapeared.
Bad news: Connection is still hazy
The connection to the internet is real slow on first start of IPsec server - then it settles down to "normal" after a minute or two
meaning speed returns to semi-normal, but I am unable to access certain sites indescriminately -
syslog shows dropped packets during the connection losses as I surf the internet:
Aug 24 03:03:06 noc kernel: IN=eth0 OUT= MAC=00:04:75:a1:b3:e9:00:60:0f:4f:d3:e2:08:00 SRC=63.211.210.20 DST=68.209.111.12 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=44238 PROTO=TCP SPT=80 DPT=37754 WINDOW=17520 RES=0x00 ACK URGP=0
Aug 24 03:03:20 noc kernel: IN=eth0 OUT= MAC=00:04:75:a1:b3:e9:00:60:0f:4f:d3:e2:08:00 SRC=63.211.210.20 DST=68.209.111.12 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=24910 PROTO=TCP SPT=80 DPT=37753 WINDOW=0 RES=0x00 ACK RST URGP=0
Aug 24 03:03:20 noc kernel: IN=eth0 OUT= MAC=00:04:75:a1:b3:e9:00:60:0f:4f:d3:e2:08:00 SRC=63.211.210.20 DST=68.209.111.12 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=24947 PROTO=TCP SPT=80 DPT=37754 WINDOW=0 RES=0x00 ACK RST URGP=0
my current IPTables config should match any ip_conntrack entry (related,established), so the culprit might be there -
so I am trying to find a quick monitor of ip_conntrack - as tail -f doesnt seem to work on this file
no idea why ipsec would interfere with this file, or if that is the real source yet
anyone know a good gui for ip_conntrack? or why ipsec would change connection states there?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.