From owner-freebsd-stable@FreeBSD.ORG Wed Oct 13 09:23:48 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5201E106564A for ; Wed, 13 Oct 2010 09:23:48 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA11.westchester.pa.mail.comcast.net (qmta11.westchester.pa.mail.comcast.net [76.96.59.211]) by mx1.freebsd.org (Postfix) with ESMTP id F0A828FC1C for ; Wed, 13 Oct 2010 09:23:47 +0000 (UTC) Received: from omta05.westchester.pa.mail.comcast.net ([76.96.62.43]) by QMTA11.westchester.pa.mail.comcast.net with comcast id J9Nu1f0030vyq2s5B9Pohs; Wed, 13 Oct 2010 09:23:48 +0000 Received: from koitsu.dyndns.org ([98.248.41.155]) by omta05.westchester.pa.mail.comcast.net with comcast id J9Pm1f0043LrwQ23R9Pnyr; Wed, 13 Oct 2010 09:23:48 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id AAF489B418; Wed, 13 Oct 2010 02:23:45 -0700 (PDT) Date: Wed, 13 Oct 2010 02:23:45 -0700 From: Jeremy Chadwick To: Marcin Message-ID: <20101013092345.GA54174@icarus.home.lan> References: <20101013081758.GA52870@icarus.home.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-stable@freebsd.org Subject: Re: Problem with security log X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Oct 2010 09:23:48 -0000 On Wed, Oct 13, 2010 at 11:03:36AM +0200, Marcin wrote: > 2010/10/13 Jeremy Chadwick : > > On Tue, Oct 12, 2010 at 10:50:28PM +0200, Marcin wrote: > >> Hi folks, > >> > >> For some time in the file / var / log / security appear illegible entries: > >> kernel: ipfw: 200 Deny UDiPp f1w9:2 .168.10.5:5230503 D22e4n.y0 > >> .U0D.P25 1:15923.5136 o8.u10t. 5va5 3r5e03 224.0.0.251:5353 in via re0 > >> > >> How to get rid of it? Please help... > > > > There isn't a 100% reliable way to get rid of this problem.  I've been > > harping about this for years (sorry to sound like a jerk, but this > > really is a major problem that keeps coming up and annoys users/admins > > to no end.  There are solutions -- Linux solved it by implementing a > > lockless circular ring buffer[1] used by kmsg). > > > > The """workaround""" -- which again, does not solve the problem, only > > decreases the regularity of it happening (and when it does happen, can > > sometimes decrease how much interspersed output there is) -- is to add > > the following line to your kernel config and rebuild/reinstall your > > kernel: > > > > options         PRINTF_BUFR_SIZE=128    # Prevent printf output being interspersed. > > > > This option became part of the GENERIC kernel configuration file at the > > following times: > > > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/amd64/conf/GENERIC#rev1.529 > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/i386/conf/GENERIC#rev1.517 > > > > Depending on what release/tag you follow, you may or may not find the > > above commit/change in your GENERIC file.  I can't be bothered to track > > down what time the CVS tagging was done, for multiple architectures, > > etc... > > > > [1]: http://www.mjmwired.net/kernel/Documentation/trace/ring-buffer-design.txt > > Hi Jeremy, > I have compiled kernel with this option and unfortunately problem still exist... > Do you have another idea how can i improve my log file? :) I was incorrect in my understanding/prognosis, so as Andriy pointed out, the option won't solve your problem. It sounds like the only way to solve this issue is to improve/fix the msgbuf code. Alternatively, you could consider moving from ipfw to pf(4) and use pflog(4) / pflogd(8). -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |