kern/174749: Unexpected change of default route
Radek Krejča
radek.krejca at starnet.cz
Thu Jan 10 11:40:02 UTC 2013
The following reply was made to PR kern/174749; it has been noted by GNATS.
From: =?iso-8859-2?Q?Radek_Krej=E8a?= <radek.krejca at starnet.cz>
To: 'Krzysztof Barcikowski' <krzysiek at airnet.opole.pl>,
"bug-followup at FreeBSD.org" <bug-followup at FreeBSD.org>
Cc:
Subject: RE: kern/174749: Unexpected change of default route
Date: Thu, 10 Jan 2013 12:29:15 +0100
Hi, thank you for response, because problem is very bad for us, because our=
customers leave us. I have script which checks default route and switch it=
back and send e-mail to me so situation is better.
To problem - in your text:
> From: Krzysztof Barcikowski [mailto:krzysiek at airnet.opole.pl]
> Sent: Thursday, January 10, 2013 11:26 AM
> To: bug-followup at FreeBSD.org; Radek Krej=E8a
> Subject: Re: kern/174749: Unexpected change of default route
>=20
> Hello,
> Kindly please take a look at the following threads, similar problem appea=
rs:
> http://lists.freebsd.org/pipermail/freebsd-net/2012-March/031879.html
> http://lists.freebsd.org/pipermail/freebsd-net/2012-September/033209.html
> http://lists.freebsd.org/pipermail/freebsd-net/2012-September/033394.html
>=20
> I've also received email from other user reporting this problem:
>=20
> "Hello fellow.
> I found a thread in FreeBSD-net mailing list, where you was told
> about unexpectedly changed (on some kind of junk address) static routes
> http://lists.freebsd.org/pipermail/freebsd-net/2012-March/031879.html.
> I have a similar problem, but with default gateway.
> I think I found one more likeness in our systems, I am using renamed
> vlan interface. It was made in rc.conf
> by ifconfig_vlan3400_name=3D"comstar_w".
> Do you have something like that in your rc.conf?
> Or maybe you already found solution for these trouble?
I have some points to above:
- route monitor is useless - it only tells, that default route is changed a=
nd pid of process - but process doesnt exists at watching time....
- i have clean system, only with PF nat (it could be interesting)
- situation is the same on 8.2 and 9.0 (9.1 not tested)
- change is in reaction on traffic - in time of change, threre is a lot of =
garbage on network
I find out that ip of bad default route is used for traffic long time ago b=
efore change - udp traffic, I think, that it is torrent (or something simil=
ar) traffic. There could be 10 changes per minute (like yesterday).=20
I wrote script, which store all traffic (collected over tcpdump) in 10 seco=
nd files and in case of change stops collecting and deleting old logs - but=
I havent time to analyze it yet (i have about 200 vlans and 500 Mbit traff=
ic on this router). My konwledge of internet protocols is on bad level also=
....
Here are a little of commands on machine (mpd is new and wasnt installed du=
ring monitoring, snmpd too):
root at nat-62 /root# cat /etc/rc.conf
nat_number=3D"62"
ipv6_defaultrouter=3D"2a02:768:0:4000::4000"
ifconfig_em0_ipv6=3D"inet6 2a02:768:0:4000::${nat_number}"
keymap=3D"us.iso"
# enable routing
gateway_enable=3D"YES"
# enable ssh
sshd_enable=3D"YES"
# enable packet filter
pf_enable=3D"YES" # Enable PF (load module if requi=
red)
pf_rules=3D"/etc/pf.conf" # rules definition file for pf
pf_flags=3D"" # additional flags for pfctl star=
tup
pflog_enable=3D"NO" # start pflogd(8)
pflog_logfile=3D"/var/log/pflog" # where pflogd should store the l=
ogfile
pflog_flags=3D"" # additional flags for pflogd sta=
rtup
pfsync_enable=3D"NO" # Expose pf state to other hosts =
for syncing
# enable snmp
snmpd_enable=3D"YES"
snmpd_flags=3D"-a"
snmpd_pidfile=3D"/var/run/snmpd.pid"
fprobe_enable=3D"YES"
fprobe_server=3D"some_server"
ifconfig_em1=3D"up"
ipv6_activate_all_interfaces=3D"YES" # Set to YES to set up for IPv6.
ipv6_gateway_enable=3D"YES" # Set to YES if this host will be=
a gateway.
radvd_enable=3D"YES"
ntpdate_enable=3D"YES" # Run ntpdate to sync time on boo=
t (or NO).
ntpd_enable=3D"YES"
mpd_enable=3D"YES"
init_nat_enable=3D"YES"
root at nat-62 /root# ifconfig -l
em0 em1 lo0 vlan1208 vlan1210 vlan1212 vlan1214 vlan1216 vlan1218 vlan1220 =
vlan1222 vlan1224 vlan1226 vlan1228 vlan1230 vlan1232 vlan1234 vlan1236 vla=
n1238 vlan1240 vlan1248 vlan1246 vlan1244 vlan1242 vlan1207 vlan100 vlan106=
vlan107 vlan1001 vlan1003 vlan1005 vlan1007 vlan1009 vlan1011 vlan1013 vla=
n1015 vlan1017 vlan1019 vlan1021 vlan453 vlan1206 vlan1023 vlan1025 vlan102=
7 vlan1029 vlan1031 vlan1033 vlan1035 vlan1037 vlan332 vlan345 vlan341 vlan=
327 vlan333 vlan335 vlan336 vlan334 vlan337 vlan338 vlan339 vlan340 vlan342=
vlan343 vlan449 vlan329 vlan448 vlan401 vlan402 vlan403 vlan1051 vlan801 v=
lan297 vlan299
Important point - I have this machine diskless, readonly, dhclient isnt run=
ning:
root at nat-62 /root# ps -uax
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMM=
AND
root 11 371.5 0.0 0 64 ?? RL 19Dec12 111079:00.52 [idl=
e]
root 0 11.1 0.0 0 192 ?? DLs 19Dec12 4491:00.35 [ker=
nel]
root 12 10.4 0.0 0 288 ?? WL 19Dec12 3404:19.05 [int=
r]
root 1159 1.3 0.1 22332 3428 ?? Ss 19Dec12 615:51.38 /usr=
/sbin/ntpd -c /etc/ntp.conf -p /var/run/ntpd.pid -f /var/db/ntpd.drift
root 70422 0.4 0.0 14636 1604 1- S 9:07PM 5:59.16 sh .=
/reset_gw
root 1 0.0 0.0 6280 424 ?? ILs 19Dec12 0:01.22 /sbi=
n/init --
root 2 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [sct=
p_iterator]
root 3 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [xpt=
_thrd]
root 4 0.0 0.0 0 16 ?? DL 19Dec12 0:01.22 [pag=
edaemon]
root 5 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [vmd=
aemon]
root 6 0.0 0.0 0 16 ?? DL 19Dec12 0:00.02 [pag=
ezero]
root 7 0.0 0.0 0 16 ?? DL 19Dec12 0:30.66 [buf=
daemon]
root 8 0.0 0.0 0 16 ?? DL 19Dec12 0:09.11 [vnl=
ru]
root 9 0.0 0.0 0 16 ?? DL 19Dec12 3:37.36 [syn=
cer]
root 10 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [aud=
it]
root 13 0.0 0.0 0 48 ?? DL 19Dec12 0:02.22 [geo=
m]
root 14 0.0 0.0 0 16 ?? DL 19Dec12 58:39.99 [yar=
row]
root 15 0.0 0.0 0 128 ?? DL 19Dec12 1:19.63 [usb=
]
root 16 0.0 0.0 0 16 ?? DL 19Dec12 0:20.35 [acp=
i_thermal]
root 17 0.0 0.0 0 16 ?? DL 19Dec12 0:04.53 [acp=
i_cooling1]
root 18 0.0 0.0 0 16 ?? DL 19Dec12 0:11.27 [sof=
tdepflush]
root 33 0.0 0.0 0 16 ?? DL 19Dec12 0:01.36 [md0=
]
root 107 0.0 0.0 0 16 ?? DL 19Dec12 0:00.15 [md1=
]
root 112 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [md2=
]
root 117 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [md3=
]
root 122 0.0 0.0 0 16 ?? DL 19Dec12 0:00.32 [md4=
]
root 127 0.0 0.0 0 16 ?? DL 19Dec12 0:00.00 [md5=
]
root 139 0.0 0.0 0 16 ?? DL 19Dec12 0:01.77 [md6=
]
root 712 0.0 0.1 10372 3280 ?? Is 19Dec12 0:00.02 /sbi=
n/devd
root 731 0.0 0.0 0 16 ?? DL 19Dec12 5:55.99 [pfp=
urge]
root 927 0.0 0.0 12184 1448 ?? Ss 19Dec12 0:15.95 /usr=
/sbin/syslogd -s
root 1052 0.0 0.0 0 64 ?? DL 19Dec12 0:00.00 [ng_=
queue]
root 1062 0.0 0.1 33532 6128 ?? S 19Dec12 29:38.98 /usr=
/local/sbin/snmpd -p /var/run/snmpd.pid -a
root 1075 0.0 0.4 35504 16400 ?? Ss 19Dec12 178:17.51 /usr=
/local/sbin/fprobe -iem1 -fvlan&&ip -B4096 -r2 -q10000 -t10000:10000000 -K1=
8 something
root 1197 0.0 0.1 46876 3808 ?? Is 19Dec12 0:02.02 /usr=
/sbin/sshd
root 1204 0.0 0.1 20384 3432 ?? Ss 19Dec12 0:20.92 send=
mail: accepting connections (sendmail)
smmsp 1208 0.0 0.1 20384 3224 ?? Is 19Dec12 0:00.22 send=
mail: Queue runner at 00:30:00 for /var/spool/clientmqueue (sendmail)
root 1214 0.0 0.0 14260 1440 ?? Is 19Dec12 0:04.18 /usr=
/sbin/cron -s
root 57633 0.0 0.1 68016 4728 ?? Is 12:21PM 0:00.02 sshd=
: darius [priv] (sshd)
darius 58105 0.0 0.1 68016 4740 ?? S 12:21PM 0:00.01 sshd=
: darius at pts/0 (sshd)
root 86691 0.0 0.0 14636 1604 ?? S 12:24PM 0:00.00 sh .=
/reset_gw
root 86692 0.0 0.0 10052 1136 ?? S 12:24PM 0:00.00 /sbi=
n/route get default
root 86693 0.0 0.0 16424 1272 ?? S 12:24PM 0:00.00 grep=
gateway
root 86694 0.0 0.0 10056 920 ?? S 12:24PM 0:00.00 cut =
-d: -f2
root 86695 0.0 0.0 10056 968 ?? S 12:24PM 0:00.00 tr -=
d
root 1281 0.0 0.0 41300 1904 v0 Is 19Dec12 0:00.01 logi=
n [pam] (login)
jvelisek 8423 0.0 0.1 17668 2468 v0 I 19Dec12 0:00.01 -csh=
(csh)
root 8426 0.0 0.1 44572 2652 v0 I 19Dec12 0:00.01 sudo=
su -l
root 8427 0.0 0.0 41296 1796 v0 I 19Dec12 0:00.00 su -=
l
root 8428 0.0 0.1 17668 2464 v0 I+ 19Dec12 0:00.01 -su =
(csh)
root 1282 0.0 0.0 12184 1100 v1 Is+ 19Dec12 0:00.00 /usr=
/libexec/getty Pc ttyv1
root 1283 0.0 0.0 12184 1100 v2 Is+ 19Dec12 0:00.00 /usr=
/libexec/getty Pc ttyv2
root 1284 0.0 0.0 12184 1100 v3 Is+ 19Dec12 0:00.00 /usr=
/libexec/getty Pc ttyv3
root 1285 0.0 0.0 12184 1100 v4 Is+ 19Dec12 0:00.00 /usr=
/libexec/getty Pc ttyv4
root 1286 0.0 0.0 12184 1100 v5 Is+ 19Dec12 0:00.00 /usr=
/libexec/getty Pc ttyv5
root 1287 0.0 0.0 12184 1100 v6 Is+ 19Dec12 0:00.00 /usr=
/libexec/getty Pc ttyv6
root 1288 0.0 0.0 12184 1100 v7 Is+ 19Dec12 0:00.00 /usr=
/libexec/getty Pc ttyv7
darius 58106 0.0 0.1 17668 2540 0 Is 12:21PM 0:00.01 -csh=
(csh)
root 58889 0.0 0.0 41304 1888 0 I 12:21PM 0:00.00 su -=
l
root 59480 0.0 0.1 17668 2856 0 S 12:21PM 0:00.02 -su =
(csh)
root 86696 0.0 0.0 14328 1272 0 R+ 12:24PM 0:00.00 ps -=
uax
If you need any more informations please let me know.=20
Radek
More information about the freebsd-ipfw
mailing list