Tons of logs from IPv4: martian source

Tons of logs from IPv4: martian source

Postby mackowiakp » Aug 25th, '16, 16:29

I use old laptop as small server with Wake on LAN facility. It has plugged 3xUSB ver 3 PCI module. Onboard Ethernet Interface works as Wake on LAN interface but maximum speed is 100 MBps. Because of that I plugged Broadcom USB ver 3 to Gigabit Ethernet module for "ordinary" transmission. It is not possible to make WoL using this Gigabit module because of hardware limitation of PCI to USB ver 3 plugged module.

Below configuration of my interfaces:

Code: Select all
enp6s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.7  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::21e:68ff:fe25:d575  prefixlen 64  scopeid 0x20<link>
        ether 00:1e:68:25:d5:75  txqueuelen 1000  (Ethernet)
        RX packets 881  bytes 156707 (153.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 262  bytes 49140 (47.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens1u3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.7  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::76da:38ff:fe49:fc16  prefixlen 64  scopeid 0x20<link>
        ether 74:da:38:49:fc:16  txqueuelen 1000  (Ethernet)
        RX packets 45996  bytes 61152792 (58.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 25953  bytes 3654520 (3.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


Interface ens1u3 (IP - 192.168.0.7) is gigabit interface while enp6s0 (IP 192.168.1.7) is onboard 100 MBps Ethernet port.
Both interfaces has static IP configuration.

The problem is, that journald shows tons of logs such:

Code: Select all
IPv4: martian source 192.168.0.1 from 192.168.0.121, on dev enp6s0
kernel : ff ff ff ff ff ff 1c 5a 3e 54 d1 03 08 06
kernel : IPv4: martian source 192.168.0.1 from 192.168.0.121, on dev enp6s0
kernel : ll header: 00000000: ff ff ff ff ff ff 1c 5a 3e 54 d1 03 08 06
kernel : IPv4: martian source 192.168.0.1 from 192.168.0.121, on dev enp6s0
kernel : ll header: 00000000: ff ff ff ff ff ff 1c 5a 3e 54 d1 03 08 06 
kernel : IPv4: martian source 192.168.0.1 from 192.168.0.121, on dev enp6s0
kernel: ll header: 00000000: ff ff ff ff ff ff 1c 5a 3e 54 d1 03 08 06 
kernel: IPv4: martian source 192.168.0.1 from 192.168.0.121, on dev enp6s0
 kernel: ll header: 00000000: ff ff ff ff ff ff 1c 5a 3e 54 d1 03 08 06


The address 192.168.0.1 is address of my router and 192.68.0.121 is addres of internal DHCP server.
I disabled martians logs by placing such line in root cron:

Code: Select all
@reboot sleep 30; echo 0 >/proc/sys/net/ipv4/conf/tun0/log_martians


Now martians logging is disable but as far as I know it should not be disabled. So - in my meaning it is just workaround.

So is any possibility to reduce martians? Maybe something wrong with my configuration?
Linux is like wigwam. No Windows, no Gates but Apache inside

WARNING ! The administrator has the right to refuse to install WINDOWS, invoking the conscience clause
mackowiakp
 
Posts: 569
Joined: May 23rd, '13, 07:32
Location: Gdynia, Poland

Re: Tons of logs from IPv4: martian source

Postby doktor5000 » Aug 25th, '16, 23:00

mackowiakp wrote:I disabled martians logs by placing such line in root cron:
Code: Select all
@reboot sleep 30; echo 0 >/proc/sys/net/ipv4/conf/tun0/log_martians



Why don't you disable it properly via a sysctl.d droplet? That cronjob is not started reliably ...

mackowiakp wrote:Now martians logging is disable but as far as I know it should not be disabled. So - in my meaning it is just workaround.

Why do you think it shouldn't be disabled?

FWIW a martian header source is usually an IP invalid IP adress, or more specifically when the kernel does not expect such an IP adress related to the interface/network it came from.
Such as an 169.254.x.x APIPA adress that should be routed, or an 127.0.0.0/8 IP adress coming over a router.
As this relates to your VPN tun0 interface, might be a routing or topology problem, but without an example of such a martian and without you proving basic information about the respective topology nobody can tell.

You might want to read up on the topic:
https://www.novell.com/support/kb/doc.php?id=3923798
http://unix.stackexchange.com/questions ... om-same-ip
http://serverfault.com/questions/345369 ... nly-during
http://www.cyberciti.biz/faq/linux-log- ... addresses/
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 15029
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: Tons of logs from IPv4: martian source

Postby mackowiakp » Aug 26th, '16, 07:32

Sorry for my error. The line in cron looks that way:

Code: Select all
@reboot sleep 30; echo "0" > /proc/sys/net/ipv4/conf/all/log_martians


The line I place in previous post was a part of my investigations of problem, not a final solution. The line above, disable martians logs on all interfaces including VPN virtual interface and that is what I am using right now.

I think that martians logs should not be disable because each time when new Ethernet node was connected to network, I get an email with appropriate information. Is just for security reasons. Simply I know whats going on in my network.

What about topology - is very simple. There is one DHCP server in my network (based on Asus with Tomato software). This Asus router terminate OpenVPN server and is a part of my "intelligent house" installation because of connected I/O module (via USB), WiFi AP and it acts as off-line backup unit thanks to connected HDD. So it is not real router but kind of server (WAN port is bridged to internal switch). Real router has IP 192.168.0.1 and it is unit form ORANGE.
All nodes in network have addresses 192.168.0.XXX. DHCP server (IP - 192.168.0.121) serve IP addresses only for known MAC addresses and only for network 192.168.0.XXX. But of course somebody can set in particular unit, static IP configuration. In this case, martians will send me an email with such information. Thats why I dont want to disable it.
The node with IP address 192.168.0.7 is a server I mentioned in previous post. The server has own OpenVPN instance (on different port), DLNA server, video transcoding, Samba, torrent etc.
As I wrote, the server has second (on-board) Ethernet port with address 102.168.1.7 (static) and it is possible to have WoL facility on it. Both server ports are connected to Asus router build-in switch. In case of power failure, server shutdown itself thanks to UPS connected to USB port of server. After power restoration, Asus router send ether-wake broadcast to MAC address of 192.168.1.7 port. It is because server has no automatic startup facility after power failure or Wake on USB. But Asus router starts of course automatically after power restoration.

So my question is the same. Why martians generate tons of logs?
Linux is like wigwam. No Windows, no Gates but Apache inside

WARNING ! The administrator has the right to refuse to install WINDOWS, invoking the conscience clause
mackowiakp
 
Posts: 569
Joined: May 23rd, '13, 07:32
Location: Gdynia, Poland

Re: Tons of logs from IPv4: martian source

Postby doktor5000 » Aug 26th, '16, 11:03

Seems you didn't understand the problem at all, and you also didn't read up on martians.
doktor5000 wrote:As this relates to your VPN tun0 interface, might be a routing or topology problem, but without an example of such a martian [...] nobody can tell.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 15029
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany


Return to Networking

Who is online

Users browsing this forum: No registered users and 1 guest