Bug 142921 - netdump generates martian log messages on neighboring machines
Summary: netdump generates martian log messages on neighboring machines
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: netdump   
(Show other bugs)
Version: 3.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Jeff Moyer
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-12-15 00:05 UTC by John Caruso
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-01-28 16:13:11 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description John Caruso 2004-12-15 00:05:26 UTC
Description of problem:
netdump causes logging of "martian destination from a.b.c.d, 
dev eth0" on systems on the same network as a system which has 
crashed and has netdump configured with only SYSLOGADDR set (not 
NETDUMPADDR or any other netdump config variables)

Version-Release number of selected component (if applicable):

How reproducible:
Start netdump on a server with only SYSLOGADDR set (pointing to a 
server on a different network--though I don't know if that's required 
or not), crash that server, and check the syslog output on other 
servers on the same network as the crashed/crashing server.

Additional info:
On the system that was running netdump with only SYSLOGADDR and which 
later crashed (host1), this was the sequence of netdump startup 

kernel: netlog: using network device <eth0>
kernel: netlog: using source IP a.b.c.d
kernel: netlog: using source UDP port: 6666
kernel: netlog: using syslog target IP w.x.y.z, port: 514
kernel: netlog: using broadcast ethernet frames to send netdump 
kernel: netlog: using broadcast ethernet frames to send netdump 
kernel: netlog: using syslog target ethernet address 
kernel: netlog: network logging started up successfully!

Note that it says "using broadcast ethernet frames to send netdump 
packets," despite the fact that netdump should only be logging to 
syslog.  Then here's the sequence of events in the centralized syslog 
file when this system eventually crashed:

Dec 14 12:57:29 host1 [...various kernel oops messages, omitted...]
Dec 14 12:57:32 host1 < netdump activated - performing handshake with 
the client. >
Dec 14 12:57:32 host2 martian destination from a.b.c.d, dev 
Dec 14 12:57:32 host3 martian destination from a.b.c.d, dev 
Dec 14 12:57:32 host4 martian destination from a.b.c.d, dev 

Note that host2/3/4 (the other hosts on the same network as host1) 
immediately start logging the "martian" messages after host1 starts 
trying to do its netdump.  These martian log messages then start 
being generated very rapidly; we had thousands within a few minutes.  
Also, host1 doesn't ever go down...it just hangs in netdump, 
apparently, sending out its broadcasts and generating these martian 
messages on its neighbors.

So the bug may be that netdump shouldn't be sending broadcast packets 
when it's only been configured to send to syslog (with a specific 
SYSLOGADDR set), or that netdump should eventually give up and let 
the machine finish crashing and rebooting, or possibly even that 
RHEL3 systems  shouldn't generate martian messages for these netdump 
broadcasts...or some combination of all of these.  But whatever it 
is, things shouldn't work this way.

Comment 1 Jeff Moyer 2005-01-28 16:13:11 UTC
In RHEL 3, this is not a supported configuration.

Comment 2 John Caruso 2005-01-28 18:18:00 UTC
What specifically is not supported about this configuration?  There's nothing in
the netdump docs to indicate that it's non-standard.

Comment 3 John Caruso 2005-01-28 18:20:25 UTC
(I'm asking just so that I'll know what it is we're supposed to be avoiding,
since it's not clear from your response....)

Comment 4 Jeff Moyer 2005-01-31 13:07:01 UTC
Oh, sorry my response was so vague.  In RHEL 3, if you load the netdump module
it will try to take a network crash dump.  It also uses the netdump address
information for netlog, which cannot be configured separately.  And so, if you
only configure syslog, then it is expected that netlog and netdump will send
packets to the broadcast address.

In RHEL 4, all three options (syslog, netlog, and netdump) can be configured

I'm guessing the crashing system never takes a netdump because there is no
netdump server on the network.

Note You need to log in before you can comment on or make changes to this bug.