John Logsdon <[EMAIL PROTECTED]> writes:
> Hi
>
> Can someone interpret the rule numbers and protocols in the diald debug
> facility please?
>
> I have chopped all my accept times down to 5 seconds in diald/phone.filter
> (with an impulse 30,0,0 to keep the link up for the first 30 secs) and
> this seems to work OK. Except after the link is dropped, debug 31 leads
> to the following message in my /var/log/messages file which prompts
> reconnection. Nothing happens and the link is dropped again and so on.
> Not a good idea.
>
> -------------------------------------------------------------------------
> Nov 20 09:10:53 mercury diald[16310]: filter accepted rule 6 proto 6 len
> 40 seq f4c760aa ack fd4deed3 flags FIN ACK packet 192.168.1.250,62889 =>
> 194.205.254.81,80
> -------------------------------------------------------------------------
>
> The 194.205.254.81 is obviously a web page from the port number but
> otherwise does not resolve to anything and I get no response from ping.
> The 192.168.1.250 is the local IP number that is replaced by the dynamic
> address.
>
> There is no protocol 6 in /etc/services and is the rule the 6th in the
> phone.filter file or what? Similar messages are found when pulling my
> mail so I don't want to filter them out at all.
FIN => the sending side wishes to close the connection.
ACK => acknowledging some data from the remote system (most packets
include ACKs).
Was this preceded by a SYN packet?
IP protocol number 6 is TCP (see /usr/include/netinet/in.h). A
40-byte TCP packet probably contains less than 10 characters (since
the IP and TCP headers also have to fit into the 40 bytes). You could
use /usr/sbin/tcpdump to dump the contents of these packets if you can
reproduce the effect.
This address appears to belong to: -
;; AUTHORITY SECTION:
254.205.194.in-addr.arpa. 2h59m28s IN SOA ns1.iii.co.uk. ...
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
