Tim Small
2009-Sep-10 16:12 UTC
[Logcheck-devel] Bug#546004: logcheck-database: logcheck kernel "Treason uncloaked" filter doesn't catch ipv6 addresses.
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
kernel log lines of the form:
...kernel: [1933150.816604] TCP: Treason uncloaked!
Peer 0000:0000:0000:0000:0000:ffff:d04e:3f6b:4038/80 shrinks window
2491430013:2491430014. Repaired.
are not caught by the current rules.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.31-rc5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- no debconf information
-------------- next part --------------
--- /tmp/kernel.old 2009-09-10 17:08:58.000000000 +0100
+++ /etc/logcheck/ignore.d.server/kernel 2009-09-10 17:09:24.000000000 +0100
@@ -5,7 +5,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:(
\[[[:digit:]]+\.[[:digit:]]+\])? icmpv6_send: no reply to icmp error$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:(
\[[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: link up\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:(
\[[[:digit:]]+\.[[:digit:]]+\])? ADDRCONF\(NETDEV_CHANGE\): [[:alnum:]]+: link
becomes ready$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:(
\[[[:digit:]]+\.[[:digit:]]+\])? TCP: Treason uncloaked! Peer
[.[:digit:]]{7,15}:[[:digit:]]{1,5}/[[:digit:]]{1,5} shrinks window
[[:digit:]]+:[[:digit:]]+\. Repaired\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:(
\[[[:digit:]]+\.[[:digit:]]+\])? TCP: Treason uncloaked! Peer
[[:xdigit:].:]{3,39}:[[:digit:]]{1,5}/[[:digit:]]{1,5} shrinks window
[[:digit:]]+:[[:digit:]]+\. Repaired\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[[[:digit:]]+\.[[:digit:]]+\])?
device-mapper: [-.[:alnum:]]+ \([-[:digit:]]{10}\) initialised: dm-devel at
redhat\.com$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[[[:digit:]]+\.[[:digit:]]+\])?
ACPI: PCI interrupt for device [[:alnum:]:.]+ disabled$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[[[:digit:]]+\.[[:digit:]]+\])?
ACPI: PCI Interrupt [[:alnum:]:.]+\[[AB]\] (-> Link \[LNK[AB]\] )?-> GSI
[0-9]+ \(level, low\) -> IRQ [0-9]+$
Debian Bug Tracking System
2010-Feb-22 21:45 UTC
[Logcheck-devel] Bug#546004: marked as done (logcheck-database: logcheck kernel "Treason uncloaked" filter doesn't catch ipv6 addresses.)
Your message dated Mon, 22 Feb 2010 21:42:58 +0000 with message-id <E1Njg3O-00014Q-Hq at ries.debian.org> and subject line Bug#546004: fixed in logcheck 1.3.7 has caused the Debian Bug report #546004, regarding logcheck-database: logcheck kernel "Treason uncloaked" filter doesn't catch ipv6 addresses. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 546004: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546004 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Tim Small <tim at buttersideup.com> Subject: logcheck-database: logcheck kernel "Treason uncloaked" filter doesn't catch ipv6 addresses. Date: Thu, 10 Sep 2009 17:12:40 +0100 Size: 4473 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20100222/e2cf1790/attachment-0002.eml> -------------- next part -------------- An embedded message was scrubbed... From: Hannes von Haugwitz <hannes at vonhaugwitz.com> Subject: Bug#546004: fixed in logcheck 1.3.7 Date: Mon, 22 Feb 2010 21:42:58 +0000 Size: 7080 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20100222/e2cf1790/attachment-0003.eml>