[Firehol-support] Re: DHCP Log Messages - Please HELP!

Wed Aug 24 03:10:53 CEST 2005

cougar <c0ugar7i8 at comcast.net> writes:

> I've been using Firehol on Debian for 3-4 weeks and I'm deeply
> troubled by this issue.
>
> I'm using ULOG for my logging. My syslogemu.log is filled up with the
> following lines...
>
> Aug 23 16:13:33 mercury IN-world: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:31:c2:08:00  SRC=10.125.144.1 DST=255.255.255.255
> LEN=355 TOS=00 PREC=0x00 TTL=64 ID=15592 PROTO=UDP SPT=67 DPT=68
> LEN=335

So, firehol logs all the DHCP broadcast messages to your logs.

[...]

> These requests come every 3-7 seconds.

You might consider setting your DHCP server to have a longer timeout, or
if eth1 is connected to your ADSL modem, just adding a 'client dhcp
accept' statement and the '255.255.255.255/32' address as a valid target
address on that interface.

[...]

> The reason why I'm so concerned is I think the constant logging is
> doing something to my network, 

Unless your system is very badly configured, this is extremely unlikely
to be true, especially as you report using the ULOG interface for these
messages.

> causing congestion, especially on VoIP applications. 

That is even less likely to be true, since the ULOG system does not
support reporting over the network and, as such, can't actually get in
the way of network traffic.

The one possible issue here is if you use an ancient hard disk, hard
disk controller, or a compact flash based drive to log to.

If the IDE subsystem is keeping IRQs masked during disk transactions,
any disk activity which, logically enough, includes log writes, could
cause an interrupt latency of more than 50ms, possibly resulting in
overruns and retransmissions on cheap network cards...

Check that interrupts are unmasked with hdparm, and see if that helps.

Otherwise, just stop logging out the DHCP packets.  You can use
statements like this to drop without logging:

    client dhcp drop

No log statement, nothing in the log.
   Daniel