Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 194045 - sys-apps/net-tools-1.60-r13 - netstat doesn't show correct source IP
Summary: sys-apps/net-tools-1.60-r13 - netstat doesn't show correct source IP
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Kernel Bug Wranglers and Kernel Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-09-28 01:23 UTC by Alex Efros
Modified: 2007-10-24 18:48 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Efros 2007-09-28 01:23:36 UTC 
I've two ADSL connections. One has static IP (85.90.198.1), another has dynamic IP (currently 91.124.210.213). I've configured default route to both ADSL simultaneously using iproute2 tool, to have internet connection even if one ADSL is down. But for things like outgoing SSH and SMTP connections I've configured routing using ADSL with static IP. This is done using FwMark for packets to tcp ports 22&25 at iptables mangle OUTPUT chain, and then using 'ip rule' to route packets with that FwMark.

While testing this configuration I've found netstat is incorrectly show source IP for my outgoing connection to 69.93.246.50:25 - it show my dynamic IP. But I've used wireshark, and it show my static IP in these tcp packets instead. Also I've checked netstat output on target server, and it also show my static iP.

Here is output of my local netstat:
tcp        0      0 91.124.210.213:41862    69.93.246.50:25         ESTABLISHED 4522/telnet
and here is output of remote netstat (running on 69.93.246.50):
tcp        0      0 69.93.246.50:25         85.90.198.1:41862       ESTABLISHED 9531/qmail-smtpd

I'm using up-to-date x86 system:
[ebuild   R   ] sys-apps/net-tools-1.60-r13  USE="nls -static" 0 kB 



Reproducible: Always




Portage 2.1.3.9 (hardened/x86/2.6, gcc-3.4.6, glibc-2.5-r4, 2.6.20-hardened-r6 i686)
=================================================================
System uname: 2.6.20-hardened-r6 i686 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Timestamp of tree: Wed, 26 Sep 2007 22:00:01 +0000
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.3.5-r3, 2.4.4-r5
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium-m -O2 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /service /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=pentium-m -O2 -pipe"
DISTDIR="/usr/portage-distfiles"
FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://ftp.uoi.gr/mirror/OS/gentoo/ http://ftp.lug.ro/gentoo/ http://mirror.qubenet.net/mirror/gentoo/"
LANG="ru_RU.KOI8-R"
LINGUAS="en ru"
MAKEOPTS="-j3"
PKGDIR="/usr/portage-packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/musicbrainz /usr/portage/local/layman/berkano /usr/portage/local/layman/vmware /usr/local/portage /usr/local/portage-power /usr/local/portage-rusxmms"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X Xaw3d aac acpi aim alsa apache2 arts asf avi bash-completion berkdb bitmap-fonts bzip2 cdr cracklib crypt cscope curl dbus dga divx4linux dlloader dri dts dvd dvdr dvdread encode ffmpeg flac flash gd gdbm gif gnutls gpgme gtk gtk2 hardened icq idn imagemagick imap imlib irc jabber javascript jpeg kdeenablefinal lirc lm_sensors lzo mad mailbox mbox midi mmx mng motif mp3 mpeg msn mysql ncurses nls nptl nptlonly ogg opengl oss pam pcre perl pic png pwdb qt quicktime rcc readline real rss rtc samba sdl slang spell sse sse2 ssl ssse3 svg sysfs tcltk tcpd tiff truetype truetype-fonts type1-fonts urandom vim-pager vim-with-x vorbis win32codecs x86 xinetd xorg xv xvid yahoo zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en ru" LIRC_DEVICES="serial" USERLAND="GNU" VIDEO_CARDS="vesa fbdev nv"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 SpanKY gentoo-dev 2007-09-28 19:38:20 UTC 
i doubt this is netstat screwing it up since netstat merely opens /proc/net/tcp and changes it to something more human readable

i imagine if you review /proc/net/tcp yourself, you'd see the same discrepancies
Comment 2 Maarten Bressers (RETIRED) gentoo-dev 2007-10-07 20:14:04 UTC 
So (as asked in comment #1) is it only netstat that shows you this incorrect source IP address, or do other tools give the same result?

Are you able to reproduce this with the latest development kernel (2.6.23-rc9 as of this writing)? Please post your kernel .config and dmesg output.
Comment 3 Maarten Bressers (RETIRED) gentoo-dev 2007-10-24 18:48:06 UTC 
Please reopen if/when you can provide the info requested in comment #2.