kernel: martian messages
Seann Clark
nombrandue at tsukinokage.net
Fri Oct 31 13:59:25 UTC 2008
Frank Cox wrote:
> On Thu, 30 Oct 2008 16:23:34 -0700
> Aldo Foot <lunixer at gmail.com> wrote:
>
>
>> Oct 28 08:53:28 myhost kernel: martian source 255.255.255.255 from
>>
>
>
>> what do they mean?
>>
>
> A "martian source" is an invalid IP address. In your case, 255.255.255.255 is
> the IP address. It's impossible for that to be a valid address, not least
> because *.*.*.255 is a broadcast address.
>
>
A little clarification, a "martian source" isn't strictly an invalid IP.
It is usually triggered when the kernel routing table doesn't match
where it expects the IP address. I see this a lot on my firewall, but
that is because both my ISP and myself use a 10.x.x.x private IP range
that overlaps. They use it for the management of the cable modems, and I
use it for more traditional uses. This results in my firewalls Kernel
expecting 10.x to come in on eth3, not eth1 so the kernel fires off a
martian source message with the details of the problem.
In terms of a broadcast range, since most proper broadcasts on more up
to date TCP stacks use x.x.x.255 as the broadcast, not a full 'every
network possible' broadcast (255.255.255.255) it will fire off an alert
that something it trying a mass broadcast that it doesn't expect (since
that broadcast range will not match its known route table). This
broadcast IP can be seen a lot on DHCP type setups, or other discovery
items on a computer. You can also see occasional 224-236.x.x.x ranges
fire off the same messages on the box, for multicast messages.
A good example of a non-invalid IP address message is off my
firewall(Sanitized a bit, of course):
Oct 29 01:39:08 fw kernel: martian source 192.168.1.1 from 68.10.11.12,
on dev eth1
Oct 29 01:39:08 fw kernel: ll header:
00:e0:81:2a:1f:b8:00:30:b8:c6:c3:90:08:00
Oct 29 01:39:11 fw kernel: martian source 192.168.1.1 from 68.10.11.12,
on dev eth1
Oct 29 01:39:11 fw kernel: ll header:
00:e0:81:2a:1f:b8:00:30:b8:c6:c3:90:08:00
Oct 29 01:39:11 fw kernel: martian source 192.168.1.1 from 68.10.11.12,
on dev eth1
Oct 29 01:39:11 fw kernel: ll header:
00:e0:81:2a:1f:b8:00:30:b8:c6:c3:90:08:00
To break it down simply, there is a problem with how the routes are
seeing the end results of my firewall as the wrong source (The internal
gateway versus the public IP) with eth1 being the interface with the 68
address assigned.
Not to completely shoot down the last response, but it is an invalid
address, that is true, same as any of the private IP ranges are seen on
the Internet.
Sorry for the long winded reply, but this was something I know pretty
well since I see it a lot.
Regards,
Seann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5614 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20081031/53abddda/attachment-0001.bin>
More information about the fedora-list
mailing list