Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ssh client_loop send disconnnect from Dom0 -> DomU (NetBSD 10.0_BETA/Xen)



Hello,

On 25.06.23 07:49, Matthias Petermann wrote:

4) Run the test with tcpdump from DomU -> this is currently ongoing. I will followup as soon I have the results.

This is the follow-up I promised. I was lucky this morning to catch one occurance of the issue while tcpdump was running in the DomU. Because of the huge volume, I just captured the meta data (default output of tcpdump to stdout) and even here, the resulting log grow quickly to 5 GB. So I cut it down to the relevant time window and uploaded it here:

https://paste.petermann-it.de/?2ea9787bbff024f4#71N5aXYoQTdDq3tXVxBXjfmDAuw9Wdof3Dkyim99xcYG

For better classification, here is the rough timelime of the events I'd like to comment below:

1) 08:52:07.595169

Begin active monitoring
Continuous ssh package flow from srv-net.lan (DomU) -> vhost2.lan (Dom0)

2) 08:52:07.595831

Notified a lot of ARP related traffic
ssh package flow seems to be slowed down / paused
Client (ssh) reported "Connection to srv-net.lan closed by remote host."

3) 08:52:21.xxxxxx

Client (backup script) reported that it created a new ssh connection to
the remote host and started the next dump.


Somewhere between 2) and 3) there should be the answer to the question. Please apologize for the noise in the log file this host is quite busy and I fear that removing lines that I consider unrelated might result in unintentional misdirection of the analysis.

So far, thanks for all your time support and valuable support - it helps a lot to understand the system even better.

Kind regards
Matthias

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature



Home | Main Index | Thread Index | Old Index