title: kernel panic not anymore logged as it used to be --- [size=7] first posted on [url=https://forums.gentoo.org/viewtopic-t-1041336.html#7898382]kernel panic not anymore logged as it used to be[/url], formatted for phpBB[/size] To follow here, download: http://www.croatiafidelis.hr/foss/cap/cap-160327-nft/dLo.sh and run it to download the rest of files from cap-160327-nft/ . There is also the yesterday morning's freeze dumpcap and corresponding messages lines: dump_160327_0902_g0n.pcap dump_160327_0902_g0n.messages The system froze again (but I think I know what it may be, in was in the post for me, but I had been all over, and kept forgetting about it; later below I tell all). First I checked carefully if there was no login information of mine in: dump_160327_1916_g0n.pcap and where it froze, can be seen in the excerpt from my /var/log/messages: dump_160327_1916_g0n.messages How did I check if there wasn't any login info in the PCAP? By mere rolling the entire PCAP in Wireshark? Would take really long. No. I used the script [b]tshark-http-uri.sh[/b] and after I ran it, I grep'ed the extracted text files for string 'login' and looked up those frame numbers in the PCAP. Then I tried to find in the PCAP a possible reason for the freeze of the system. Entering in the filter link: ip.src == 216.58.214.234 || (ip.src == 77.238.163.222) || (ip.dst == 64.233.184.95) || (ip.dst == 68.232.35.121) || (ip.dst == 54.239.158.19) didn't help (but I'm not an expert at all). (The mornings freeze will tell even less. There was no connecting to the internet at all.) This is also significant. You get it when you open to read the file in Wireshark, or with tshark. [code] tshark: The file "dump_160327_1916_g0n.pcap" appears to be damaged or corrupt. (pcapng_read_unknown_block: total block length 0 of an unknown block type is less than the minimum block size 12) [/code] But I'm afraid not even people from Netfilter could help. Because I didn't have the debugging of netfiler on (I remember vaguely seeing it in the kernel config, and I remember how some wrote somewhere it wasn't safe, and how people from Netfilter took care to point out, somewhere in their docs, that it was safe... Vaguely, sorry, working all over...). And so it'll probably remain mistery not solved for me. Because I figured out it probably was just: the code that I set up my Nftables with, the one from Archlinux (pls see that other topic: [url=https://forums.gentoo.org/viewtopic-t-1041028.html]A Firewalled Internet Access to Internal Subnet[/url] for this discussion about nft code files, was just an example... I should have reverted, and I did before I went on to post this, to the Nftables Gentoo Wiki Typical Workstation example instead. If you look up, there's e.g. the bootpc in that code. Completely no point using it in my system, I don't boot this machine from elsewhere on the network ;-) ... I wanted to tell more about what happened, as much as I could. But why no panic recorded in the logs? I really have no idea. Everything all of sudden quit working. Total freeze... And since it happened the two times (or even one more other time, but I didn't look up carefully back then) only after I 'nft -f ' in... And if it does not occur again, now that I reverted to Gentoo's Workstation example, I guess my assumption will stand. Regards! -- Ah, I forgot. Let me see... [code] $ grep ssl.keylog_file ~/.wireshark/preferences ssl.keylog_file: /home/miro/.sslkey.log $ [/code] ... If you want to see the traffic on the evening dumpcap, even if don't have your machine configured as per: Secure Socket Layer (SSL) https://wiki.wireshark.org/SSL you can do it with: [code] $ wireshark -o "ssl.keylog_file: dump_160327_1916_g0n_SSLKEYLOGFILE.log" dump_160327_1916_g0n.pcap [/code]