Author: jdjohnson 
Date:   29-02-00 16:00

Has anyone noticed that ipmon freaked out after the Leap Year (Feb 29)?

On my gateway machine (FreeBSD 3.4 with IPFilter 3.3.10) ipmon is logging everything as 12/31/1969.


 RE: IPFilter
Author: Dan Langille 
Date:   29-02-00 21:11

I suspect your PC. My box had no such problems:

Feb 29 21:20:29 ducky ipmon[228]: 21:20:28.508306 ed0 @10:1 b [snip],4000 -> [snip],2969 PR udp len 20 93 IN

 RE: IPFilter
Author: jdjohnson 
Date:   29-02-00 23:22


All other logs being kept by syslog have the correct date. The computer BIOS has the correct date. Xntpd is working like a charm. So I don't think its my PC. (by the way its a Compaq DeskPro ES. PII 350, BIOS dated mid 1999, 64Mb RAM)

I'm running ipmon from rc.d with the following command line:

ipmon -an /var/log/ipf.log

Unlike your example, I'm logging directly to a file and not through syslog.

I just noticed that ipmon finally core dumped. I check that to see if I spot anything. Otherwise I'll recompile/reinstall IPFilter and see if the problem is corrected.


 RE: IPFilter
Author: Dan Langille 
Date:   01-03-00 00:16

I just posted a message to the ipfilter mailing list (

 RE: IPFilter
Author: Dan Langille 
Date:   01-03-00 00:38

This from Darren Reed:

Because IP Filter uses your system library to print out date information
like this, if your libc is up the creek or your system for some reason has
bad timezone info, etc, then what ipmon prints will not be what you expect.


 RE: IPFilter
Author: jdjohnson 
Date:   01-03-00 16:01

Thanks Dan,

I saw your post on the IPFilter mailing list and I posted some more info to Darren there.

Here are the steps I've taken so far:

1. I wiped my hard drive and reinstalled FreeBSD 3.4-STABLE from CD-ROM ISO image.

2. Installed CVSUP from the ports tree

3. updated src, crypto, and ports via CVSUP

4. make buildworld
make installworld

5. configured a kernel config file (FBSD) for my hardware and rebuilt the kernel, rebooted

6. untarred ip-fil3.3.10.tar.gz in the /usr/ports/net directory

7. cd ip_fil3.3.10
make freebsd-3
make install-bsd

8. rebuilt the kernel (config FBSD, make depend, make, make install)

9 rebooted

10. put in /usr/local/etc/rc.d, contains:
ipf -Fa
ipf -f /usr/local/etc/ipf.config && echo -n ' ipf'
ipmon -sn /var/log/ipf.log && echo -n ' ipmon'

11. ran ./

ipf runs great, i've verified that the rules are loades both via ipfstat -i and through testing, ipmon still logs everything as 12/31/1969 for about 20 min then core dumps

I tried using syslog to log from ipmon (ipmon -s -n) with appropriate entries in syslog.conf (local0.notice, etc) but ipmon immediately core dumps when executed with this setup.

Can you see anything I've missed?


 RE: IPFilter
Author: jdjohnson 
Date:   01-03-00 16:26

Hang on, never mind.

Here's my problem.

Part of the output of "locate ipmon" is:


Seems as the ip-fil3.3.10 install put ipmon in a different directory that the original FreeBSD install. The /usr/local/bin/ipmon is the newer file. After updating to point to this file instead of /usr/sbin/ipmon everything wroks as expected.

Thanks to you and Darren for looking at all my posts!


 RE: IPFilter
Author: jdjohnson 
Date:   01-03-00 17:07

Oh dear!

<</uer/local/bin/ipmon>> should be <</usr/local/bin/ipmon>>
<< directory that the original >> should be << directory than the original >>
<<everything wroks as expected>> should be <<everything works as expected>>

Where's that proof reading program i've been looking for?!

Thanks again,

 RE: IPFilter
Author: Dan Langille 
Date:   02-03-00 11:52

Glad you got it all fixed. BTW: that "double up on binaries" problem (i.e. ipmon in more than one place) is a common problem for those of us that wish to update directly from the ipfilter tarball. Althought I prefer this udpate method for IP Filter I recommend the use of ports for everything else. Darren and company have done such a good job with the ipf tarball that it is customized for FreeBSD (despite some slight differences in preferred locations).

