-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have observed that, sometimes, when the modem connection goes down, the pppd daemon doesn't always call ip-down - or rather, not /etc/ppp/ip-down.local. The pppd daemon calls /etc/ppp/ip-up when the connection goes up, and /etc/ppp/ip-down when it goes down. Those scripts, written by SuSE, call in turn /etc/ppp/ip-up.local and /etc/ppp/ip-down.local, where we can place our customization. I employ those scripts (.local) to launch mail fetch/send cycles and a few things more, like clock sync. In fact, ip-down is a symlink to ip-up: there is only one script, but with two different sections based on the basename. The "down" section code of ip-down contains this: ip-down) restore_nameservers isdn_restartinterface start_firewall # call ip-down.local if it exists and is executable: if test -x /etc/ppp/ip-down.local ; then /etc/ppp/ip-down.local "$@" | logger -p security.notice -t ip-down.local > /dev/null & fi ... For example, tonight it failed. I can see that the pppd daemon calls ip-down: Nov 7 23:58:29 nimrodel pppd[7913]: Terminating connection due to lack of activity. Nov 7 23:58:29 nimrodel pppd[7913]: Connect time 4.4 minutes. Nov 7 23:58:29 nimrodel pppd[7913]: Sent 29179 bytes, received 144156 bytes. Nov 7 23:58:29 nimrodel pppd[7913]: Script /etc/ppp/ip-down started (pid 9097) Nov 7 23:58:29 nimrodel pppd[7913]: sent [LCP TermReq id=0x6 "Link inactive"] Nov 7 23:58:29 nimrodel pppd[7913]: rcvd [LCP TermAck id=0x6] Nov 7 23:58:29 nimrodel pppd[7913]: Connection terminated. Nov 7 23:58:29 nimrodel pppd[7913]: Waiting for 1 child processes... Nov 7 23:58:29 nimrodel pppd[7913]: script /etc/ppp/ip-down, pid 9097 * Nov 7 23:58:30 nimrodel pppd[7913]: Terminating on signal 15 * Nov 7 23:58:30 nimrodel pppd[7913]: sending SIGTERM to process 9097 * Nov 7 23:58:30 nimrodel pppd[7913]: Exit. Nov 7 23:58:29 nimrodel snort: pcap_loop: recvfrom: Network is down But ip-down does not run, it doesn't print anything. Normally, it would print something like this, at least: Nov 4 03:27:39 nimrodel ip-down: SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled. _________________________^^^^^^^ but sometimes, like tonight, it doesn't print. Some times it runs, sometimes it doesn't. An intermittent failure... In fact, looking again at it, I think pppd is killing the script ip-down ("sending sigterm..."). Why? When it works, the log is somewhat different (the differences are marked with an *): Nov 7 21:52:41 nimrodel pppd[32132]: Terminating connection due to lack of activity. Nov 7 21:52:41 nimrodel pppd[32132]: Connect time 3.5 minutes. Nov 7 21:52:41 nimrodel pppd[32132]: Sent 42882 bytes, received 86405 bytes. Nov 7 21:52:41 nimrodel pppd[32132]: Script /etc/ppp/ip-down started (pid 649) Nov 7 21:52:41 nimrodel pppd[32132]: sent [LCP TermReq id=0x6 "Link inactive"] Nov 7 21:52:41 nimrodel pppd[32132]: rcvd [LCP TermAck id=0x6] Nov 7 21:52:41 nimrodel pppd[32132]: Connection terminated. Nov 7 21:52:41 nimrodel pppd[32132]: Waiting for 1 child processes... Nov 7 21:52:41 nimrodel pppd[32132]: script /etc/ppp/ip-down, pid 649 * Nov 7 21:52:44 nimrodel pppd[32132]: Script /etc/ppp/ip-down finished (pid 649), status = 0x0 Nov 7 21:52:44 nimrodel pppd[32132]: Exit. Where should I loot at? Ideas? (I have SuSE 9.3, but I have seen this behavior previously, I think). - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDb+wqtTMYHG2NR9URAgKIAKCTtA0+45JphEBe0igV5gCQpwbOBgCfajcd Qsq5AMZf/w4UQn1SFf4XNQs= =SAVJ -----END PGP SIGNATURE-----