These log messages refer to the IPV4 category.
2.27.1. [ID: 466] Invalid IP header checksum
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Invalid IP header checksum.
- Default Log Severity
- Warning
- Parameters
- chksum, calcchksum, pkt
- Explanation
- The received packet IP header checksum was invalid.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- This log message can be disabled by the IPSettings:LogCheckSumErrors setting.
2.27.2. [ID: 518] Invalid header length
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Invalid header length.
- Default Log Severity
- Warning
- Parameters
- pktlen, hdrlen, pkt
- Explanation
- The received packet IP header specifies an invalid length. The IP Header length can never be smaller than 20 bytes or longer
than the total packet length.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- This packet is severely broken. If the packet sender is one of your network devices, investigate why the unit is sending malformed
packets. This log message can be disabled by the IPSettings:LogNonIP4 setting.
2.27.3. [ID: 166] Bad IP version
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Bad IP version.
- Default Log Severity
- Warning
- Parameters
- ipver, pkt
- Explanation
- The received packet has a disallowed IP version. This typically means that there is a mismatch between the IP packet and a
lower layer protocol (such as Ethernet).
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- This packet is severely broken. If the packet sender is one of your network devices, investigate why the unit is sending malformed
packets. This log message can be disabled by the IPSettings:LogNonIP4 setting.
2.27.4. [ID: 136] Non-zero IP Reserved Field
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Non-zero IP Reserved Field.
- Default Log Severity
- Warning
- Parameters
- flow, pkt, user, userid
- Explanation
- The reserved field in the IPv4 header was found to be set. According to standards, this field should always be zero.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPRF setting can be changed to control the gateway's behavior for packets with the reserved field set.
2.27.5. [ID: 568] Non-zero IP Reserved Field
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Non-zero IP Reserved Field.
- Default Log Severity
- Notice
- Parameters
- flow, pkt, user, userid
- Explanation
- The reserved field in the IPv4 header was found to be set. According to standards, this field should always be zero.
- Gateway Action
- Allow
- Action Description
- None
- Proposed Action
- The IPSettings:IPRF setting can be changed to control the gateway's behavior for packets with the reserved field set.
2.27.6. [ID: 228] Non-zero IP Reserved Field
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Non-zero IP Reserved Field.
- Default Log Severity
- Warning
- Parameters
- flow, pkt, user, userid
- Explanation
- The reserved field in the IPv4 header was found to be set. According to standards, this field should always be zero.
- Gateway Action
- Strip
- Action Description
- None
- Proposed Action
- The IPSettings:IPRF setting can be changed to control the gateway's behavior for packets with the reserved field set.
2.27.7. [ID: 140] Option too large for option space
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Option too large for option space.
- Default Log Severity
- Warning
- Parameters
- option, avail, len, flow, pkt, user, userid
- Explanation
- The IP option is malformed. The claimed option does not fit within the option length of the packet.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- If the packet sender is one of your network devices, investigate why the unit is sending broken IP options.
2.27.8. [ID: 141] Invalid option length
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Invalid option length.
- Default Log Severity
- Warning
- Parameters
- option, avail, minlen, flow, pkt, user, userid
- Explanation
- The IP option type is of multi-byte type which requires at least two bytes. The size of the option with option number option had less than two bytes.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- If the packet sender is one of your network devices, investigate why the unit is sending malformed IP options.
2.27.9. [ID: 509] Received unknown IP option
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Received unknown IP option.
- Default Log Severity
- Notice
- Parameters
- option, flow, pkt, user, userid
- Explanation
- The packet contained an IP option other than Source Route, Timestamp and Router Alert.
- Gateway Action
- Allow
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_OTHER setting can be changed to control the gateway's behavior for packets with an IP option other than Source Route, Timestamp
and Router Alert.
2.27.10. [ID: 587] Received unknown IP option
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Received unknown IP option.
- Default Log Severity
- Warning
- Parameters
- option, flow, pkt, user, userid
- Explanation
- The packet contained an IP option other than Source Route, Timestamp and Router Alert.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_OTHER setting can be changed to control the gateway's behavior for packets with an IP option other than Source Route, Timestamp
and Router Alert.
2.27.11. [ID: 331] IP data is larger than the maximum allowed[...]
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- IP data is larger than the maximum allowed size.
- Default Log Severity
- Warning
- Parameters
- ipproto, maxlen, paylen, pkt
- Explanation
- Total IP payload is larger than the maximum allowed size for the given protocol. For fragmented traffic this is the size of
the reassembled payload, otherwise it is the data portion of one single packet.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- If the network supports packets of this size (and this is a desired property of the network), modify the size limit settings
(LengthLimSettings:MaxTCPLen, LengthLimSettings:MaxUDPLen, LengthLimSettings:MaxICMPLen, LengthLimSettings:MaxGRELen, LengthLimSettings:MaxESPLen, LengthLimSettings:MaxAHLen, LengthLimSettings:MaxSKIPLen, LengthLimSettings:MaxOSPFLen, LengthLimSettings:MaxIPIPLen, LengthLimSettings:MaxIPCompLen, LengthLimSettings:MaxL2TPLen and LengthLimSettings:MaxOtherSubIPLen) accordingly. This log message can be turned off by modifying the LengthLimSettings:LogOversizedPackets setting.
2.27.12. [ID: 1015] Packet too big
- Log Categories
- IPV4,STATELESS,PMTU
- Log Message
- Packet too big.
- Default Log Severity
- Information
- Parameters
- mtu, iplen, flow, pkt, user, userid
- Explanation
- Packet was rejected in accordance with RFC 1191, since it was larger (iplen bytes) than the next-hop MTU (mtu bytes).
- Gateway Action
- Reject
- Action Description
- An ICMP error destination unreachable, fragment needed and DF set, was returned to the sender
- Proposed Action
- This is a normal part of the path-MTU discovery process. In the unlikely case where the path-MTU discovery process is becoming
a performance bottleneck, consider manually modifying the next-hop MTU.
2.27.13. [ID: 1016] Packet too big
- Log Categories
- IPV4,STATELESS,PMTU
- Log Message
- Packet too big.
- Default Log Severity
- Warning
- Parameters
- mtu, iplen, flow, pkt, user, userid
- Explanation
- Packet was dropped because it was too large (iplen bytes) in order to be properly forwarded to the next hop (with an MTU of mtu bytes). No ICMP error (fragmentation needed) was sent to the source to notify about this condition. Most likely the upper
limit of ICMP errors per second had been reached, but this can also be a sign of severe resource starvation. This breaks proper
path-MTU discovery as described by RFC 1191 and may cause network malfunction.
- Gateway Action
- Drop
- Action Description
- Packet was silently lost; the system failed to send an ICMP error
- Proposed Action
- Review the upper limit of ICMP errors per second (ICMPSettings:ICMPSendPerSecLimit) to see if there is a bottleneck. While not being the preferred solution, a workaround may be to manually update the next-hop
MTU at certain routes.
2.27.14. [ID: 371] Received RA IP option
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Received RA IP option.
- Default Log Severity
- Notice
- Parameters
- option, flow, pkt, user, userid
- Explanation
- The packet contained a Router Alert IP option, which according to configuration is allowed.
- Gateway Action
- Allow
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_RTRALT setting can be changed to control the gateway's behavior for packets with Router Alert options.
2.27.15. [ID: 334] Invalid RA option length
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Invalid RA option length.
- Default Log Severity
- Warning
- Parameters
- option, optlen, flow, pkt, user, userid
- Explanation
- The length specified in the Router Alert IP option was invalid.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_RTRALT setting can be changed to control the gateway's behavior for packets with Router Alert options.
2.27.16. [ID: 205] Received RA IP option
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Received RA IP option.
- Default Log Severity
- Warning
- Parameters
- option, flow, pkt, user, userid
- Explanation
- The packet contained a Router Alert IP option, which according to configuration is disallowed.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_RTRALT setting can be changed to control the gateway's behavior for packets with Router Alert options.
2.27.17. [ID: 549] Packet too small for ip header
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Packet too small for ip header.
- Default Log Severity
- Warning
- Parameters
- pktlen, pkt
- Explanation
- The received packet is too small to contain an IP header.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- This packet is severely broken. If the packet sender is one of your network devices, investigate why the unit is sending malformed
packets. This log message can be disabled by the IPSettings:LogNonIP4 setting.
2.27.18. [ID: 234] Received Source Route IP option
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Received Source Route IP option.
- Default Log Severity
- Notice
- Parameters
- option, flow, pkt, user, userid
- Explanation
- The packet contained a Source Route IP option, which according to configuration is allowed.
- Gateway Action
- Allow
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_SR setting can be changed to control the gateway's behavior for packets with source or return routes.
2.27.19. [ID: 108] Invalid SR option length
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Invalid SR option length.
- Default Log Severity
- Warning
- Parameters
- option, optlen, type, flow, pkt, user, userid
- Explanation
- The length specified in the source/return routes IP option was invalid.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_SR setting can be changed to control the gateway's behavior for packets with source or return routes.
2.27.20. [ID: 176] Invalid SR pointer
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Invalid SR pointer.
- Default Log Severity
- Warning
- Parameters
- option, ptr, flow, pkt, user, userid
- Explanation
- A route pointer in the source/return route IP option was invalid since it not aligned on a 4-byte boundary.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_SR setting can be changed to control the gateway's behavior for packets with source or return routes.
2.27.21. [ID: 517] Received Source Route IP option
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Received Source Route IP option.
- Default Log Severity
- Warning
- Parameters
- option, flow, pkt, user, userid
- Explanation
- The packet contained a Source Route IP option, which according to configuration is disallowed.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_SR setting can be changed to control the gateway's behavior for packets with source or return routes.
2.27.22. [ID: 196] Multiple source or return routes in SR IP[...]
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Multiple source or return routes in SR IP option.
- Default Log Severity
- Warning
- Parameters
- option, flow, pkt, user, userid
- Explanation
- Multiple source or return routes were specified in the Source Route IP option.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_SR setting can be changed to control the gateway's behavior for packets with source or return routes.
2.27.23. [ID: 469] Non-zero IP TOS field
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Non-zero IP TOS field.
- Default Log Severity
- Notice
- Parameters
- value, flow, pkt, user, userid
- Explanation
- The Type of Service (TOS) field in the IPv4 header was non-zero. The TOS field may be used by Differentiated Services to group
traffic into different traffic classes.
- Gateway Action
- Allow
- Action Description
- None
- Proposed Action
- The IPSettings:TrafficClass setting can be changed to control the gateway's behavior for packets with the TOS field set.
2.27.24. [ID: 149] Non-zero IP TOS field
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Non-zero IP TOS field.
- Default Log Severity
- Warning
- Parameters
- value, flow, pkt, user, userid
- Explanation
- The Type of Service (TOS) field in the IPv4 header was non-zero. The TOS field may be used by Differentiated Services to group
traffic into different traffic classes.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:TrafficClass setting can be changed to control the gateway's behavior for packets with the TOS field set.
2.27.25. [ID: 467] Non-zero IP TOS field
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Non-zero IP TOS field.
- Default Log Severity
- Warning
- Parameters
- value, flow, pkt, user, userid
- Explanation
- The Type of Service (TOS) field in the IPv4 header was non-zero. The TOS field may be used by Differentiated Services to group
traffic into different traffic classes.
- Gateway Action
- Strip
- Action Description
- None
- Proposed Action
- The IPSettings:TrafficClass setting can be changed to control the gateway's behavior for packets with the TOS field set.
2.27.26. [ID: 175] Received TS IP option
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Received TS IP option.
- Default Log Severity
- Notice
- Parameters
- option, flow, pkt, user, userid
- Explanation
- The packet contained the Timestamp IP option, which according to configuration is allowed.
- Gateway Action
- Allow
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_TS setting can be changed to control the gateway's behavior for packets with the Timestamp IP option.
2.27.27. [ID: 354] Invalid TS option length
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Invalid TS option length.
- Default Log Severity
- Warning
- Parameters
- option, optlen, flow, pkt, user, userid
- Explanation
- The length specified in the Timestamp IP option was invalid.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_TS setting can be changed to control the gateway's behavior for packets with the Timestamp IP option.
2.27.28. [ID: 198] Invalid TS pointer
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Invalid TS pointer.
- Default Log Severity
- Warning
- Parameters
- option, ptr, flow, pkt, user, userid
- Explanation
- A time stamp pointer in the Timestamp IP option was invalid.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_TS setting can be changed to control the gateway's behavior for packets with the Timestamp IP option.
2.27.29. [ID: 589] Invalid TS pointer with overflow
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Invalid TS pointer with overflow.
- Default Log Severity
- Warning
- Parameters
- option, ptr, value, flow, pkt, user, userid
- Explanation
- A packet was received with an invalid Timestamp pointer and overflow.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_TS setting can be changed to control the gateway's behavior for packets with the Timestamp IP option.
2.27.30. [ID: 557] Received TS IP option
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Received TS IP option.
- Default Log Severity
- Warning
- Parameters
- option, flow, pkt, user, userid
- Explanation
- The packet contained the Timestamp IP option, which according to configuration is disallowed.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_TS setting can be changed to control the gateway's behavior for packets with the Timestamp IP option.
2.27.31. [ID: 233] Multiple time stamps in TS IP option
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Multiple time stamps in TS IP option.
- Default Log Severity
- Warning
- Parameters
- flow, pkt, user, userid
- Explanation
- Multiple time stamps were specified in the IP option.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:IPOPT_TS setting can be changed to control the gateway's behavior for packets with the Timestamp IP option.
2.27.32. [ID: 442] TTL is zero
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- TTL is zero.
- Default Log Severity
- Warning
- Parameters
- flow, pkt, user, userid
- Explanation
- An IPv4 packet with a TTL value of zero was received and dropped. Transmission of IPv4 packets with a TTL value of zero violates
the IP specification and should be dropped.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- This log message can be disabled by the IPSettings:LogReceivedTTL0 setting.
2.27.33. [ID: 298] TTL expired
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- TTL expired.
- Default Log Severity
- Warning
- Parameters
- flow, pkt, user, userid
- Explanation
- An IPv4 packet with a TTL=1 was received. The packet was to be forwarded, at which point TTL reached zero and the packet had
to be dropped.
- Gateway Action
- Drop
- Action Description
- The packet has been dropped
- Proposed Action
- This log message is only possible when IPSettings:TTLMin is set to 1. Whether to log and/or reject can be controlled by the MiscSettings:TTL0OnFwd setting.
2.27.34. [ID: 503] TTL expired
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- TTL expired.
- Default Log Severity
- Warning
- Parameters
- flow, pkt, user, userid
- Explanation
- An IPv4 packet with a TTL=1 was received. The packet was to be forwarded, at which point TTL reached zero and the packet had
to be dropped.
- Gateway Action
- Reject
- Action Description
- An ICMP error (TTL EXCEED) has been sent to the source IP of the packet
- Proposed Action
- This log message is only possible when IPSettings:TTLMin is set to 1. Whether to log and/or reject can be controlled by the MiscSettings:TTL0OnFwd setting.
2.27.35. [ID: 405] TTL too low
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- TTL too low.
- Default Log Severity
- Notice
- Parameters
- value, min, flow, pkt, user, userid
- Explanation
- An IPv4 packet with a TTL value less than the configured minimum value was detected.
- Gateway Action
- Allow
- Action Description
- None
- Proposed Action
- The IPSettings:TTLMin value should be larger than 3 to prevent a user to map routers behind the firewall, i.e. firewalking. In order to support
trace-route applications, the IPSettings:TTLMin value needs to be set to 1.
2.27.36. [ID: 185] TTL too low
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- TTL too low.
- Default Log Severity
- Warning
- Parameters
- value, min, flow, pkt, user, userid
- Explanation
- An IPv4 packet with a TTL value less than the configured minimum value was detected.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:TTLMin value should be larger than 3 to prevent a user to map routers behind the firewall, i.e. firewalking. In order to support
trace-route applications, the IPSettings:TTLMin value needs to be set to 1.
2.27.37. [ID: 409] TTL too low
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- TTL too low.
- Default Log Severity
- Warning
- Parameters
- value, min, flow, pkt, user, userid
- Explanation
- An IPv4 packet with a TTL value less than the configured minimum value was detected.
- Gateway Action
- Reject
- Action Description
- None
- Proposed Action
- The IPSettings:TTLMin value should be larger than 3 to prevent a user to map routers behind the firewall, i.e. firewalking. In order to support
trace-route applications, the IPSettings:TTLMin value needs to be set to 1.
2.27.38. [ID: 131] Packet too small for L4 header
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- Packet too small for L4 header.
- Default Log Severity
- Warning
- Parameters
- ipproto, paylen, pkt
- Explanation
- The received packet is too short to contain an L4 header of the specified protocol.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- This packet is severely broken. If the packet sender is one of your network devices, investigate why the unit is sending malformed
packets. This log message can be disabled by the IPSettings:LogNonIP4 setting.
2.27.39. [ID: 156] IP length is larger than packet
- Log Categories
- IPV4,STATELESS,VALIDATE
- Log Message
- IP length is larger than packet.
- Default Log Severity
- Warning
- Parameters
- ipproto, pktlen, iplen, pkt
- Explanation
- The received packet IP total length is larger than the received transport data.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- This packet is severely broken. If the packet sender is one of your network devices, investigate why the unit is sending malformed
packets. This log message can be disabled by the IPSettings:LogNonIP4 setting.
cOS Stream 4.00.03 Log Reference Guide
