1 Reply Latest reply: Oct 27, 2011 6:18 AM by 895652 RSS

    IPFilter: Packet gets blocked eventhough it should pass

    895652
      Hi all,

      In output of ipfstat, what is packet state(in) and packet state(out)? I get lost packets even when my state table is not full (i.e number of active entries(77)(from ipfstat -s command) in state table are much less than fr_statemax (16052)(from ipf -T list | grep state)). What may be the reason for this?
      what is fr_statesize in ipf -T list | grep state output.
      My Solaris10 system has IP Filter: v4.1.9 (592).

      *> ipfstat*

      bad packets: in 0 out 0
      IPv6 packets: in 0 out 0
      input packets: blocked 17387 passed 2719576 nomatch 550284 counted 0 short 0
      output packets: blocked 270 passed 3198584 nomatch 1179066 counted 0 short 0
      input packets logged: blocked 17387 passed 0
      output packets logged: blocked 270 passed 0
      packets logged: input 0 output 0
      log failures: input 0 output 0
      fragment state(in): kept 0 lost 0 not fragmented 0
      fragment state(out): kept 0 lost 0 not fragmented 0
      packet state(in):       kept 22459      lost 133
      packet state(out):      kept 61873      lost 24129
      ICMP replies: 0 TCP RSTs sent: 4736
      Invalid source(in): 0
      Result cache hits(in): 0 (out): 0
      IN Pullups succeeded: 360 failed: 0
      OUT Pullups succeeded: 401 failed: 0
      Fastroute successes: 4736 failures: 0
      TCP cksum fails(in): 0 (out): 0
      IPF Ticks: 141315
      Packet log flags set: (0)

      *> ipfstat -s*
      IP states added:
      6033 TCP
      9804 UDP
      70993 ICMP
      3735144 hits
      1915993 misses
      0 maximum
      0 no memory
      *77 active*
      0 expired
      0 closed
      State logging enabled

      State table bucket statistics:
      76 in use
      0 max bucket
      0.82% bucket usage
      0 minimal length
      2 maximal length
      1.013 average length

      *> ipf -T list | grep state*
      fr_statemax     min 0x1 max 0x7fffffff  current 16052
      fr_statesize    min 0x1 max 0x7fffffff  current 9233
      fr_state_lock min 0 max 0x1 current 0
      fr_state_maxbucket min 0x1 max 0x7fffffff current 28
      fr_state_maxbucket_reset min 0 max 0x1 current 1
      ipstate_logging min 0 max 0x1 current 1
      state_flush_level_hi min 0x1 max 0x64 current 95
      state_flush_level_lo min 0x1 max 0x64 current 75

      Edited by: 892649 on Oct 21, 2011 5:06 AM