IPfilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ipfstat not clearing the state table - a similar problem?

from [Corey Johnston] [Permanent Link][Original]
To: "Darren Reed" <avalon@caligula.anu.edu.au>, ipfilter@coombs.anu.edu.au
Subject: Re: ipfstat not clearing the state table - a similar problem?
From: "Corey Johnston" <coreyj@gmail.com>
Date: Mon, 18 Dec 2006 22:51:13 +1100
Delivered-to: sp-com-lists@consult.net
Delivered-to: ipfilter-list@securepoint.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Go5zF9KEv81jbNP3IhlY7usmd4vdnnyumRBu42jttylwClwNVVNMfsNKjm5z6wqRnfy6USzcZi6sC9hhKFU/ojgqeqGaVAiTJNloR4W49dHbtCC9E9Nzs5b4pBBQ9xMvu+sR7B/BETjzKfIWtVckgZUF8tXuB33vmqRDDt6VJ9Y=
In-reply-to: <200612180840.kBI8e1ws013140@caligula.anu.edu.au>
References: <e2e114e10612171430h5a1a0f72k8b9c5de3cc0f2182@mail.gmail.com> <200612180840.kBI8e1ws013140@caligula.anu.edu.au>
Sender: owner-ipfilter@coombs.anu.edu.au
No worries Darren...

I've just recompiled and reloaded... Here is the output...
(NB: THe patch needed some slight adjustments as the 4.1.15 source I'm using referred to "sp->" and not "ips.")

[user@myhost]$ sudo ipfstat -s
IP states added:
        22 TCP
        356 UDP
        2 ICMP
        149950 hits
        109643 misses
        0 maximum
        0 no memory
        1 bkts in use
        5 active
        357 expired
        18 closed
State logging enabled

State table bucket statistics:
        1 in use
        0.00% bucket usage
        0 minimal length
        1 maximal length
        1.000 average length

and

[user@myhost]$ sudo ipfstat -dsl
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/6 bkt 17078
        tag 0 ttl 18446744073709479117
        3732 -> 80 47f55b88:3a67d2d 65535<<0:6432<<0
        cmsk 0000 smsk 0000 isc 0 s0 47f55a33/03a67804
        FWD:ISN inc 0 sumd 0
        REV:ISN inc 0 sumd 0
        forward: pkts in 5 bytes in 880 pkts out 6 bytes out 928
        backward: pkts in 3 bytes in 1461 pkts out 3 bytes out 1461
        pass out quick keep frags keep state    IPv4
        pkt_flags & 0(10000) = 1000,            pkt_options & ffffffff = 0, ffffffff = 0
        pkt_security & ffff = 0, pkt_auth & ffff = 0
        is_flx 0x1 0x1 0x1 0x1
        interfaces: in X[nge0/ffffffff81b04ae8],X[bge1/ffffffff81b04cb8] out X[bge1/ffffffff81b04cb8],X[nge0/ffffffff81b04ae8]
        ref 2 me 0 rule ffffffff85f63780 nat fffffd7fffdfe4c0
        tqehead 0/0
        Sync status: not synchronized
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/6 bkt 12702
        tag 0 ttl 18446744073709482654
        3730 -> 80 b643691:47ccb29 65535<<0:7658<<0
        cmsk 0000 smsk 0000 isc 0 s0 0b6432a1/0353a7e2
        FWD:ISN inc 0 sumd 0
        REV:ISN inc 0 sumd 0
        forward: pkts in 9073 bytes in 364387 pkts out 9074 bytes out 364435
        backward: pkts in 13721 bytes in 20022286 pkts out 13721 bytes out 20022286
        pass out quick keep frags keep state    IPv4
        pkt_flags & 0(10000) = 1000,            pkt_options & ffffffff = 0, ffffffff = 0
        pkt_security & ffff = 0, pkt_auth & ffff = 0
        is_flx 0x1 0x1 0x1 0x1
        interfaces: in X[nge0/ffffffff81b04ae8],X[bge1/ffffffff81b04cb8] out X[bge1/ffffffff81b04cb8],X[nge0/ffffffff81b04ae8]
        ref 2 me 0 rule ffffffff85f63780 nat fffffd7fffdfe4c0
        tqehead 0/0
        Sync status: not synchronized
 state 0/9 bkt 16343
        tag 0 ttl 18446744073709479100
        3728 -> 80 5d0170d2:2818abc 65535<<0:7504<<0
        cmsk 0000 smsk 0000 isc 0 s0 5d016d85/028184e4
        FWD:ISN inc 0 sumd 0
        REV:ISN inc 0 sumd 0
        forward: pkts in 6 bytes in 1588 pkts out 7 bytes out 1636
        backward: pkts in 5 bytes in 1703 pkts out 5 bytes out 1703
        pass out quick keep frags keep state    IPv4
        pkt_flags & 0(10000) = 1000,            pkt_options & ffffffff = 0, ffffffff = 0
        pkt_security & ffff = 0, pkt_auth & ffff = 0
        is_flx 0x1 0x1 0x1 0x1
        interfaces: in X[nge0/ffffffff81b04ae8],X[bge1/ffffffff81b04cb8] out X[bge1/ffffffff81b04cb8],X[nge0/ffffffff81b04ae8]
        ref 2 me 0 rule ffffffff85f63780 nat fffffd7fffdfe4c0
        tqehead 0/0
        Sync status: not synchronized
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9 bkt 18977
        tag 0 ttl 18446744073709479082
        3724 -> 80 bb93cb4f:1f0348a 65535<<0:6432<<0
        cmsk 0000 smsk 0000 isc 0 s0 bb93c9fa/01f02f60
        FWD:ISN inc 0 sumd 0
        REV:ISN inc 0 sumd 0
        forward: pkts in 5 bytes in 880 pkts out 6 bytes out 928
        backward: pkts in 4 bytes in 1501 pkts out 4 bytes out 1501
        pass out quick keep frags keep state    IPv4
        pkt_flags & 0(10000) = 1000,            pkt_options & ffffffff = 0, ffffffff = 0
        pkt_security & ffff = 0, pkt_auth & ffff = 0
        is_flx 0x1 0x1 0x1 0x1
        interfaces: in X[nge0/ffffffff81b04ae8],X[bge1/ffffffff81b04cb8] out X[bge1/ffffffff81b04cb8],X[nge0/ffffffff81b04ae8]
        ref 2 me 0 rule ffffffff85f63780 nat fffffd7fffdfe4c0
        tqehead 0/0
        Sync status: not synchronized



Cheers
Corey
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ipfstat not clearing the state table - a similar problem?, Corey Johnston
Next by Date:  Re: ipfstat not clearing the state table - a similar problem?, Corey Johnston
Previous by Thread:  Re: ipfstat not clearing the state table - a similar problem?, Corey Johnston
Next by Thread:  Re: ipfstat not clearing the state table - a similar problem?, Corey Johnston
Indexes:  [Date] [Thread] [Top] [All Lists]