Re: OOW: IPFilter 4.1.8 and pfil 2.1.6 running on Solaris 8

Laurent Blume wrote:
> It's not reproduceable per se, but it happens all the time. I'm going to
> get a snoop on both sides this afternoon, and send that direct to you.
> Thanks Darren!

Hmmm, actually, it's now also blocking packets without the OOW flag:

May 15 14:34:39 osiris ipmon[182]: [ID 702911 local0.notice]
14:34:39.042517 e1000g0 @0:17 b 144.204.65.4,44422 -> 144.204.16.1,3128
PR tcp len 20 48 -S IN

I don't get it?

Oh, note that not *all* those connections are blocked, only a fraction.
Since this is a proxy, there's a lot of traffic getting in, and most of
it is working. Sometimes, though, the users get a "Connection refused";
and a retry is enough.

Also, the calling party is also blocking packets (IPF 3.4.33 there):
May 15 14:37:22 onera ipmon[25422]: [ID 702911 local0.notice]
14:37:22.328907 ce0 @200:4 b 144.204.16.1,3128 -> 144.204.65.4,51954 PR
tcp len 20 1500 -AP IN

But the rule blocking them is really a block, and my guess is that the
'keep state' does not work properly because the re are packets already
dropped on the other side.

Hmmm, am I clear there? I'm kinda lost myself with those drops, I've
read and re-read again the rules, they look ok to me. And they work --
most of the time.

Laurent