Re: ipfstat not clearing the state table - a similar problem?
This is a discussion on Re: ipfstat not clearing the state table - a similar problem? within the IPFilter forums, part of the System Security and Security Related category; ------=_Part_10780_15227600.1166442673975 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline No ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-18-2006
|
|||
|
|||
Re: ipfstat not clearing the state table - a similar problem?
------=_Part_10780_15227600.1166442673975
Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline No worries Darren... I've just recompiled and reloaded... Here is the output... (NB: THe patch needed some slight adjustments as the 4.1.15 source I'm using referred to "sp->" and not "ips.") [user@myhost]$ sudo ipfstat -s IP states added: 22 TCP 356 UDP 2 ICMP 149950 hits 109643 misses 0 maximum 0 no memory 1 bkts in use 5 active 357 expired 18 closed State logging enabled State table bucket statistics: 1 in use 0.00% bucket usage 0 minimal length 1 maximal length 1.000 average length and [user@myhost]$ sudo ipfstat -dsl ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/6 bkt 17078 tag 0 ttl 18446744073709479117 3732 -> 80 47f55b88:3a67d2d 65535<<0:6432<<0 cmsk 0000 smsk 0000 isc 0 s0 47f55a33/03a67804 FWD:ISN inc 0 sumd 0 REV:ISN inc 0 sumd 0 forward: pkts in 5 bytes in 880 pkts out 6 bytes out 928 backward: pkts in 3 bytes in 1461 pkts out 3 bytes out 1461 pass out quick keep frags keep state IPv4 pkt_flags & 0(10000) = 1000, pkt_options & ffffffff = 0, ffffffff = 0 pkt_security & ffff = 0, pkt_auth & ffff = 0 is_flx 0x1 0x1 0x1 0x1 interfaces: in X[nge0/ffffffff81b04ae8],X[bge1/ffffffff81b04cb8] out X[bge1/ffffffff81b04cb8],X[nge0/ffffffff81b04ae8] ref 2 me 0 rule ffffffff85f63780 nat fffffd7fffdfe4c0 tqehead 0/0 Sync status: not synchronized ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/6 bkt 12702 tag 0 ttl 18446744073709482654 3730 -> 80 b643691:47ccb29 65535<<0:7658<<0 cmsk 0000 smsk 0000 isc 0 s0 0b6432a1/0353a7e2 FWD:ISN inc 0 sumd 0 REV:ISN inc 0 sumd 0 forward: pkts in 9073 bytes in 364387 pkts out 9074 bytes out 364435 backward: pkts in 13721 bytes in 20022286 pkts out 13721 bytes out 20022286 pass out quick keep frags keep state IPv4 pkt_flags & 0(10000) = 1000, pkt_options & ffffffff = 0, ffffffff = 0 pkt_security & ffff = 0, pkt_auth & ffff = 0 is_flx 0x1 0x1 0x1 0x1 interfaces: in X[nge0/ffffffff81b04ae8],X[bge1/ffffffff81b04cb8] out X[bge1/ffffffff81b04cb8],X[nge0/ffffffff81b04ae8] ref 2 me 0 rule ffffffff85f63780 nat fffffd7fffdfe4c0 tqehead 0/0 Sync status: not synchronized state 0/9 bkt 16343 tag 0 ttl 18446744073709479100 3728 -> 80 5d0170d2:2818abc 65535<<0:7504<<0 cmsk 0000 smsk 0000 isc 0 s0 5d016d85/028184e4 FWD:ISN inc 0 sumd 0 REV:ISN inc 0 sumd 0 forward: pkts in 6 bytes in 1588 pkts out 7 bytes out 1636 backward: pkts in 5 bytes in 1703 pkts out 5 bytes out 1703 pass out quick keep frags keep state IPv4 pkt_flags & 0(10000) = 1000, pkt_options & ffffffff = 0, ffffffff = 0 pkt_security & ffff = 0, pkt_auth & ffff = 0 is_flx 0x1 0x1 0x1 0x1 interfaces: in X[nge0/ffffffff81b04ae8],X[bge1/ffffffff81b04cb8] out X[bge1/ffffffff81b04cb8],X[nge0/ffffffff81b04ae8] ref 2 me 0 rule ffffffff85f63780 nat fffffd7fffdfe4c0 tqehead 0/0 Sync status: not synchronized ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9 bkt 18977 tag 0 ttl 18446744073709479082 3724 -> 80 bb93cb4f:1f0348a 65535<<0:6432<<0 cmsk 0000 smsk 0000 isc 0 s0 bb93c9fa/01f02f60 FWD:ISN inc 0 sumd 0 REV:ISN inc 0 sumd 0 forward: pkts in 5 bytes in 880 pkts out 6 bytes out 928 backward: pkts in 4 bytes in 1501 pkts out 4 bytes out 1501 pass out quick keep frags keep state IPv4 pkt_flags & 0(10000) = 1000, pkt_options & ffffffff = 0, ffffffff = 0 pkt_security & ffff = 0, pkt_auth & ffff = 0 is_flx 0x1 0x1 0x1 0x1 interfaces: in X[nge0/ffffffff81b04ae8],X[bge1/ffffffff81b04cb8] out X[bge1/ffffffff81b04cb8],X[nge0/ffffffff81b04ae8] ref 2 me 0 rule ffffffff85f63780 nat fffffd7fffdfe4c0 tqehead 0/0 Sync status: not synchronized Cheers Corey ------=_Part_10780_15227600.1166442673975 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline No worries Darren...<br><br>I've just recompiled and reloaded... Here is the output...<br>(NB: THe patch needed some slight adjustments as the 4.1.15 source I'm using referred to "sp->" and not "ips.") <br><br>[user@myhost]$ sudo ipfstat -s<br>IP states added:<br> &nbs p; 22 TCP<br> 356 UDP<br> 2 ICMP<br> 149950 hits<br> 109643 misses<br> &nbs p; 0 maximum<br> &nb sp; 0 no memory<br> &nbs p; 1 bkts in use <br> 5 active<br> &nbs p; 357 expired<br> &nb sp; 18 closed<br>State logging enabled<br><br>State table bucket statistics:<br>   ; 1 in use<br> 0.00% bucket usage<br>   ; 0 minimal length<br> &nbs p; 1 maximal length <br> 1.000 average length<br><br>and<br><br>[user@myhost]$ sudo ipfstat -dsl<br>ORPHAN internal-IP -> <a href="http://mirror.internode.on.net">mirror.internode.on.net</a> pass 0x40004702 pr 6 state 0/6 bkt 17078 <br> tag 0 ttl 18446744073709479117<br> &n bsp; 3732 -> 80 47f55b88:3a67d2d 65535<<0:6432<<0<br> cmsk 0000 smsk 0000 isc 0 s0 47f55a33/03a67804<br> &n bsp; FWD:ISN inc 0 sumd 0<br> REV:ISN inc 0 sumd 0 <br> forward: pkts in 5 bytes in 880 pkts out 6 bytes out 928<br> backward: pkts in 3 bytes in 1461 pkts out 3 bytes out 1461<br> pass out quick keep frags keep state IPv4<br> pkt_flags & 0(10000) = 1000, &nb sp; pkt_options & ffffffff = 0, ffffffff = 0 <br> pkt_security & ffff = 0, pkt_auth & ffff = 0<br> is_flx 0x1 0x1 0x1 0x1<br> interfaces: in X[nge0/ffffffff81b04ae8],X[bge1/ffffffff81b04cb8] out X[bge1/ffffffff81b04cb8],X[nge0/ffffffff81b04ae8] <br> ref 2 me 0 rule ffffffff85f63780 nat fffffd7fffdfe4c0<br> tqehead 0/0<br> Sync status: not synchronized<br>ORPHAN internal-IP -> <a href="http://mirror.internode.on.net">mirror.internode.on.net </a> pass 0x40004702 pr 6 state 0/6 bkt 12702<br>   ; tag 0 ttl 18446744073709482654<br> &n bsp; 3730 -> 80 b643691:47ccb29 65535<<0:7658<<0<br> cmsk 0000 smsk 0000 isc 0 s0 0b6432a1/0353a7e2<br> &n bsp; FWD:ISN inc 0 sumd 0 <br> REV:ISN inc 0 sumd 0<br> forward: pkts in 9073 bytes in 364387 pkts out 9074 bytes out 364435<br> &nbs p; backward: pkts in 13721 bytes in 20022286 pkts out 13721 bytes out 20022286<br> &n bsp; pass out quick keep frags keep state IPv4 <br> pkt_flags & 0(10000) = 1000, &nb sp; pkt_options & ffffffff = 0, ffffffff = 0<br> pkt_security & ffff = 0, pkt_auth & ffff = 0<br> is_flx 0x1 0x1 0x1 0x1<br> interfaces: in X[nge0/ffffffff81b04ae8],X[bge1/ffffffff81b04cb8] out X[bge1/ffffffff81b04cb8],X[nge0/ffffffff81b04ae8] <br> ref 2 me 0 rule ffffffff85f63780 nat fffffd7fffdfe4c0<br> tqehead 0/0<br> Sync status: not synchronized<br> state 0/9 bkt 16343<br>   ; tag 0 ttl 18446744073709479100<br> &n bsp; 3728 -> 80 5d0170d2:2818abc 65535<<0:7504<<0 <br> cmsk 0000 smsk 0000 isc 0 s0 5d016d85/028184e4<br> &n bsp; FWD:ISN inc 0 sumd 0<br> REV:ISN inc 0 sumd 0<br> forward: pkts in 6 bytes in 1588 pkts out 7 bytes out 1636<br> backward: pkts in 5 bytes in 1703 pkts out 5 bytes out 1703 <br> pass out quick keep frags keep state IPv4<br> pkt_flags & 0(10000) = 1000, &nb sp; pkt_options & ffffffff = 0, ffffffff = 0<br> pkt_security & ffff = 0, pkt_auth & ffff = 0<br> is_flx 0x1 0x1 0x1 0x1<br> interfaces: in X[nge0/ffffffff81b04ae8],X[bge1/ffffffff81b04cb8] out X[bge1/ffffffff81b04cb8],X[nge0/ffffffff81b04ae8]<br> ref 2 me 0 rule ffffffff85f63780 nat fffffd7fffdfe4c0 <br> tqehead 0/0<br> Sync status: not synchronized<br>ORPHAN internal-IP -> <a href="http://mirror.internode.on.net">mirror.internode.on.net</a> pass 0x40004702 pr 6 state 0/9 bkt 18977<br>   ; tag 0 ttl 18446744073709479082 <br> 3724 -> 80 bb93cb4f:1f0348a 65535<<0:6432<<0<br> cmsk 0000 smsk 0000 isc 0 s0 bb93c9fa/01f02f60<br> &n bsp; FWD:ISN inc 0 sumd 0<br> REV:ISN inc 0 sumd 0<br> forward: pkts in 5 bytes in 880 pkts out 6 bytes out 928 <br> backward: pkts in 4 bytes in 1501 pkts out 4 bytes out 1501<br> pass out quick keep frags keep state IPv4<br> pkt_flags & 0(10000) = 1000, &nb sp; pkt_options & ffffffff = 0, ffffffff = 0 <br> pkt_security & ffff = 0, pkt_auth & ffff = 0<br> is_flx 0x1 0x1 0x1 0x1<br> interfaces: in X[nge0/ffffffff81b04ae8],X[bge1/ffffffff81b04cb8] out X[bge1/ffffffff81b04cb8],X[nge0/ffffffff81b04ae8] <br> ref 2 me 0 rule ffffffff85f63780 nat fffffd7fffdfe4c0<br> tqehead 0/0<br> Sync status: not synchronized<br><br><br><br>Cheers<br>Corey<br> ------=_Part_10780_15227600.1166442673975-- 
|
Linear Mode
