My Inheritance: Solaris 9, ipfilter 3.4.29 x 3 systems, crashes

This is a discussion on My Inheritance: Solaris 9, ipfilter 3.4.29 x 3 systems, crashes within the IPFilter forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------_=_NextPart_001_01C89330.A3F411DA Content-Type: text/plain; charset="us-ascii&...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page My Inheritance: Solaris 9, ipfilter 3.4.29 x 3 systems, crashes

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 03-31-2008
Rugen, Len
 
Posts: n/a
Default My Inheritance: Solaris 9, ipfilter 3.4.29 x 3 systems, crashes
This is a multi-part message in MIME format.

------_=_NextPart_001_01C89330.A3F411DA
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I inherited a group of Solaris systems. They have been having some
problems since before I was assimilated that I think I've tracked down
to ipfilter. =20

=20

The problem first described was the Veritas Vxsvc process would become
unresponsive and unkillable until reboot. I finally discovered that
this didn't happen until ipf rules were changed. The prior technique
was ipfboot stop and ipfboot start. I changed this to ipfboot reload
and it is much better. Before it died every time, if not immediately,
after a few days, now it has just failed once after many changes.

=20

However, earlier this week I used reload to change a filter list on
another system and it crashed. (Messages at the end). I sent this to
Sun and of course they said "ipf, go away". =20

=20

My DBA's will not upgrade to Solaris 10. (Systems run Oracle &
PeopleSoft). I've tried SunScreen on a test and a development system.
It's "supported", but seems to be unstable on a low use system, I think
it would be as bad or worse on the overloaded systems. =20

=20

It looks like ipf was downloaded and installed as a precompiled package.
Any suggestions / opinions on upgrading ipfilter on these systems? I'm
currently reviewing the rules and to me, they are UGLY. Could cleaner
rules help? They have very few KEEP STATE, maybe 500 entries and no
grouping. From ipfstat, particularly for the pass out rules, few if any
have count other than 0. =20

=20

Thanks for any suggestions or job offers.... =20

=20

Len Rugen

=20

=20

unix: [ID 836849 kern.notice]=20

^Mpanic[cpu15]/thread=3D3012e8703a0:=20

unix: [ID 799565 kern.notice] BAD TRAP: type=3D34 rp=3D2a104def1b0
addr=3D2004000000001 mmu_fsr=3D0

unix: [ID 100000 kern.notice]=20

unix: [ID 839527 kern.notice] ipf:=20

unix: [ID 123557 kern.notice] alignment error:

unix: [ID 381800 kern.notice] addr=3D0x2004000000001

unix: [ID 101969 kern.notice] pid=3D1332, pc=3D0x78a6c144, =
sp=3D0x2a104deea51,
tstate=3D0x80001604, context=3D0x10ce

unix: [ID 743441 kern.notice] g1-g7: 14b9c00, 15fcdb1, 0, 0,
ffffffffc0047241, 0, 3012e8703a0

unix: [ID 100000 kern.notice]=20

genunix: [ID 723222 kern.notice] 000002a104deeed0 unix:die+a4 (34,
2a104def1b0, 2004000000001, 0, 61, 53)

genunix: [ID 179002 kern.notice] %l0-3: 0000000000000000
ffffffffc0047241 0000000000000003 0000000000000000

%l4-7: 0000000000000034 0000000000000000 0000000000000000
0000000000000000

genunix: [ID 723222 kern.notice] 000002a104deefb0 unix:trap+5dc
(2a104def1b0, 0, 10000, 10200, 20040, 53)

genunix: [ID 179002 kern.notice] %l0-3: 0000000001007374
000000000080000b 0000033eda78d490 0000000000000034

%l4-7: 000003013f0ee3c8 0000000000000053 0000000000000000
0000000000000000

genunix: [ID 723222 kern.notice] 000002a104def100 unix:ktl0+48 (0, 0, 0,
0, 2a104def310, ffffffff7f731e88)

genunix: [ID 179002 kern.notice] %l0-3: 0000000000000005
0000000000001400 0000000080001604 000000000102edf4

%l4-7: ffffffff7ecbc524 ffffffff7ecbc020 0000000000000000
000002a104def1b0

genunix: [ID 723222 kern.notice] 000002a104def250 ipf:fr_delgroup+24 (0,
0, 2a104def5b0, 3002bc40430, 707574, 707269)

genunix: [ID 179002 kern.notice] %l0-3: 0002004000000001
000003000006e1d8 000003000006e198 000000007f6f7473

%l4-7: 0000000070757400 0000000000000000 000000007efefeff
0000000081010100

genunix: [ID 723222 kern.notice] 000002a104def330 ipf:frflushlist+64 (0,
0, 2a104def5b0, 3006681c598, ffffffff7f60efe4, 0)

genunix: [ID 179002 kern.notice] %l0-3: 000003002bc40428
000003006681c598 000003012d462428 000003000006e1b0

%l4-7: 000003000006e1d8 00000401cb219400 ffffffff7ffff8bc
ffffffff7eb022fc

genunix: [ID 723222 kern.notice] 000002a104def410 ipf:frflushlist+64 (0,
0, 2a104def5b0, 78a8c670, f0, 0)

genunix: [ID 179002 kern.notice] %l0-3: 000003006681c590
0000000078a8c670 0000000000000000 000002a104def5b0

%l4-7: ffffffff7f730948 ffffffff7ffff8bc 0000000000000000
0000000000000000

genunix: [ID 723222 kern.notice] 000002a104def4f0 ipf:frflush+f4 (0,
200c, 4, 0, c, 0)

genunix: [ID 179002 kern.notice] %l0-3: 0000000078a8c670
0000000000000000 000002a104def5b0 000003012e8703a0

%l4-7: 0000000080100280 0000000001000000 0000000000000000
0000000000000000

genunix: [ID 723222 kern.notice] 000002a104def5c0 ipf:iplioctl+490
(ea00000000, ffffffffc0047241, ffffffff7ffffb24, 202003, 3664837cca0,
2a104defaec)

genunix: [ID 179002 kern.notice] %l0-3: 0000000000000000
ffffffffc0047241 0000000000000003 ffffffffc0047241

%l4-7: 0000033eda78d490 0000000000000078 ffffffff7f500698
00000000800035ac

genunix: [ID 723222 kern.notice] 000002a104def9a0 genunix:ioctl+1f8 (3,
ffffffffc0047241, ffffffff7ffffb24, 61, 61, 53)

genunix: [ID 179002 kern.notice] %l0-3: 000000000118e5c8
ffffffffc0047241 0000000000000003 0000000000000000

%l4-7: 0000030123b68850 0000000000000000 0000000000000000
0000000000000000

unix: [ID 100000 kern.notice]


------_=_NextPart_001_01C89330.A3F411DA
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
..MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>I
inherited a group of Solaris systems.&nbsp; They have been having some =
problems
since before I was assimilated that I think I’ve tracked down to
ipfilter.&nbsp; <o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</=
o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>The
problem first described was the Veritas Vxsvc process would become =
unresponsive
and unkillable until reboot.&nbsp; I finally discovered that this =
didn’t happen
until ipf rules were changed.&nbsp; The prior technique was ipfboot stop =
and
ipfboot start.&nbsp; I changed this to ipfboot reload and it is much
better.&nbsp; Before it died every time, if not immediately, after a few =
days,
now it has just failed once after many changes.<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</=
o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>However,
earlier this week I used reload to change a filter list on another =
system and
it crashed.&nbsp; (Messages at the end).&nbsp; I sent this to Sun and of =
course
they said “ipf, go away”.&nbsp; <o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</=
o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>My
DBA’s will not upgrade to Solaris 10.&nbsp; (Systems run Oracle =
&amp;
PeopleSoft).&nbsp; I’ve tried SunScreen on a test and a =
development
system.&nbsp; It’s “supported”, but seems to be =
unstable on a low use system, I
think it would be as bad or worse on the overloaded systems.&nbsp; =
<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</=
o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>It
looks like ipf was downloaded and installed as a precompiled =
package.&nbsp; Any
suggestions / opinions on upgrading ipfilter on these systems?&nbsp; =
I’m
currently reviewing the rules and to me, they are UGLY.&nbsp; Could =
cleaner
rules help?&nbsp; They have very few KEEP STATE, maybe 500 entries and =
no
grouping.&nbsp; From ipfstat, particularly for the pass out rules, few =
if any
have count other than 0.&nbsp; <o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</=
o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>Thanks
for any suggestions or job offers….&nbsp; <o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p>&nbsp;</=
o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>Len
Rugen</span><o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>unix: [ID 836849 kern.notice] <o:p></o:p></p>

<p class=3DMsoNormal>^Mpanic[cpu15]/thread=3D3012e8703a0: =
<o:p></o:p></p>

<p class=3DMsoNormal>unix: [ID 799565 kern.notice] BAD TRAP: type=3D34
rp=3D2a104def1b0 addr=3D2004000000001 mmu_fsr=3D0<o:p></o:p></p>

<p class=3DMsoNormal>unix: [ID 100000 kern.notice] <o:p></o:p></p>

<p class=3DMsoNormal>unix: [ID 839527 kern.notice] ipf: <o:p></o:p></p>

<p class=3DMsoNormal>unix: [ID 123557 kern.notice] alignment =
error:<o:p></o:p></p>

<p class=3DMsoNormal>unix: [ID 381800 kern.notice] =
addr=3D0x2004000000001<o:p></o:p></p>

<p class=3DMsoNormal>unix: [ID 101969 kern.notice] pid=3D1332, =
pc=3D0x78a6c144,
sp=3D0x2a104deea51, tstate=3D0x80001604, context=3D0x10ce<o:p></o:p></p>

<p class=3DMsoNormal>unix: [ID 743441 kern.notice] g1-g7: 14b9c00, =
15fcdb1, 0, 0,
ffffffffc0047241, 0, 3012e8703a0<o:p></o:p></p>

<p class=3DMsoNormal>unix: [ID 100000 kern.notice] <o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 723222 kern.notice] 000002a104deeed0
unix:die+a4 (34, 2a104def1b0, 2004000000001, 0, 61, 53)<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 179002 kern.notice]&nbsp;&nbsp; %l0-3:
0000000000000000 ffffffffc0047241 0000000000000003 =
0000000000000000<o:p></o:p></p>

<p class=3DMsoNormal>&nbsp; %l4-7: 0000000000000034 0000000000000000
0000000000000000 0000000000000000<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 723222 kern.notice] 000002a104deefb0
unix:trap+5dc (2a104def1b0, 0, 10000, 10200, 20040, 53)<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 179002 kern.notice]&nbsp;&nbsp; %l0-3:
0000000001007374 000000000080000b 0000033eda78d490 =
0000000000000034<o:p></o:p></p>

<p class=3DMsoNormal>&nbsp; %l4-7: 000003013f0ee3c8 0000000000000053
0000000000000000 0000000000000000<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 723222 kern.notice] 000002a104def100
unix:ktl0+48 (0, 0, 0, 0, 2a104def310, ffffffff7f731e88)<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 179002 kern.notice]&nbsp;&nbsp; %l0-3: =
0000000000000005
0000000000001400 0000000080001604 000000000102edf4<o:p></o:p></p>

<p class=3DMsoNormal>&nbsp; %l4-7: ffffffff7ecbc524 ffffffff7ecbc020
0000000000000000 000002a104def1b0<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 723222 kern.notice] 000002a104def250
ipf:fr_delgroup+24 (0, 0, 2a104def5b0, 3002bc40430, 707574, =
707269)<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 179002 kern.notice]&nbsp;&nbsp; %l0-3:
0002004000000001 000003000006e1d8 000003000006e198 =
000000007f6f7473<o:p></o:p></p>

<p class=3DMsoNormal>&nbsp; %l4-7: 0000000070757400 0000000000000000
000000007efefeff 0000000081010100<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 723222 kern.notice] 000002a104def330
ipf:frflushlist+64 (0, 0, 2a104def5b0, 3006681c598, ffffffff7f60efe4, =
0)<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 179002 kern.notice]&nbsp;&nbsp; %l0-3:
000003002bc40428 000003006681c598 000003012d462428 =
000003000006e1b0<o:p></o:p></p>

<p class=3DMsoNormal>&nbsp; %l4-7: 000003000006e1d8 00000401cb219400
ffffffff7ffff8bc ffffffff7eb022fc<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 723222 kern.notice] 000002a104def410
ipf:frflushlist+64 (0, 0, 2a104def5b0, 78a8c670, f0, 0)<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 179002 kern.notice]&nbsp;&nbsp; %l0-3:
000003006681c590 0000000078a8c670 0000000000000000 =
000002a104def5b0<o:p></o:p></p>

<p class=3DMsoNormal>&nbsp; %l4-7: ffffffff7f730948 ffffffff7ffff8bc =
0000000000000000
0000000000000000<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 723222 kern.notice] 000002a104def4f0
ipf:frflush+f4 (0, 200c, 4, 0, c, 0)<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 179002 kern.notice]&nbsp;&nbsp; %l0-3:
0000000078a8c670 0000000000000000 000002a104def5b0 =
000003012e8703a0<o:p></o:p></p>

<p class=3DMsoNormal>&nbsp; %l4-7: 0000000080100280 0000000001000000
0000000000000000 0000000000000000<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 723222 kern.notice] 000002a104def5c0
ipf:iplioctl+490 (ea00000000, ffffffffc0047241, ffffffff7ffffb24, =
202003,
3664837cca0, 2a104defaec)<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 179002 kern.notice]&nbsp;&nbsp; %l0-3:
0000000000000000 ffffffffc0047241 0000000000000003 =
ffffffffc0047241<o:p></o:p></p>

<p class=3DMsoNormal>&nbsp; %l4-7: 0000033eda78d490 0000000000000078
ffffffff7f500698 00000000800035ac<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 723222 kern.notice] 000002a104def9a0
genunix:ioctl+1f8 (3, ffffffffc0047241, ffffffff7ffffb24, 61, 61, =
53)<o:p></o:p></p>

<p class=3DMsoNormal>genunix: [ID 179002 kern.notice]&nbsp;&nbsp; %l0-3:
000000000118e5c8 ffffffffc0047241 0000000000000003 =
0000000000000000<o:p></o:p></p>

<p class=3DMsoNormal>&nbsp; %l4-7: 0000030123b68850 0000000000000000
0000000000000000 0000000000000000<o:p></o:p></p>

<p class=3DMsoNormal>unix: [ID 100000 kern.notice]<o:p></o:p></p>

</div>

</body>

</html>

------_=_NextPart_001_01C89330.A3F411DA--
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:27 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0