Hello,
There is a leaking problem in logging events in IPFilter working on Solaris
10.
About 30-50% of events is not recorded in a IPFilter logfile.
I compared IPFilter logs with data taken from snoop in the same port bge0.
There is no warning or error in system messages.
Results of the ipfstat are:
bad packets: in 0 out 0
IPv6 packets: in 1183 out 1207
input packets: blocked 422 passed 704706 nomatch 487 counted 0
short 0
output packets: blocked 0 passed 671893 nomatch 518 counted 0 short
0
input packets logged: blocked 0 passed 684475
output packets logged: blocked 0 passed 656925
packets logged: input 1173 output 0
log failures: input 485433 output 462521
fragment state(in): kept 0 lost 0 not fragmented 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 553992 lost 0
packet state(out): kept 647 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 0 (out): 0
IN Pullups succeeded: 7413 failed: 0
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 15715
Packet log flags set: (0)
The line which might show problem is: log failures: input 485433 output
462521
I appreciate your help or remarks.
With regards,
Jacek
--
Jacek Igalson
j.igalson(at)
gmail.com