Has anyone seen wonky output occasionally from ipfstat?
I have a Tripwire check that looks at ipfstat -ion and
every once in a while it would flag. I'd look at what it
captured and it would be like it doubled up the output, it
would like the normal 46 lines of my ruleset, then keep
going at 47 with another copy.
I wrote a script which duplicated the error in 40 minutes:
ipfstat -ion > /tmp/b
rm -f /tmp/attempts
#for i in 1 2 3 4 5 6 7 8 9 10
while true do
diff /tmp/a /tmp/b >/tmp/diff-ab
if [ "$?" -ne "0" ]; then
echo "*** ^G Diff found!"
cp /tmp/a /tmp/ipfstat-a
cp /tmp/b /tmp/ipfstat-b
echo "No diff detected."
echo "*" >> /tmp/attempts
[root@xyzzyj]<357> wc -l attempts
[root@xyzzyj]<321> ipf -V
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask: 0x107
"The universal aptitude for ineptitude makes any human accomplishment an incredible miracle." - Stapp's Law