info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
ipfstat bug on Solaris 10?
70 views
Skip to first unread message
Vincent Fox
Jan 5, 2012, 2:20:32 PM1/5/12
to
Has anyone seen wonky output occasionally from ipfstat?
I have a Tripwire check that looks at ipfstat -ion and
every once in a while it would flag. I'd look at what it
captured and it would be like it doubled up the output, it
would like the normal 46 lines of my ruleset, then keep
going at 47 with another copy.
I wrote a script which duplicated the error in 40 minutes:
#!/bin/bash
#set -x
ipfstat -ion > /tmp/b
rm -f /tmp/attempts
#for i in 1 2 3 4 5 6 7 8 9 10
while true do
do
ipfstat -ion>/tmp/a
diff /tmp/a /tmp/b >/tmp/diff-ab
if [ "$?" -ne "0" ]; then
echo "*** ^G Diff found!"
cp /tmp/a /tmp/ipfstat-a
cp /tmp/b /tmp/ipfstat-b
exit
else
echo "No diff detected."
fi
echo "*" >> /tmp/attempts
sleep 1
done
[root@xyzzyj]<357> wc -l attempts
2359 attempts
[root@xyzzyj]<321> ipf -V
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask: 0x107
--
"The universal aptitude for ineptitude makes any human accomplishment an incredible miracle." - Stapp's Law
I have a Tripwire check that looks at ipfstat -ion and
every once in a while it would flag. I'd look at what it
captured and it would be like it doubled up the output, it
would like the normal 46 lines of my ruleset, then keep
going at 47 with another copy.
I wrote a script which duplicated the error in 40 minutes:
#!/bin/bash
#set -x
ipfstat -ion > /tmp/b
rm -f /tmp/attempts
#for i in 1 2 3 4 5 6 7 8 9 10
while true do
do
ipfstat -ion>/tmp/a
diff /tmp/a /tmp/b >/tmp/diff-ab
if [ "$?" -ne "0" ]; then
echo "*** ^G Diff found!"
cp /tmp/a /tmp/ipfstat-a
cp /tmp/b /tmp/ipfstat-b
exit
else
echo "No diff detected."
fi
echo "*" >> /tmp/attempts
sleep 1
done
[root@xyzzyj]<357> wc -l attempts
2359 attempts
[root@xyzzyj]<321> ipf -V
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask: 0x107
--
"The universal aptitude for ineptitude makes any human accomplishment an incredible miracle." - Stapp's Law
Darren Reed
Jan 6, 2012, 7:11:42 PM1/6/12
to
Ah, this is a known issue with Solaris 10.
You could try one of two things:
- update to the latest release of Solaris 10
- or if you're already there, download 4.1.35, which is good unless
you're using ipfilter in zones (and in that case, I need to get my
finger out...)
You could try one of two things:
- update to the latest release of Solaris 10
- or if you're already there, download 4.1.35, which is good unless
you're using ipfilter in zones (and in that case, I need to get my
finger out...)
Vincent Fox
Jan 6, 2012, 6:25:28 PM1/6/12
to
I checked against another machine which is running a recently
installed copy of Solaris 10 Update 10, and the ipf version there
seems to be the same one:
# ipf -V
/etc/issue: No such file or directory
# more /etc/release
Oracle Solaris 10 8/11 s10s_u10wos_17b SPARC
Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved.
Assembled 23 August 2011
Management would probably not be thrilled about switching production
from the vendor version (stable) for a hand-compiled copy just to
fix this particular annoyance for me.
installed copy of Solaris 10 Update 10, and the ipf version there
seems to be the same one:
# ipf -V
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask: 0x107
# more /etc/issue
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask: 0x107
/etc/issue: No such file or directory
# more /etc/release
Oracle Solaris 10 8/11 s10s_u10wos_17b SPARC
Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved.
Assembled 23 August 2011
Management would probably not be thrilled about switching production
from the vendor version (stable) for a hand-compiled copy just to
fix this particular annoyance for me.
Darren Reed
Jan 6, 2012, 11:57:29 PM1/6/12
to
On 7/01/2012 12:25 AM, Vincent Fox wrote:
> I checked against another machine which is running a recently
> installed copy of Solaris 10 Update 10, and the ipf version there
> seems to be the same one:
>
> # ipf -V
> ipf: IP Filter: v4.1.9 (592)
> Kernel: IP Filter: v4.1.9
> Running: yes
> Log Flags: 0 = none set
> Default: pass all, Logging: available
> Active list: 1
> Feature mask: 0x107
> # more /etc/issue
> /etc/issue: No such file or directory
> # more /etc/release
> Oracle Solaris 10 8/11 s10s_u10wos_17b SPARC
> Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved.
> Assembled 23 August 2011
>
> Management would probably not be thrilled about switching production
> from the vendor version (stable) for a hand-compiled copy just to
> fix this particular annoyance for me.
Sorry, I can't help you any further on this.
> I checked against another machine which is running a recently
> installed copy of Solaris 10 Update 10, and the ipf version there
> seems to be the same one:
>
> # ipf -V
> ipf: IP Filter: v4.1.9 (592)
> Kernel: IP Filter: v4.1.9
> Running: yes
> Log Flags: 0 = none set
> Default: pass all, Logging: available
> Active list: 1
> Feature mask: 0x107
> # more /etc/issue
> /etc/issue: No such file or directory
> # more /etc/release
> Oracle Solaris 10 8/11 s10s_u10wos_17b SPARC
> Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved.
> Assembled 23 August 2011
>
> Management would probably not be thrilled about switching production
> from the vendor version (stable) for a hand-compiled copy just to
> fix this particular annoyance for me.
Darren
0 new messages