OK, I'll try compiling the latest 3.x (I guess 3.4.35) on my development box once I get it back up on Monday (transferring from a Ultra 5 to a new Sun Blade 1500).
I'll put the 3.4.35 package on the two systems that are crashing right now quite frequently and see if it is more stable. I think it is likely 4.x related branch related. Currently using Sun Fire V210 and V240 servers with Solaris 8, Generic_117350-20 I'm using Feb 2005 patch revision level as I haven't had a chance to update them to latest rev (transferring ownership to our Ops group) but will be doing a mass upgrade of all the servers to probably Feb 2006 patch revisions once all of our systems are built and transferred. But I don't think this is really an issue with versions since we have such a minimized OS that hardly gets patched when it is patched. Pretty basic system installs so not using any other 3rd party apps that would use the streams module I think... just syslog-ng, NFS mounts from a NetApp filer, telnet/ssh and so forth. I think it is either the UDP packets for syslog or NFS mounts that might be causing the fragmented packet problems. On Monday I'll try and get my development box up and going and compile 4.1.9 and the 3.4.35 and test on the two systems and see how things go. -----Original Message----- From: Phil Dibowitz [mailto:[EMAIL PROTECTED] Sent: Saturday, November 12, 2005 10:38 PM To: Olmsted, Brian Cc: [email protected] Subject: Re: ipf still crashing Olmsted, Brian wrote: > > I'm not using ipf 3.x in my environment as I was trying to use some of > the features of 4.1 such as IP Pools, etc which aren't working properly > and I picked the latest version as I thought it was the stable version. Sure - but it'd be interesting to see if you have the same behavior with 3.x or not. I currently use IP Filter on Solaris compiled with GCC3 without issues - both sparc and x86. So, I'm trying to eliminate factors... try a 3.x branch (is it 4.x specific?), try a different physical box (is it hardware related?) Are you at the latest patch rev? Any strange kernel tunables you have set? Any odd software you have that plays with the STREAMS modules in ways that pfil wouldn't expect? -- Phil Dibowitz [EMAIL PROTECTED] Freeware and Technical Pages Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind." - Dr. Suess
