I've installed the patched version of 4.1.15 on Solaris 10 (Sunfire X2100,
64-bit) and can now see the orphan entries listed in ipfstat -sl:
A few minutes after sending an HTTP request from the LAN to the internet
via the IPFilter firewall, I've got 18 entries marked as active (ipfstat
is), with all 18 showing-up as ORPHANS, similar to the two below:
IP states added:
18 TCP
60 UDP
1 ICMP
103931 hits
6321 misses
0 maximum
0 no memory
0 bkts in use
18 active
61 expired
0 closed
State logging enabled
State table bucket statistics:
0 in use
0.00% bucket usage
0 minimal length
0 maximal length
0.000 average length
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9
bkt 23637
tag 0 ttl 18446744073709551457
2196 -> 80 6682a77d:fec38eaa 65535<<0:6432<<0
cmsk 0000 smsk 0000 isc 0 s0 6682a628/fec38980
FWD:ISN inc 0 sumd 0
REV:ISN inc 0 sumd 0
forward: pkts in 5 bytes in 880 pkts out 6 bytes out 928
backward: pkts in 4 bytes in 1501 pkts out 4 bytes out 1501
pass out quick keep frags keep state IPv4
pkt_flags & 0(10000) = 1000, pkt_options & ffffffff = 0,
ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
is_flx 0x1 0x1 0x1 0x1
interfaces: in X[nge0],X[bge1] out X[bge1],X[nge0]
Sync status: not synchronized
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/6
bkt 27030
tag 0 ttl 18446744073709551392
2193 -> 80 49fa0505:fcde15eb 65535<<0:6432<<0
cmsk 0000 smsk 0000 isc 0 s0 49fa03b0/fcde10c2
FWD:ISN inc 0 sumd 0
REV:ISN inc 0 sumd 0
forward: pkts in 5 bytes in 880 pkts out 6 bytes out 928
backward: pkts in 3 bytes in 1461 pkts out 3 bytes out 1461
pass out quick keep frags keep state IPv4
pkt_flags & 0(10000) = 1000, pkt_options & ffffffff = 0,
ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
is_flx 0x1 0x1 0x1 0x1
interfaces: in X[nge0],X[bge1] out X[bge1],X[nge0]
Sync status: not synchronized
and
[EMAIL PROTECTED] sudo ipfstat -sl |grep "\-\>" |grep pass |grep ORPHAN
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state
9/11 bkt 8174
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9
bkt 23637
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/6
bkt 27030
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state
9/11 bkt 7632
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9
bkt 28048
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state
9/11 bkt 20848
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9
bkt 7048
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9
bkt 916
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9
bkt 5179
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state
9/11 bkt 23571
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state
9/11 bkt 26565
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9
bkt 15458
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state
9/11 bkt 9908
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9
bkt 26252
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9
bkt 24369
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9
bkt 9317
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/5
bkt 141
ORPHAN internal-IP -> mirror.internode.on.net pass 0x40004702 pr 6 state 0/9
bkt 16717
Please let me know if you need any more help; I've moved this firewall out
of production back into test so I can change it quickly now.
