question on the "OOW" issue

Thu, 26 Mar 2009 19:23:37 -0700 

Hi,



In these days, I am running into one strange problem. With the same rules,
connection from one client can be established, but can’t from another due to
“OOW” failure.

I'm using ipfilter4.1.10 on solaris9 (SPARC).



The major inbound rules are listed below.



154 @1 block in log body level local0.info on ce0 all head 10

12  @11 pass in quick proto tcp from any to 135.254.174.135/32 flags
S/FSRPAU keep state group 10

160 @12 block in log body level local0.info quick proto tcp from any to any
group 10

……



When I try to connect the server (omppcls) from machines with ‘apxlts’ via
telnet/ssh, it seems that the first packet matches the rule �...@11’,

and is recorded in the state table. But the subsequent packets are blocked
(match rule �...@12’), and the state can’t become complete in the state table.



apxlts1502 -> omppcls pass 0x40008502 pr 6 state 2/0 bkt 4905

            tag 0 ttl 424

            63452 -> 22 4e2082e5:0 24820<<0:1<<0

            cmsk 0000 smsk 0000 isc 0 s0 00000000/00000000

            FWD:ISN inc 0 sumd 0

            REV:ISN inc 0 sumd 0

            forward: pkts in 1 bytes in 48 pkts out 0 bytes out 0

            backward: pkts in 0 bytes in 0 pkts out 0 bytes out 0

            pass in quick keep state IPv4

            pkt_flags & 0(10000) = 1000,                  pkt_options &
ffffffff = 0, ffffffff = 0

            pkt_security & ffff = 0, pkt_auth & ffff = 0

            is_flx 0x1 0 0 0

            interfaces: in ce0[ce0],-[] out -[],-[]

            Sync status: not synchronized

apxlts1503 -> omppcls pass 0x40008502 pr 6 state 2/0 bkt 1121

            tag 0 ttl 114

            32953 -> 23 35277882:0 24820<<0:1<<0

            cmsk 0000 smsk 0000 isc 0 s0 00000000/00000000

            FWD:ISN inc 0 sumd 0

            REV:ISN inc 0 sumd 0

            forward: pkts in 1 bytes in 48 pkts out 0 bytes out 0

            backward: pkts in 0 bytes in 0 pkts out 0 bytes out 0

            pass in quick keep state IPv4

            pkt_flags & 0(10000) = 1000,                  pkt_options &
ffffffff = 0, ffffffff = 0

            pkt_security & ffff = 0, pkt_auth & ffff = 0

            is_flx 0x1 0 0 0

            interfaces: in ce0[ce0],-[] out -[],-[]

            Sync status: not synchronized



>From other machine like njcgpa below, the connection can be established.



njcgpa -> omppcls pass 0x40008502 pr 6 state 5/5 bkt 1715

            tag 0 ttl 864000

            48680 -> 23 e969fbb0:a9508633 24820<<0:49640<<0

            cmsk 0000 smsk 0000 isc 0 s0 e969f947/a94f1b5b

            FWD:ISN inc 0 sumd 0

            REV:ISN inc 0 sumd 0

            forward: pkts in 581 bytes in 23865 pkts out 0 bytes out 0

            backward: pkts in 0 bytes in 0 pkts out 457 bytes out 111176

            pass in quick keep state IPv4

            pkt_flags & 0(10000) = 1000,                  pkt_options &
ffffffff = 0, ffffffff = 0

            pkt_security & ffff = 0, pkt_auth & ffff = 0

            is_flx 0x1 0 0 0x1

            interfaces: in ce0[ce0],-[] out -[],ce0[ce0]

            Sync status: not synchronized



Some logs of blocked packets are listed below. 135.254.252.13 belongs to
apxlts1502, and 135.254.252.14 is for apxlts1503.



Mar 24 06:35:52 omppcls ipmon[177]: [ID 702911 local0.info] 06:35:51.750365
ce0 @10:12 b 135.254.252.13,63452 -> 135.254.174.135,22 PR tcp len 20 40 -A
IN OOW

Mar 24 06:35:54 omppcls ipmon[177]: [ID 702911 local0.info] 06:35:53.924891
ce0 @10:12 b 135.254.252.14,32953 -> 135.254.174.135,23 PR tcp len 20 67 -AP
IN OOW

Mar 24 06:35:54 omppcls ipmon[177]: [ID 702911 local0.info] ff fd 03 ff fb
18 ff fb 1f ff fb 20 ff fb 21 ff        ........... ..!.

Mar 24 06:35:54 omppcls ipmon[177]: [ID 702911 local0.info] fb 22 ff fb 27
ff fd 05 ff fb 23                       ."..'.....#

Mar 24 06:35:54 omppcls ipmon[177]: [ID 702911 local0.info] 06:35:53.930272
ce0 @10:12 b 135.254.252.14,32953 -> 135.254.174.135,23 PR tcp len 20 40 -A
IN OOW

Mar 24 06:36:00 omppcls ipmon[177]: [ID 702911 local0.info] 06:35:59.620572
ce0 @10:12 b 135.254.252.13,63452 -> 135.254.174.135,22 PR tcp len 20 40 -A
IN OOW

Mar 24 06:36:15 omppcls ipmon[177]: [ID 702911 local0.info] 06:36:15.360251
ce0 @10:12 b 135.254.252.13,63452 -> 135.254.174.135,22 PR tcp len 20 40 -A
IN OOW

Mar 24 06:36:47 omppcls ipmon[177]: [ID 702911 local0.info] 06:36:46.840338
ce0 @10:12 b 135.254.252.13,63452 -> 135.254.174.135,22 PR tcp len 20 40 -A
IN OOW

Mar 24 06:36:50 omppcls ipmon[177]: [ID 702911 local0.info] 06:36:50.080302
ce0 @10:12 b 135.254.248.209,59133 -> 135.254.174.135,23 PR tcp len 20 173
-AFP IN

Mar 24 06:36:50 omppcls ipmon[177]: [ID 702911 local0.info] 73 73 68 20 2d
6c 20 6f 6e 65 78 65 76 20 66 6c        ssh -l onexev fl

Mar 24 06:36:50 omppcls ipmon[177]: [ID 702911 local0.info] 78 32 37 31 0d
00 73 73 68 20 2d 6c 20 6f 6e 65        x271..ssh -l one

Mar 24 06:36:50 omppcls ipmon[177]: [ID 702911 local0.info] 78 65 76 20 66
6c 78 32 37 31 0d 00 73 73 68 20        xev flx271..ssh

Mar 24 06:36:50 omppcls ipmon[177]: [ID 702911 local0.info] 2d 6c 20 6f 6e
65 78 65 76 20 66 6c 78 32 37 31        -l onexev flx271

Mar 24 06:36:50 omppcls ipmon[177]: [ID 702911 local0.info] 0d 00 73 73 68
20 2d 6c 20 6f 6e 65 78 65 76 20        ..ssh -l onexev

Mar 24 06:36:50 omppcls ipmon[177]: [ID 702911 local0.info] 66 6c 78 32 37
31 0d 00 73 73 68 20 2d 6c 20 6f        flx271..ssh -l o

Mar 24 06:36:50 omppcls ipmon[177]: [ID 702911 local0.info] 6e 65 78 65 76
20 66 6c 78 32 37 31 0d 00 73 73        nexev flx271..ss

Mar 24 06:36:50 omppcls ipmon[177]: [ID 702911 local0.info] 68 20 0d 00 0d
00 0d 00 0d 00 03 03 7d 0d 00 0d        h ..........}...

Mar 24 06:36:54 omppcls ipmon[177]: [ID 702911 local0.info] 06:36:53.925266
ce0 @10:12 b 135.254.252.14,32953 -> 135.254.174.135,23 PR tcp len 20 67 -AP
IN OOW

Mar 24 06:36:54 omppcls ipmon[177]: [ID 702911 local0.info] ff fd 03 ff fb
18 ff fb 1f ff fb 20 ff fb 21 ff        ........... ..!.

Mar 24 06:36:54 omppcls ipmon[177]: [ID 702911 local0.info] fb 22 ff fb 27
ff fd 05 ff fb 23                       ."..'.....#

Mar 24 06:37:15 omppcls ipmon[177]: [ID 702911 local0.info] 06:37:14.770368
2x ce0 @10:12 b 135.254.252.13,914 -> 135.254.174.135,513 PR tcp len 20 41
-AP IN

Mar 24 06:37:15 omppcls ipmon[177]: [ID 702911 local0.info] 6f
                                                 o

Mar 24 06:37:16 omppcls ipmon[177]: [ID 702911 local0.info] 06:37:15.961694
ce0 @10:12 b 135.254.252.13,914 -> 135.254.174.135,513 PR tcp len 20 41 -A
IN

Mar 24 06:37:16 omppcls ipmon[177]: [ID 702911 local0.info]
6f                                                     o

Mar 24 06:37:18 omppcls ipmon[177]: [ID 702911 local0.info] 06:37:17.562668
ce0 @10:12 b 135.254.252.13,914 -> 135.254.174.135,513 PR tcp len 20 41 -A
IN

Mar 24 06:37:18 omppcls ipmon[177]: [ID 702911 local0.info]
6f                                                     o

Mar 24 06:37:21 omppcls ipmon[177]: [ID 702911 local0.info] 06:37:20.761696
ce0 @10:12 b 135.254.252.13,914 -> 135.254.174.135,513 PR tcp len 20 41 -A
IN

Mar 24 06:37:21 omppcls ipmon[177]: [ID 702911 local0.info]
6f                                                     o

Mar 24 06:37:27 omppcls ipmon[177]: [ID 702911 local0.info] 06:37:27.161860
ce0 @10:12 b 135.254.252.13,914 -> 135.254.174.135,513 PR tcp len 20 41 -A
IN

Mar 24 06:37:27 omppcls ipmon[177]: [ID 702911 local0.info]
6f                                                     o

Reply via email to