It seems I'm hitting some bugs of IPfilter in Solaris.
At least one is (badly) documented by Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274710
And sure enough, I've noticed those funny times in ipfstat -t:
xx.xx.xx.xx,4372 yy.yy.yy.yy,56189 5/B tcp 21212 28903066 -42:-21
Although my system is at patch 141505-04, which is supposedly
unaffected, and hasn't been badpatched (I did say badly documented,
right? and I love the suggestion to remove the "keep state" from the
rules - like, it's a trivial thing to do).
I've also seen the opposite, that some connections that have just been
established and are still shown as such by netstat are dropped from the
table. I'm not sure if it's related or not.
I'm probably going to try removing it when I get a chance,
And there is in addition to that the lack of a way to configure
ipfilter's parameters. Still looking for information about that,
Thanks for your help guys,
Laurent
