Has anyone seen wonky output occasionally from ipfstat?
I have a Tripwire check that looks at ipfstat -ion and
every once in a while it would flag. I'd look at what it
captured and it would be like it doubled up the output, it
would like the normal 46 lines of my ruleset, then keep
going at 47 with another copy.
I wrote a script which duplicated the error in 40 minutes:
#!/bin/bash
#set -x
ipfstat -ion > /tmp/b
rm -f /tmp/attempts
#for i in 1 2 3 4 5 6 7 8 9 10
while true do
do
ipfstat -ion>/tmp/a
diff /tmp/a /tmp/b >/tmp/diff-ab
if [ "$?" -ne "0" ]; then
echo "*** ^G Diff found!"
cp /tmp/a /tmp/ipfstat-a
cp /tmp/b /tmp/ipfstat-b
exit
else
echo "No diff detected."
fi
echo "*" >> /tmp/attempts
sleep 1
done
[root@xyzzyj]<357> wc -l attempts
2359 attempts
[root@xyzzyj]<321> ipf -V
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask: 0x107
--
"The universal aptitude for ineptitude makes any human accomplishment an incredible
miracle." - Stapp's Law
