Re: ipfstat bug on Solaris 10?

Fri, 06 Jan 2012 15:26:09 -0800 

I checked against another machine which is running a recently
installed copy of Solaris 10 Update 10, and the ipf version there
seems to be the same one:

# ipf -V
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9               
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask: 0x107
# more /etc/issue
/etc/issue: No such file or directory
# more /etc/release
                   Oracle Solaris 10 8/11 s10s_u10wos_17b SPARC
  Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved.
                            Assembled 23 August 2011

Management would probably not be thrilled about switching production
from the vendor version (stable) for a hand-compiled copy just to
fix this particular annoyance for me.

On Jan 6, 2012, at 4:11 PM, Darren Reed wrote:

> Ah, this is a known issue with Solaris 10.
> 
> You could try one of two things:
> - update to the latest release of Solaris 10
> - or if you're already there, download 4.1.35, which is good unless you're 
> using ipfilter in zones (and in that case, I need to get my finger out...)
> 
> Vincent Fox wrote:
>> Has anyone seen wonky output occasionally from ipfstat?
>> 
>> I have a Tripwire check that looks at ipfstat -ion and
>> every once in a while it would flag.  I'd look at what it
>> captured and it would be like it doubled up the output, it
>> would like the normal 46 lines of my ruleset, then keep
>> going at 47 with another copy.
>> 
>> I wrote a script which duplicated the error in 40 minutes:
>> 
>> #!/bin/bash
>> #set -x
>> ipfstat -ion > /tmp/b
>> rm -f /tmp/attempts
>> #for i in 1 2 3 4 5 6 7 8 9 10
>> while true do
>> do
>>        ipfstat -ion>/tmp/a
>>        diff /tmp/a /tmp/b >/tmp/diff-ab
>>         if [ "$?" -ne "0" ]; then
>>                echo "*** ^G  Diff found!"
>>                cp /tmp/a /tmp/ipfstat-a
>>                cp /tmp/b /tmp/ipfstat-b
>>                exit
>>        else
>>                echo "No diff detected."
>>        fi
>>        echo "*" >> /tmp/attempts
>>        sleep 1
>> done
>> 
>> [root@xyzzyj]<357> wc -l attempts
>>    2359 attempts
>> 
>> [root@xyzzyj]<321> ipf -V
>> ipf: IP Filter: v4.1.9 (592)
>> Kernel: IP Filter: v4.1.9
>> Running: yes
>> Log Flags: 0 = none set
>> Default: pass all, Logging: available
>> Active list: 1
>> Feature mask: 0x107
>> 
>

Reply via email to