Darren Reed wrote:
So you are seeing SYN-ACK packets blocked because they are "out of window".
This is something new. Can you create a snoop file with these in it for me
to see ?
Also, there were are significant changes in 4.1.10 with respect to out of
window packets.
Hello,
Back to an old topic which is biting me right now:
I've got plenty of packets blocked with OOW. It seems it appeared since
I upgraded from 4.1.8 to 4.1.10.
May 15 11:35:46 osiris ipmon[182]: [ID 702911 local0.notice]
11:35:45.887697 e1000g0 @0:17 b 144.204.65.4,34162 -> 144.204.16.1,3128
PR tcp len 20 48 -S IN OOW
May 15 11:35:47 osiris ipmon[182]: [ID 702911 local0.notice]
11:35:47.831662 e1000g0 @0:17 b 144.204.65.4,65483 -> 144.204.16.1,3128
PR tcp len 20 512 -AFP IN OOW
May 15 11:35:48 osiris ipmon[182]: [ID 702911 local0.notice]
11:35:47.931891 e1000g0 @0:17 b 144.204.65.4,65484 -> 144.204.16.1,3128
PR tcp len 20 715 -AFP IN OOW
And the rule that's blocking them is the one that should let them go, if
I understand correctly:
# ipfstat -io | sed -n '17p'
pass in quick on e1000g0 proto tcp from 144.204.65.4/31 to
144.204.16.1/32 port = 3128 flags S/FSRPAU keep state
Any idea?
Would 4.1.13 fix it? I'd rather know before chasing the latest version,
I can't reboot that box too often.
Box is Solaris 9 SPARC, with some patches, pfil 2.1.7, IPF 4.1.10.
TIA,
Laurent
