On Tue, Apr 14, 2009 at 05:09:01PM -0400, Oscar del Rio wrote: > on a couple of systems running nv109 and nv110, with ipfilter enabled, > occasionally we get OOW and NEG_OOW errors. > > ipf rule (a web server): > pass in quick proto tcp from any to any port = 80 keep state keep frags
An SUN case engineer told me, that on should always add 'flags S' when using 'keep state' too get not into trouble. Why: unknown ... But I guess, this is not the real problem. > Is this a known problem? (I remember earlier OOW problems in Solaris 10 > but I thought those were already fixed) We have encountered ipf problems on our mail servers, too - since installation of 138888-07 (138888-08 doesn't solve the problem): After 2..3 days ipfilter seems to trash its tables or bumps some packets into a black hole and thus only occasional mail comes through. Strange thing is, that mail connections from the local net come through without any problem - so its not so easy to get notified, that's something wrong. The problem doesn't occure on machines with the same patch level and snv110 - I guess because they get much much less external connection requests. Had the same problem (at least wrt. symptoms) when feature upgrading to S10u4 (120011-14) - also on the mail servers, only. That time, IDR136697-08 did mitigate the problem but did not resolve it. IDR137077-05 finally fixed it. Don't know, whether a new IDR exists - so re-enabled ipfilter restart per cron job ... Regards, jel. -- Otto-von-Guericke University http://www.cs.uni-magdeburg.de/ Department of Computer Science Geb. 29 R 027, Universitaetsplatz 2 39106 Magdeburg, Germany Tel: +49 391 67 12768 _______________________________________________ networking-discuss mailing list [email protected]
