[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    RE: can't get pfil to work
From:       Erik Huizing <erik.huizing () sjrb ! ca>
Date:       2005-12-19 15:52:00
Message-ID: B4EA36D3437761448FA9C3252FCC7124507796 () PRDCG4EXVW01-1 ! OSS ! PRD
[Download RAW message or body]

102 8:49am# ipfstat
ipfstat: Command not found.

-- ipf is not installed, removed it for troubleshooting purposes


103 8:49am# ndd -get /dev/pfil qif_status
ifname ill q OTHERQ ipmp num sap hl nr nw bad copy copyfail drop notip nodata notdata
QIF1 0x0 0x30001372010 0x30001372100 0x0 1 806 0 232 17 0 0 0 0 0 0 0
bge0 0x30000074a30 0x300013727c0 0x300013728b0 0x0 0 800 14 256 256 0 0 0 0 0 0 0

Can anyone explain what each of the fields are and their meanings? Thanks

-----Original Message-----
From: Michael Lim(vpn) [mailto:michael.lim@sun.com]
Sent: December 16, 2005 5:42 PM
To: Erik Huizing
Cc: Ipfilter (E-mail)
Subject: Re: can't get pfil to work


Erik Huizing wrote:

> 	I've been unable to get pfil-2.1.7 working properly on solaris 9. I've completely \
> removed ipfilter from the system for troubleshooting purposes.  The system is a \
> solaris 9 SunFire V240, and I see packet loss when the module is loaded. I'm \
> pinging the problem system from another host on the same subnet, which doesn't have \
> pfil installed. 
> 	The problem is always reproducable, and affects all traffic. When pfil is not \
> loaded (when I have an 'exit' at the top of the script) there is no packet loss.  \
> I've also noticed that pfil doesn't seem to load up manually from the commandline \
> after booting up, but this may be a seperate issue.  
> no pfil:
> 
> ----192.168.1.102 PING Statistics----
> 172 packets transmitted, 172 packets received, 0% packet loss
> round-trip (ms)  min/avg/max = 0/0/1
> 
> pfil loaded on boot:
> 
> ----192.168.1.102 PING Statistics----
> 121 packets transmitted, 87 packets received, 28% packet loss
> round-trip (ms)  min/avg/max = 0/0/0
> 
> I would appreciate some feedback/input as I'm now at a loss as to what is wrong. 
> Thanks in advance.
> 
> 
try to get some more info with

#ipfstat

#ndd -get /dev/pfil qif_status

this data is a bit cryptic but useful when trying to determine why pfil
is acting up.

-mike


[prev in list] [next in list] [prev in thread] [next in thread]