[OmniOS-discuss] strangeness ssh into omnios from oi_151a9

Richard PALO richard at netbsd.org
Mon Aug 24 16:04:20 UTC 2015 

Le 24/08/15 18:05, Eric Sproul a écrit :
> What you describe sounds network-related, perhaps just a coincidence
> that it happened "recently".  However, it also sounds like the
> behavior changes depending on whether you use an older BE or a newer
> one, so that makes it seem *less* likely that it is an issue with the
> network.  I might still try to packet capture both working and
> non-working ssh sessions and compare them.  I would also double-check
> that your omnios BEs don't have something like ipfilter enabled or
> perhaps some kernel tunable that you changed but might have forgotten.
> 
> Eric
> 
> 

I do find the following from the OI machine interesting:
> richard at smicro:~$ pfexec kstat -m ipf
> module: ipf                             instance: 0     
> name:   inbound                         class:    net
>         acct                            0
>         bad frag state alloc            0
>         bad ip pkt                      0
>         bad pkt state alloc             0
>         block                           0
>         block, logged                   0
>         cachehit                        57425203
>         crtime                          154,516657078
>         dropped:pps ceiling             0
>         ip upd. fail                    0
>         ipv6 pkt                        0
>         logged                          0
>         new frag state compl. pkt       0
>         new frag state kept             0
>         new pkt kept state              0
>         nomatch                         92080544
>         nomatch, logged                 0
>         pass                            95757622
>         pass, logged                    3676918
>         pullup nok                      0
>         pullup ok                       254596
>         return sent                     0
>         short                           0
>         skip                            57
>         snaptime                        154,516657078
>         src != route                    0
>         tcp cksum bad                   0
>         ttl invalid                     1099124
> 
> module: ipf                             instance: 0     
> name:   outbound                        class:    net
>         acct                            0
>         bad frag state alloc            0
>         bad ip pkt                      0
>         bad pkt state alloc             0
>         block                           14
>         block, logged                   0
>         cachehit                        0
>         crtime                          154,516663632
>         dropped:pps ceiling             0
>         ip upd. fail                    0
>         ipv6 pkt                        0
>         logged                          0
>         new frag state compl. pkt       0
>         new frag state kept             0
>         new pkt kept state              0
>         nomatch                         123524975
>         nomatch, logged                 0
>         pass                            123524967
>         pass, logged                    0
>         pullup nok                      0
>         pullup ok                       252835
>         return sent                     0
>         short                           0
>         skip                            0
>         snaptime                        154,516663632
>         src != route                    0
>         tcp cksum bad                   0
>         ttl invalid                     0


notice inbound invalids and nomatches both ways... are they a concern?
-- 
Richard PALO

More information about the OmniOS-discuss mailing list