> I used to have problems with the ipfwadm dump (where an IP would be mangled
> during certain hours of the day (more or less the same hours everyday)).
> I contacted Jos Vos (ipfwadm's author), and he told me that it could not
> possibly be his fine, bug free [tm], piece of software :-D (just kidding
> here, he simply hinted that the bug pattern was most likely caused by
> the kernel output).
> (I was having those problems when I was launching "ipfwadm -Alxz" instead of
> "ipfwadm -Alx").
I have seen/reported/looked in the sources for the source of
_exactly_the_same_problem_. In my case, I do IP accounting on every
machine we have, and they all email me the data every night. When I used
ipfwadm -lAz, I'd get occasional address bits dropped on some systems, and
very frequent bits dropped on a virtual web server that (at the time)
probably had around 50-60 virtuals with an output accounting rule for
each. I think the last time I looked, I'd always get the corruption in
just one address, and it was always the 10th rule, but I'd have to scan my
files again to be certain.
Your example is also in the 10th rule...cue the twilight zone music.
The only solution I could come up with was what you did...-lA in pass one,
and -Az in a second pass. Not quite optimal.
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
________Finger jlewis@inorganic5.fdt.net for PGP public key_______