Hi all,

In output of ipfstat, what is packet state(in) and packet state(out)? I get lost packets even when my state table is not full (i.e number of active entries(77)(from ipfstat -s command) in state table are much less than fr_statemax (16052)(from ipf -T list | grep state)). What may be the reason for this?
what is fr_statesize in ipf -T list | grep state output.
My Solaris10 system has IP Filter: v4.1.9 (592).

> ipfstat

bad packets: in 0 out 0
IPv6 packets: in 0 out 0
input packets: blocked 17387 passed 2719576 nomatch 550284 counted 0 short 0
output packets: blocked 270 passed 3198584 nomatch 1179066 counted 0 short 0
input packets logged: blocked 17387 passed 0
output packets logged: blocked 270 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0 not fragmented 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 22459 lost 133
packet state(out): kept 61873 lost 24129
ICMP replies: 0 TCP RSTs sent: 4736
Invalid source(in): 0
Result cache hits(in): 0 (out): 0
IN Pullups succeeded: 360 failed: 0
OUT Pullups succeeded: 401 failed: 0
Fastroute successes: 4736 failures: 0
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 141315
Packet log flags set: (0)

> ipfstat -s
IP states added:
6033 TCP
9804 UDP
70993 ICMP
3735144 hits
1915993 misses
0 maximum
0 no memory
77 active
0 expired
0 closed
State logging enabled

State table bucket statistics:
76 in use
0 max bucket
0.82% bucket usage
0 minimal length
2 maximal length
1.013 average length

> ipf -T list | grep state
fr_statemax min 0x1 max 0x7fffffff current 16052
fr_statesize min 0x1 max 0x7fffffff current 9233
fr_state_lock min 0 max 0x1 current 0
fr_state_maxbucket min 0x1 max 0x7fffffff current 28
fr_state_maxbucket_reset min 0 max 0x1 current 1
ipstate_logging min 0 max 0x1 current 1
state_flush_level_hi min 0x1 max 0x64 current 95
state_flush_level_lo min 0x1 max 0x64 current 75