Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unknown flows in dump-layer #344

Open
luqmana opened this issue Feb 23, 2023 · 0 comments
Open

Unknown flows in dump-layer #344

luqmana opened this issue Feb 23, 2023 · 0 comments

Comments

@luqmana
Copy link
Contributor

luqmana commented Feb 23, 2023

I've noticed that opteadm dump-layer will sometimes show "unknown" flows that seems to just all-zeros:

$ pfexec opteadm dump-layer -p opte_nexus0 firewall
Layer firewall
======================================================================
Inbound Flows
----------------------------------------------------------------------
PROTO  SRC IP           SPORT  DST IP           DPORT  HITS     ACTION                
TCP    192.168.1.2      63016  10.0.0.5         443    0        no-op                 
TCP    192.168.1.2      63018  10.0.0.5         80     0        no-op                 
TCP    192.168.3.2      63016  10.0.0.5         443    1        no-op                 
Unknown 0.0.0.0          0      0.0.0.0          0      0        no-op                 

Outbound Flows
----------------------------------------------------------------------
PROTO  SRC IP           SPORT  DST IP           DPORT  HITS     ACTION                
TCP    10.0.0.5         80     192.168.1.2      63018  1        no-op                 
TCP    10.0.0.5         443    192.168.1.2      63016  2        no-op                 
TCP    10.0.0.5         443    192.168.3.2      63016  0        no-op                 
Unknown 0.0.0.0          0      0.0.0.0          0      0        no-op                 

Inbound Rules
----------------------------------------------------------------------
ID     PRI    HITS   PREDICATES                             ACTION            
0      100    17     inner.ulp.dst=80,443                   "Stateful Allow"
1      65534  75     inner.ether.ether_type=ARP             "Stateful Allow"
DEF    --     1021   --                                     "deny"

Outbound Rules
----------------------------------------------------------------------
ID     PRI    HITS   PREDICATES                             ACTION            
DEF    --     0      --                                     "stateful allow"

Unsure if that's expected but figured I'd just open an issue so I don't forget to investigate more.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@luqmana