Re: npf bug(?)

[6bone%6bone.informatik.uni-leipzig.de@localhost]

On Sun, 9 Apr 2017, Christos Zoulas wrote:

> Perhaps you get a lot of dup fragments? netstat -s should show you the
> stack's reassembly and fragment stats. Perhaps those agree with what
> npf shows?

Currently the patch is active. That's why I have no npf statistics. The 
netstat statistics seem to me credible.

If npf checks the fragmentation, then the counters of npf and the ip stack 
run parallel? Or are the ip stack only counted the packets the npf leaves?

netstat -s shows:

ip:
        413339977 total packets received
        0 bad header checksums
        0 with size smaller than minimum
        0 with data size < data length
        0 with length > max ip packet size
        0 with header length < data size
        0 with data length < header length
        0 with bad options
        0 with incorrect version number
        1795 fragments received
        0 fragments dropped (dup or out of space)
        0 fragments dropped (out of ipqent)
        335 malformed fragments dropped
        440 fragments dropped after timeout
        636 packets reassembled ok
        410154493 packets for this host
        35 packets for unknown/unsupported protocol
        10 packets forwarded (6 packets fast forwarded)
        3183945 packets not forwardable
        0 redirects sent
        0 packets no matching gif found
        218900862 packets sent from this host
        0 packets sent with fabricated ip header
        0 output packets dropped due to no bufs, etc.
        0 output packets discarded due to no route
        31819922 output datagrams fragmented
        33505129 fragments created
        0 datagrams that can't be fragmented
        0 datagrams with bad address in header


Regards
Uwe