Troubleshooting guide

Appendix A: State Tables for VPN-1/FireWall-1 4.0 Logging tables

Advanced Technical Reference Guide 4.1 • June 2000 150

The first five fields are the “key” fields mentioned above. The time field represents the time measured in

seconds since 1/1/1970. The counter runs from 0-10 (0xa), and when it reaches 10 (i.e. every 10

packet) a trap

is sent to the daemon to update the live connections log, or a synchronized VPN/FireWall module if such exists.

The interface field tracks the interface on which accounting is taking place, to avoid counting packets more than

once.

The second entry, which has 0 as the first key, is used to associate a data connection (whose parameters are in

the next 5 key fields) with a control connection (whose parameters are the values) for accounting purposes.

trapped table

The trapped table is used to trap connections that need to interact with the daemon while the actual interaction is

being made. This avoids forwarding retransmissions while the connection is stalled (for example when

negotiating encryption).

Example

attributes: expires 10

<c0a83005, 0000061f, c7cb471c, 00000017, 00000006, 00000001; 100/180>

The trapped table uses the following format:

< source IP address, source port, destination IP address, destination port, IP protocol, rule number; time

left/total time>

dup_con table

The dup_con table is used for special debugging and is not normally used. It holds data on the connections that

were chosen to be debug-printed. This table holds the “conn” fields described in The basic structure of a

connection in a table entry (above), and a time-out section.

Example

attributes: refresh expires 600

<c0a80c01, 00000427, c0a80c2f, 00000015, 00000006; 600/600>

domain_cache table