[gentoo-user] [QA] The 'dropped' value in /sbin/ifconfig output

[gentoo-user] [QA] The 'dropped' value in /sbin/ifconfig output

[Kan-I Jyo]

Dear list,

This might be too fundamental to answer, but I would like to know
when will the 'dropped' value in the output of /sbin/ifconfig be counted up.

I have tried setting up a firewall using iptables with a very simple rule like
the following:

  <samle>
    # iptables -A INPUT -p tcp --dport 80 -j DROP

When trying to connect from the other host through tcp port 80, there
was no response, which is expected.

However, the 'dropped' value was note added up even the packet is dropped.

Any comment would be greatly appreciated.

-- 
Sincerely,

Jyo

Re: [gentoo-user] [QA] The 'dropped' value in /sbin/ifconfig output

[Xavier Parizet]

[-- Attachment #1: Type: text/plain, Size: 1104 bytes --]

On 02/25/2010 02:11 PM, Kan-I Jyo wrote:
> Dear list,
> 
> This might be too fundamental to answer, but I would like to know
> when will the 'dropped' value in the output of /sbin/ifconfig be counted up.
> 
> I have tried setting up a firewall using iptables with a very simple rule like
> the following:
> 
>   <samle>
>     # iptables -A INPUT -p tcp --dport 80 -j DROP
> 
> When trying to connect from the other host through tcp port 80, there
> was no response, which is expected.
> 
> However, the 'dropped' value was note added up even the packet is dropped.

Well, you're talking about two different things:
the dropped value in ifconfig output is related to Ethernet packet which
would be dropped by hardware.
The target DROP of iptables tells to the kernel to drop the packet at
software level.

If you want to see the dropped packet statistics on software level (ie
iptables), run iptables -v -L .

> Any comment would be greatly appreciated.

-- 
      Xavier Parizet
YaGB :   http://gentooist.com
GPG  :    C7DC B10E FC21 63BE
B453 D239 F6E6 DF65 1569 91BF


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Re: [gentoo-user] [QA] The 'dropped' value in /sbin/ifconfig output

[Kan-I Jyo]

Hello, Xavier

Thank you for your prompt reply.

2010/2/25 Xavier Parizet <xav@gentooist.com>:
> Well, you're talking about two different things:
> the dropped value in ifconfig output is related to Ethernet packet which
> would be dropped by hardware.

Yeah, you have made the things clear to me. I just wondered why would I
mess them up.

So, in my understanding, those packets that are dropped by iptables in fact
have been received by the NICs, and that is the reason the "dropped'
value are not added up.

And here comes my original question: When will the 'dropped' count up?
(Just want to know some general ideas)

-- 
Sincerely,

Jyo

Re: [gentoo-user] [QA] The 'dropped' value in /sbin/ifconfig output

[Xavier Parizet]

[-- Attachment #1: Type: text/plain, Size: 1144 bytes --]

On 02/25/2010 04:36 PM, Kan-I Jyo wrote:
> Hello, Xavier
> 
> Thank you for your prompt reply.
> 
> 2010/2/25 Xavier Parizet <xav@gentooist.com>:
>> Well, you're talking about two different things:
>> the dropped value in ifconfig output is related to Ethernet packet which
>> would be dropped by hardware.
> 
> Yeah, you have made the things clear to me. I just wondered why would I
> mess them up.
> 
> So, in my understanding, those packets that are dropped by iptables in fact
> have been received by the NICs, and that is the reason the "dropped'
> value are not added up.
> 
> And here comes my original question: When will the 'dropped' count up?
> (Just want to know some general ideas)

Network failure / packet loss / invalid ethernet frames / any hardware
related failures which will lead to a packet drop by the hardware
itself. It's a means for the hardware to report to the kernel/software
that it ignored some packets for any reason, these reasons should be
found in dmesg afaik.

-- 
      Xavier Parizet
YaGB :   http://gentooist.com
GPG  :    C7DC B10E FC21 63BE
B453 D239 F6E6 DF65 1569 91BF


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]