[pf4freebsd] Re: nfsd send error 1 probably caused by pf ?
Pyun YongHyeon
yongari at kt-is.co.kr
Wed Sep 15 20:56:24 PDT 2004
On Thu, Nov 13, 2003 at 09:38:18PM +0100, Florian C. Smeets wrote:
> Daniel Hartmeier wrote:
> > On Wed, Nov 12, 2003 at 11:35:23PM +0100, Florian C. Smeets wrote:
> >
> >
> >>I get a lot of these BAD state messages with debug leve misc:
> >>
> >>Nov 12 23:32:25 bender kernel: pf: BAD state: TCP 172.30.1.1:2049
> >>172.30.1.1:2049 172.30.1.2:1021 [lo=2879006265 high=2879023465
> >>win=16588 modulator=0] [lo=1139973024 high=1139974122 win=17200
> >>modulator=0] 4:4 A
> >> seq=1139974472 ack=2879006265 len=1448 ackskew=0 pkts=406886:392362
> >>dir=in,rev
> >
> >
> > To prove this theory, you'd need a tcpdump -nvvvS of the entire
> > connection (or at least a couple of packets before the first BAD state
> > message). The connection doesn't use window scaling, so either the peer
> > is at fault or pf saw a packet reducing your window size which got lost
> > before the peer saw it. How regularly does this occur?
> >
>
> I'm going to test this in the weekend. I don't have much time at the moment.
>
> If i get the time i'm going to try to reproduce this at work tomorrow.
>
> Thanks alot for your help,
> flo
>
It seems that your problem is reproducable on my SMP machine.
I used a single rule 'pass out on xl0 keep state'.
However, I can't see 'nfsd send error' message. nfs client
works well even though pf still outputs 'BAD state' message.
Does your xl interface has a facility of H/W checksum offload?
(check with `ifconfig xl0`)
--
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>
More information about the freebsd-pf
mailing list