pf(4) using inapropriate timeout values, 6.2-R

Daniel Hartmeier daniel at
Mon Nov 19 22:53:38 PST 2007

On Mon, Nov 19, 2007 at 09:21:42PM +0100, Jan Srzednicki wrote:

> I'm positively sure it's precisely this value that timeouts this
> conection (which later on get state mismatches).

What does pfctl -vvss show for such a state entry, in particular the
right-most part of the first line ("ESTABLISHED:ESTABLISHED" while the
connection is still fully established, etc.)?

Does it matter which side of the connection (the client or the server)
half-closes the connection?

It's possible that there's a bug in mapping the timeout, I'll check.


