PF suddenly malfunctioned
Daniel Hartmeier
daniel at benzedrine.cx
Tue Jul 24 07:07:11 UTC 2012
What's the client OS?
It looks like it might be an incompatibility between the client and the
peculiar wikipedia server (or loadbalancer or proxy or whatever there
is).
Like the GET request gets lost, but the FIN arrives, and the server
selectively ACKs the FIN, and the client doesn't retransmit the request.
You ran the tcpdump for several seconds after the netcat was started?
Maybe repeat it and wait longer, in case the output is buffered. The
client should re-transmit.
If I tcpdump the same request here, I see the server selectively ACKing
FINs even when the plain ACK does so, too. I've never seen this before.
Can you try disabling SACK in the client?
OpenBSD: sysctl net.inet.tcp.sack=0
FreeBSD: sysctl net.inet.tcp.sack.enable=0
Linux: sysctl net.ipv4.tcp_sack=0
Daniel
More information about the freebsd-pf
mailing list