PF suddenly malfunctioned
Greg Hennessy
Greg.Hennessy at nviz.net
Tue Jul 24 21:38:04 UTC 2012
>
> On 07/24/2012 01:07 AM, Daniel Hartmeier wrote:
> > What's the client OS?
> >
> The client OS for this test is Ubuntu 12.04 LTS
>
> jmattax at chani:~/pf_debugging$ uname -a
> Linux chani 3.2.0-26-generic #41-Ubuntu SMP Thu Jun 14 16:26:01 UTC 2012
> i686 i686 i386 GNU/Linux
>
> > It looks like it might be an incompatibility between the client and
> > the peculiar wikipedia server (or loadbalancer or proxy or whatever
> > there is).
> >
> > Like the GET request gets lost, but the FIN arrives, and the server
> > selectively ACKs the FIN, and the client doesn't retransmit the request.
> > You ran the tcpdump for several seconds after the netcat was started?
> > Maybe repeat it and wait longer, in case the output is buffered. The
> > client should re-transmit.
> >
>
> I initially ran the tcpdumps until the client had nc return and give me a new
> prompt in my shell (that took maybe a second). I just repeated it as above
> letting the tcpdumps run longer and it captured the same number of packets.
>
Hi Jason,
Try mss clamping the outside interface using the relevant 'scrub' option to rule out a Path MTU issue.
Greg
More information about the freebsd-pf
mailing list