Seems like pf skips some packets.
Alexey Sopov
adler at smtp.ru
Fri Jul 13 09:17:45 UTC 2007
While thinking about why it happens once in 5 seconds and has only ACK bit
set, I tried to check some timeout variables and found interesting
thing.
These lines are in /etc/pf.conf:
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
And this I get from pfctl -s timeouts:
TIMEOUTS:
tcp.first 30s
tcp.opening 5s
tcp.established 18000s
tcp.closing 60s
tcp.finwait 30s
tcp.closed 30s
tcp.tsdiff 10s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 5s
interval 2s
adaptive.start 0 states
adaptive.end 0 states
src.track 0s
Setting are loaded in pf via /etc/rc.d/pf start
Why do these things differ?
P.S. Sorry for my English.
--
Alexey mailto:adler at smtp.ru
More information about the freebsd-stable
mailing list