I recently tested what would happen with a TCP connection in my kqueue enabled client server software when the 5 hour window lapsed in pftop for a local host connection, which is allowed in both directions in the pf rules. It simply didn't allow the client and server to communicate. The ESTABLISHED state went away as expected, but it didn't signal a closed port to either the client(which was sitting on a blocking read() call) or server. Even so, shouldn't pf create a new state if the client signals to the server's kqueue that there is an EOF event. The communication isn't dependent upon a keep state in the pf rules, shouldn't it make a new state entry? My OpenBSD box isn't connected to the internet, so I still have it on 5.7, maybe that doesn't matter.
-- -Luke
