Luke Small wrote: > I recently tested what would happen with a TCP connection in my kqueue > enabled client server software when the 5 hour window lapsed in pftop > for a local host connection, which is allowed in both directions in > the pf rules. It simply didn't allow the client and server to > communicate. The ESTABLISHED state went away as expected, but it > didn't signal a closed port to either the client(which was sitting on a > blocking read() call) or server. Even so, > shouldn't pf create a new state if the client signals to the server's > kqueue that there is an EOF event. The communication isn't dependent > upon a keep state in the pf rules, shouldn't it make a new state > entry? My OpenBSD box isn't connected to the internet, so I still have > it on 5.7, maybe that doesn't matter.
No, when the pf state disappears, that's no different from cutting a connecting ethernet cable. Until a packet is sent, the TCP state of the endpoints will not know the connection is down. You can send keep alives if you want to detect this condition.
