On 24/06/2014 10:39 PM, Darren Reed wrote: > On 23/06/2014 8:24 PM, Petar Bogdanovic wrote: >> ... * sshd bails on a failed write() with ENETUNREACH > So the problem is this: > * sshd tries to write to the socket, gets ENETUNREACH > > and then exits leading to the FIN packets being transmitted as the socket > is closed down in the normal course of things but by the time it is doing > the exit the network path has restored. > > For ICMP packets to cause this, you would need to see many of them. >
Oh, I forgot, there are internal code paths in ipfilter/npf that can return ENETUNREACH. If you are using NetBSD 6 with ipfilter, comparing the output of this: ipfstat | grep 'block reason' from before and after might be illuminating. Or maybe just compare the entire output of "ipfstat" and "ipfstat -s" from before and after. Kind Regards, Darren