julien wrote: > If I enable pfsync, there is a kind of mess with the state changes, > I get some packet loss, some packets from the established connection > are blocked, the state is lost. > > I'm still investigating on pfsync flows, but I welcome any clue if > somebody has already met this.
and Jeff Wilson wrote: > Even so, I'm still seeing exactly the kind of strangeness you're > talking about. As soon as I shut down pfsync, states behaved as > expected, without the random drops. So no clue to give you, just a > "me too". If you're using adaptive timeouts, as generally recommended, then you need to apply at least http://www.itee.uq.edu.au/~chrisp/OpenBSD/pfsync-adaptive-states-fix.diff to get sane pfsync behaviour. This has been broken since I started using pfsync with the 3.5 release, and I thought it had been committed a month or more ago, but it appears to still be missing. I say 'at least' because there are still some other locations where state counters aren't reset properly should an error occur which may bite you - they are shown in the pf-fix-unbalanced-state-counters.diff in the same directory. Regards Chris -- Christopher Pascoe IT Infrastructure Manager School of Information Technology and Electrical Engineering The University of Queensland Brisbane QLD 4072 Australia
