You may be recycling port numbers before the state fully expired. If that's the case you can try reducing the tcp.closed timeout: "keep state (tcp.closed XX)".
On 2008/09/22 16:13, Jordi Espasa Clofent wrote: > Ok; more info: > > $ pfctl -x misc > > $ tail -f /var/log/messages | grep 217.130.13.161 > Sep 22 16:11:13 ares /bsd: pf: BAD state: TCP 212.36.74.109:443 > 212.36.74.109:443 217.130.13.161:32796 [lo=4134584134 high=4134650337 > win=325 modulator=0 wscale=7] [lo=3328738864 high=3328780464 win=33120 > modulator=0 wscale=1] 10:10 S seq=4159168565 (4159168565) > ack=3328738864 len=0 ackskew=0 pkts=37:16 dir=in,fwd > Sep 22 16:11:14 ares /bsd: pf: BAD state: TCP 212.36.74.109:443 > 212.36.74.109:443 217.130.13.161:32771 [lo=4155258378 high=4155324581 > win=147 modulator=0 wscale=7] [lo=1301018309 high=1301037125 win=33120 > modulator=0 wscale=1] 10:10 S seq=4161601276 (4161601276) > ack=1301018309 len=0 ackskew=0 pkts=33:15 dir=in,fwd > Sep 22 16:11:17 ares /bsd: pf: BAD state: TCP 212.36.74.109:443 > 212.36.74.109:443 217.130.13.161:32771 [lo=4155258378 high=4155324581 > win=147 modulator=0 wscale=7] [lo=1301018309 high=1301037125 win=33120 > modulator=0 wscale=1] 10:10 S seq=4161601276 (4161601276) > ack=1301018309 len=0 ackskew=0 pkts=33:15 dir=in,fwd > > IP 217.130.13.161 is from I execute the test program and this is the > output I can see EXACTLY when the program hangs up. > > ¿What it means? > > > -- > Thanks, > Jordi Espasa Clofent
