Hi, I have quite a lot of "BAD state" and "loose state match" debug messages on my FreeBSD 6.2 servers and I would like to understand them to know if something needs to be fixed or if they can be ignored.
I had a problem with "BAD state" before, with outgoing TCP connections that were reusing src port numbers too quickly. It appeared to be a bug of FreeBSD port randomization for outgoing connections, so I have disabled it with the following sysctls: net.inet.ip.portrange.first=32768 net.inet.ip.portrange.hifirst=32768 net.inet.ip.portrange.randomized=0 However I am still getting debug messages with BAD state or loose state match. Could anybody have a look on some of them and help me explain what they mean? The first two are from a server that does not have many connections and hasn't any servers listening (except ssh). Those are the only two debug messages received within one day: pf: BAD state: TCP server_ip:52936 server_ip:52936 dest_ip:30535 [lo=131245561 high=131251449 win=65535 modulator=0 wscale=1] [lo=621066643 high=621197713 win=46 modulator=0 wscale=7] 4:4 RA seq=621066643 ack=131245561 len=0 ackskew=0 pkts=55:25 dir=in,rev pf: State failure on: | pf: BAD state: TCP server_ip:52935 server_ip:52935 dest_ip:30535 [lo=1417751526 high=1417757414 win=65535 modulator=0 wscale=1] [lo=623184141 high=623315211 win=46 modulator=0 wscale=7] 4:4 RA seq=623184141 ack=1417751526 len=0 ackskew=0 pkts=55:25 dir=in,rev pf: State failure on: | So what I understand is that the debug message is related to a connection from server_ip:52936 to dest_ip:30535 and the other one is from another connection. But what the other fields mean? Was the packed just discarded or the connection was dropped (state removed)? And why the "State failure on:" message appears to be missing some information? Regards, Marian
