Michael Grigoni wrote: > Michael Grigoni wrote: >> Michael Grigoni wrote: >>> We have a web server behind NAT; the router runs OpenBSD (version >>> unimportant for this question), and remote http client connections >>> stall irrecoverably with bad state errors from 'pf'. >> >> Finally discovered a site that has the Hartmeier article mentioned >> in old mailing list posts, that documents the fields in the 'bad >> state' syslog messages: >> >> http://wiki.gcu.info/doku.php?id=bsd:pf_poilu >> >> My error messages show an error of type '1', packet sequence number >> is greater than 'hi' + window.
<snip> > I will conclude that the strange 'hi' value > reported in the diagnostic message is due to lack of wscale support > in my version of pf <snip> I have patched my 'pf' source files to add TCP window scaling support and initial tests from the problematic linux host clients shows no more stalling. Patch is available for kernel 3.2 (no flames please, this kernel is specially purposed for us; at some point with different hardware, we will run a newer kernel). Michael
