Date: Sat, 17 Dec 2005 09:00:48 +0100 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Paul Dokas <dokas@oitsec.umn.edu> Cc: frantzen@openbsd.org, freebsd-pf@freebsd.org Subject: Re: very odd PF + FreeBSD6.0 problems Message-ID: <20051217080048.GE14269@insomnia.benzedrine.cx> In-Reply-To: <20051216134759.795206f3.dokas@oitsec.umn.edu> References: <20051216100915.73fef758.dokas@oitsec.umn.edu> <20051216183447.GA14269@insomnia.benzedrine.cx> <20051216190454.GF474@w4g.org> <20051216191831.GB14269@insomnia.benzedrine.cx> <20051216193830.GC14269@insomnia.benzedrine.cx> <20051216134759.795206f3.dokas@oitsec.umn.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 16, 2005 at 01:47:59PM -0600, Paul Dokas wrote: > Bingo (I think). I found the following in the firewall's kernel config: > > options HZ=2000 > > I'm going to get than changed and see if the problem goes away. I just discovered that this seems to be a know problem with setting HZ, if only I had searched earlier ;) Subject: 6-STABLE: HZ>1000, RFC1323 non-compliance, and PF http://marc.theaimsgroup.com/?t=113476573600004&r=1&w=2 Problem Report kern/61404 : RFC1323 timestamps with HZ > 1000 http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/61404 It appears that this is related to the HZ setting on your SSH server (i.e. one of the TCP endpoints) not any HZ setting on the kernel pf runs on itself (so it requires a fix in the generic TCP code, not within pf). Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051217080048.GE14269>