Date: Tue, 20 Nov 2007 11:25:20 +0100 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Jan Srzednicki <w@wrzask.pl> Cc: freebsd-stable@freebsd.org, freebsd-pf@freebsd.org Subject: Re: pf(4) using inapropriate timeout values, 6.2-R Message-ID: <20071120102520.GL29432@insomnia.benzedrine.cx> In-Reply-To: <20071120095041.GJ2045@oak.pl> References: <20071119202142.GI2045@oak.pl> <20071120065334.GJ29432@insomnia.benzedrine.cx> <20071120095041.GJ2045@oak.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
The specific change in the OpenBSD tree was Revision 1.494 Mon Jul 4 08:28:04 2005 UTC (2 years, 4 months ago) by markus Branch: MAIN Changes since 1.493: +3 -3 lines restrict the tcp.finwait timeout (45s) to state combinations where we have seen a FIN from both sides (whether ACKed or not) and use tcp.closing (900s) for half closed connections. otherwise half closed connections will time out within 45s. ok dhartmei, henning. http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c.diff?r1=1.493&r2=1.494&f=h Index: pf.c =================================================================== RCS file: /cvs/src/sys/net/pf.c,v retrieving revision 1.493 retrieving revision 1.494 diff -u -r1.493 -r1.494 --- pf.c 13 Jun 2005 20:17:25 -0000 1.493 +++ pf.c 4 Jul 2005 08:28:04 -0000 1.494 @@ -4273,8 +4273,8 @@ if (src->state >= TCPS_FIN_WAIT_2 && dst->state >= TCPS_FIN_WAIT_2) (*state)->timeout = PFTM_TCP_CLOSED; - else if (src->state >= TCPS_FIN_WAIT_2 || - dst->state >= TCPS_FIN_WAIT_2) + else if (src->state >= TCPS_CLOSING && + dst->state >= TCPS_CLOSING) (*state)->timeout = PFTM_TCP_FIN_WAIT; else if (src->state < TCPS_ESTABLISHED || dst->state < TCPS_ESTABLISHED) Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071120102520.GL29432>