Date: Fri, 13 Jul 2007 03:23:02 -0700 From: Edward Carrel <edward@carrel.org> To: adler <adler@smtp.ru> Cc: freebsd-stable@freebsd.org Subject: Re: Re[2]: Seems like pf skips some packets. Message-ID: <93EA7502-1E14-464F-BD54-D9D7F17BD844@carrel.org> In-Reply-To: <1626939090.20070713131733@smtp.ru> References: <241432407.20070712131014@smtp.ru> <d5992baf0707120856n31c0480aw6209be33820e3e30@mail.gmail.com> <1626939090.20070713131733@smtp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 13, 2007, at 2:17 AM, Alexey Sopov wrote:
> While thinking about why it happens once in 5 seconds and has only
> ACK bit
> set, I tried to check some timeout variables and found interesting
> thing.
>
> These lines are in /etc/pf.conf:
> set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
> set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
>
> And this I get from pfctl -s timeouts:
> TIMEOUTS:
> tcp.first 30s
> tcp.opening 5s
> tcp.established 18000s
> tcp.closing 60s
> tcp.finwait 30s
> tcp.closed 30s
> tcp.tsdiff 10s
> udp.first 60s
> udp.single 30s
> udp.multiple 60s
> icmp.first 20s
> icmp.error 10s
> other.first 60s
> other.single 30s
> other.multiple 60s
> frag 5s
> interval 2s
> adaptive.start 0 states
> adaptive.end 0 states
> src.track 0s
>
> Setting are loaded in pf via /etc/rc.d/pf start
>
> Why do these things differ?
These are the timeout settings for "set optimization aggressive". If
it appears after your set timeout lines, then it will take
precedence. If this doesn't appear within your pf.conf, then this
probably isn't the pf config file it's loading. If so, that may
explain your issue with the unblocked packets as well.
Best,
Ed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?93EA7502-1E14-464F-BD54-D9D7F17BD844>