Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Feb 2007 23:45:06 +0100
From:      J65nko <>
Cc:        RW <>
Subject:   Re: PF slowing down file copies
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 2/22/07, RW <> wrote:
> On Wed, 21 Feb 2007 19:38:39 +0100
> J65nko <> wrote:
> > For keeping state on TCP connections you should only create state on
> > the first packet of the 3 way TCP handshake. Using "flags S/SA" will
> > ensure this. This will prevent problems with TCP windows scaling..
> Why? Creating a state entry causes subsequent packets, in the same tcp
> connection, to bypass the rules altogether.

The OP did not keep state on TCP connections using "flags S/SA". That
can cause problems for  TCP window scaling (defined in RFC 1323)  and
result in stalling connections.

>From under
"Create TCP states on the initial SYN packet"

----------- quote ------------------------------
pf does know about window scaling and supports it. However, the
prerequisite is that you create state on the initial SYN, so pf can
associate the first two packets of the handshake with the state entry.
Since the entire negotiation of the window scaling factors takes place
only in these two packets, there is no reliable way to deduce the
factors after the handshake.

Window scaling wasn't widely used in the past, but this is changing
rapidly. Just recently, Linux started using window scaling by default.
If you experience stalling connections, especially when problems are
limited to certain combinations of hosts, and you see 'BAD state'
messages related to these connections logged, verify that you're
really creating states on the initial packet of a connection.
---------- end of quote -------------------

To prevent these TCP windows scaling issues, the current pf version of
OpenBSD-4.1 BETA defaults to  "flags S/SA keep state"  for TCP pass
rules.  Don't know when this feature will make it into FreeBSD ;)

Other issues the OP should look into are the optimizing tips given in


Want to link to this message? Use this URL: <>