From owner-freebsd-stable@FreeBSD.ORG  Fri Jul 28 19:30:56 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3769F16A4DD
	for <freebsd-stable@freebsd.org>; Fri, 28 Jul 2006 19:30:56 +0000 (UTC)
	(envelope-from stb@lassitu.de)
Received: from koef.zs64.net (koef.zs64.net [213.238.47.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AE0ED43D5C
	for <freebsd-stable@freebsd.org>; Fri, 28 Jul 2006 19:30:45 +0000 (GMT)
	(envelope-from stb@lassitu.de)
Received: (from stb@koef.zs64.net) (authenticated)
	by koef.zs64.net (8.13.7/8.13.7) with ESMTP id k6SJUVtw008752
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO);
	Fri, 28 Jul 2006 21:30:42 +0200 (CEST) (envelope-from stb@lassitu.de)
In-Reply-To: <p0623092ac0ef1e9c5970@[128.113.24.47]>
References: <p06230928c0ef06a3bafe@[128.113.24.47]>
	<p06230929c0ef1457f11c@[128.113.24.47]>
	<p0623092ac0ef1e9c5970@[128.113.24.47]>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <E2B3FC55-4FD7-406C-A245-837B23DC7408@lassitu.de>
Content-Transfer-Encoding: 7bit
From: Stefan Bethke <stb@lassitu.de>
Date: Fri, 28 Jul 2006 21:30:31 +0200
To: Garance A Drosihn <drosih@rpi.edu>
X-Mailer: Apple Mail (2.752.2)
Cc: freebsd-stable@freebsd.org
Subject: Re: Weird problems with 'pf' (on both 5.x and 6.x)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jul 2006 19:30:56 -0000

Am 28.07.2006 um 03:57 schrieb Garance A Drosihn:

> It occurred to me that it might be more informative to
> see the transaction from the *freebsd* side of things,
> since that's the machine running pf!   So, here is a
> similar set of two lpq's, as seen from the print-server
> side of the connection.  It seems to be telling the
> same basic story, as far as I can tell.

It's just showing that no ACKs come back.  Can you see if anything  
showing pflog0 with tcpdump? That output should also tell you which  
rule forced the rejection.

What I do find curious is that the client keeps using port 1023  
consistently.  I was under the impression that reusing the same port  
number (thus having the same src-ip/port+dst-ip/port tuple) shouldn't  
work, because "old" packets could arrive after the original  
connection was closed; that's what the CLOSE_WAIT state in netstat is.


Stefan

-- 
Stefan Bethke <stb@lassitu.de>   Fon +49 170 346 0140