What is 'modulate tcp'?
modulate state works fine.
I get these errors only with scrub's reassemble tcp option
I originally assumed it was an Apple problem since I only had trouble
with the OS X "Software Update" feature.
Going back to the beginning of this thread - Walter Haidinger appears to
have a similar problem but not with Apple.
I was hoping he could try 'set debug loud' in his pf.conf and check his
/var/log/messages file after testing a problem site.
If he sees messages similar to the one's I've seen maybe we both know a
little more.
-Dan
Mike Frantzen wrote:
You're going to have to turn off 'modulate tcp'. One of the TCP
endpoints isn't following PAWs and stopped sending the TCP
Timestamps or someone is trying to blind hijack the connection.
More info - I ran a test scenario.
Here is a sample of the messages I get via syslog with set debug loud
and scrub with reassemble tcp trying to run OS X's "Software Update".
Jul 19 19:42:37 obsd38 /bsd: pf_normalize_tcp_stateful: Did not receive
expected RFC1323 timestamp
Jul 19 19:42:37 obsd38 /bsd: TCP 192.168.1.14:65108 192.168.1.14:65108
17.250.248.95:80 [lo=4276925920 high=4276942304 win=65535 modulator=0
wscale=0] [lo=708430922 high=708496457 win=16384 modulator=0 wscale=0] 9:4 A
-Dan
--
_ _ _
__| | __ _ _ __ | |__ __ _ ___ ___| | ___ _ __
/ _` |/ _` | '_ \ | '_ \ / _` / __/ __| |/ _ \ '__|
| (_| | (_| | | | | | | | | (_| \__ \__ \ | __/ |
\__,_|\__,_|_| |_| |_| |_|\__,_|___/___/_|\___|_|
[EMAIL PROTECTED]
