On Thu, Nov 28, 2002 at 07:53:57PM +0059, Jedi/Sector One wrote: > > The ssh connection to synchron<->brutus isn't by any chance filtered > > statefully, using modulate state? :) > > It is.
Can you try to get a tcpdump -nvvvpSi $INT (-S shows absolute sequence numbers), ideally a couple of packets before pf is disabled, when the endless repetition begins? And show the pfctl -vss entry for the ssh state. Can you repeat it reliably, or did it happen just once? Even if unmodulated packets, by pure chance, have close enough sequence numbers so the stacks consider them late arrivals, each stack would only retransmit after it got a packet from the peer, and that wouldn't saturate the link. Very odd indeed :) Daniel
