On Wed, Jun 11, 2003 at 10:30:45AM +0100, Peter Galbavy wrote: > 09:12:46.624222 213.155.153.61.39918 > 128.32.18.176.33113: . [tcp sum ok] > ack 393217 win 62419 <nop,nop,sack 2 {451941:456081} {447889:449269} > (ttl > 127, id 43371)
Hmm, SACK (RFC 2018, 1072). I think normalization will ignore the related TCP options and leave them intact. So does the sequence number tracking code, which might cause problems. Right, Mike? Can you enable debug logging (pfctl -x m, output in /var/log/messages) and tcpdump an entire TCP connection (one that stalls). If you get state mismatches, that is likely related to SACK. If you need a quick workaround, you could disable SACK on that client. Daniel