Daniel Hartmeier wrote: > Can you enable debug logging (pfctl -x m, output in > /var/log/messages) and tcpdump an entire TCP connection (one that > stalls). If you get state mismatches, that is likely related to SACK.
Yep. First two lines, of many, are: Jun 11 10:19:39 cblan-fw /bsd: pf: BAD state: TCP 192.168.40.124:4482 213.155.153.61:8901 128.32.18.176:33188 [lo=1403986123 high=1404010964 win=62500 modulator=0 wscale=4] [lo=3052737168 high=3053668872 win=24840 modulator=0 wscale=0] 4:4 A seq=1403986123 ack=3052668872 len=0 acks kew=68296 pkts=459 dir=out,fwd Jun 11 10:19:39 cblan-fw /bsd: pf: State failure on: 4 | ... Do you want the pcap log ? I should mail that directly as an attachement as it is rather big. > If you need a quick > workaround, you could disable SACK on that client. Time to google. Thanks for the quick response. Peter
