Re: TCP session desyncs

Thu, 30 Mar 2006 04:37:52 -0800 

Daniel Hartmeier wrote:
> Please enable debug logging (pfctl -xm), and repeat the procedure,
> capturing one failing connection from handshake to the point of failure
> as you already did. Then check /var/log/messages for any lines from pf
> related to this connection ('BAD state' messages, likely). Then post
> both.
>   
Indeed...

Messages:
Mar 30 12:04:23 fw0 /bsd: pf: State failure on: 1       |   
Mar 30 12:04:24 fw0 /bsd: pf_map_addr: selected address C'
Mar 30 12:04:24 fw0 last message repeated 10 times
Mar 30 12:04:24 fw0 /bsd: pf: BAD state: TCP S:25 S:25 C:9941
[lo=2363613954 high=2363630270 win=
46 modulator=0] [lo=2151961792 high=2151961838 win=16384 modulator=0]
4:4 FPA seq=2151961792 ack=2363613954 len=59 ackskew=0 pkts=6:
1 dir=in,rev
[repeated]

States:
self tcp S:25 -> C:9941       ESTABLISHED:ESTABLISHED
   [2363613954 + 16316]  [2151961792 + 46]
   age 00:00:11, expires in 04:59:55, 7:1 pkts, 780:52 bytes, rule 1
   id: 43f0a54e0ae28e78 creatorid: 05641fa7
[...]
self tcp C:9941 -> C':58898 -> S:25       ESTABLISHED:ESTABLISHED
   [2151961791 + 5889] wscale 0  [2363613954 + 16316] wscale 7
   age 00:00:11, expires in 04:59:55, 2:7 pkts, 116:780 bytes, rule 1
   id: 43f0a54e0ae28e77 creatorid: 05641fa7

Internal:
12:04:20.429149 C.9941 > S.25: S 2151961791:2151961791(0) win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3978754392 0>
12:04:20.439037 S.25 > C.9941: S 2363613885:2363613885(0) ack 2151961792
win 5792 <mss 1380,sackOK,timestamp 4201632495 3978754392,nop,wscale 7> (DF)
12:04:20.439143 C.9941 > S.25: . ack 1 win 16384 <nop,nop,timestamp
3978754392 4201632495>
12:04:20.439268 C.9941 > S.25: P 1:60(59) ack 1 win 16384
<nop,nop,timestamp 3978754392 4201632495>
12:04:20.439270 C.9941 > S.25: F 60:60(0) ack 1 win 16384
<nop,nop,timestamp 3978754392 4201632495>
12:04:20.449877 S.25 > C.9941: P 1:69(68) ack 1 win 46
<nop,nop,timestamp 4201632506 3978754392> (DF)
12:04:20.449987 C.9941 > S.25: F 60:60(0) ack 69 win 16316
<nop,nop,timestamp 3978754392 4201632506>
[repeats]

External:
12:04:20.429433 C'.58898 > S.25: S 2151961791:2151961791(0) win 16384
<mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3978754392 0>
12:04:20.439018 S.25 > C'.58898: S 2363613885:2363613885(0) ack
2151961792 win 5792 <mss 1380,sackOK,timestamp 4201632495
3978754392,nop,wscale 7> (DF)
12:04:20.439160 C'.58898 > S.25: . ack 1 win 16384 <nop,nop,timestamp
3978754392 4201632495>
12:04:20.449863 S.25 > C'.58898: P 1:69(68) ack 1 win 46
<nop,nop,timestamp 4201632506 3978754392> (DF)
12:04:20.659761 S.25 > C'.58898: P 1:69(68) ack 1 win 46
<nop,nop,timestamp 4201632716 3978754392> (DF)
[repeats]










> Daniel
>

Reply via email to