On 2009/08/24 01:04, Michael Grigoni wrote: > Michael Grigoni wrote: > > Michael Grigoni wrote: > >> Michael Grigoni wrote: > >>> We have a web server behind NAT; the router runs OpenBSD (version > >>> unimportant for this question), and remote http client connections > >>> stall irrecoverably with bad state errors from 'pf'. > >> > >> Finally discovered a site that has the Hartmeier article mentioned > >> in old mailing list posts, that documents the fields in the 'bad > >> state' syslog messages: > >> > >> http://wiki.gcu.info/doku.php?id=bsd:pf_poilu > >> > >> My error messages show an error of type '1', packet sequence number > >> is greater than 'hi' + window. > > <snip> > > > I will conclude that the strange 'hi' value > > reported in the diagnostic message is due to lack of wscale support > > in my version of pf > > <snip> > > I have patched my 'pf' source files to add TCP window scaling support > and initial tests from the problematic linux host clients shows no > more stalling. Patch is available for kernel 3.2 (no flames please, > this kernel is specially purposed for us; at some point with different > hardware, we will run a newer kernel). > > Michael
So indeed the version *is* important for this question. If you had mentioned it, maybe somebody would have suggested this as a possible cause.
