Perhaps I've misread the man page, but it's not obvious to me how to zero the
PF
counters. For example, 'pfctl -si' shows a non-zero congestion counter, and
I'd
like to clear that counter after I think the congestion issue is remedied. But
I see no way to do that (apart from a reboot). How to do this?
Change in subject...
One odd symptom I've experienced is that permitted users will login (SSH) to a
host behind the firewall successfully, work with the system for a few minutes,
then get disconnected suddenly. When I TCP dump from the login host, I see
his/her session established successfully and work begins. Then, a few minutes
after successful flow of traffic both directions, the user's desktop sends a
long flurry of TCP resets as the connection is lost. When I disable PF (pfctl
-d) on the firewall, the symptom vanishes. Now, if the ruleset had handled the
TCP state wrongly, then I would have expected the TCP connection to not have
survived long enough for the user to get several minutes of work done. The
firewall's pflog (block log) shows no packets dropped for these connections,
and
there are no entries for packets dropped due to congestion.
What's an interpretation of this? I am baffled for the moment.
Another change in subject...
The PF man page gives meager detail about the congestion counter. And the only
FAQ items for this that I can find are related to queueing (and I don't have
queues in my ruleset). What is the meaning of a non-zero congestion counter,
and what action is PF taking when the congestion counter is incremented?
Bill
--
William Bloom| Snr Systems Engineer|M P H A S I S Architecting Value | Eldorado
Computing
5353 North 16th Street, Suite 400 Phoenix, Az 85016 | Direct: +11-602-604-3100
|
Fax: +11-602-604-3115| http://www.eldocomp.com
-- CONFIDENTIALITY NOTICE --
Information transmitted by this e-mail is proprietary to MphasiS and/or its
Customers and is intended for use only by the individual or entity to which it
is addressed, and may contain information that is privileged, confidential or
exempt from disclosure under applicable law. If you are not the intended
recipient or it appears that this mail has been forwarded to you without proper
authority, you are notified that any use or dissemination of this information
in any manner is strictly prohibited. In such cases, please notify us
immediately at [EMAIL PROTECTED] and delete this mail from your records.