From owner-freebsd-pf@FreeBSD.ORG Sat Nov 11 23:39:23 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BE7F16A47C for ; Sat, 11 Nov 2006 23:39:23 +0000 (UTC) (envelope-from kimimeister@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 77F9843D5C for ; Sat, 11 Nov 2006 23:39:01 +0000 (GMT) (envelope-from kimimeister@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so714025uge for ; Sat, 11 Nov 2006 15:38:54 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=GLOnLcmgxjSLRGENx81RBUVUSDJ/nHxU08uGZhmuzFPdJt7Z3YsJjB9JAYb+ksRtwwXHlTOJI7aJgXmYj0w1ctDeNY3X3HMMjcxxnZmnHj7net+jmIlXXWpg791KdL4EQbNcbhm/dQWgvkyDs3PCYrFzKTqaPWEwZguENivbxuo= Received: by 10.67.19.17 with SMTP id w17mr5653948ugi.1163288334030; Sat, 11 Nov 2006 15:38:54 -0800 (PST) Received: by 10.67.86.17 with HTTP; Sat, 11 Nov 2006 15:38:53 -0800 (PST) Message-ID: <42b497160611111538g6e07d972r5d0d6a577e43efc4@mail.gmail.com> Date: Sat, 11 Nov 2006 23:38:53 +0000 From: "Kimi Ostro" To: freebsd-pf@freebsd.org In-Reply-To: <20061111232425.GO6819@insomnia.benzedrine.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <42b497160611111207t2e168afdnba91607fd66371d2@mail.gmail.com> <200611112329.43326.max@love2party.net> <42b497160611111504q3a287bf9qa439e62deac62c36@mail.gmail.com> <20061111232425.GO6819@insomnia.benzedrine.cx> Cc: Subject: Re: Having a couple of issues X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Nov 2006 23:39:23 -0000 Hello, On 11/11/06, Daniel Hartmeier wrote: > > These are caused by on off-by-one in pf's state tracking for one special > case: when an RST is sent during the handshake (i.e. SYN, SYN+ACK, RST), > pf compares the sequence number in the RST exactly, and is off by one, > blocking the RST. > > This is recognizable by the strange "State failure on:" line with no > digits (the digit(s) indicate the reason why the state match failed, in > this specific case, and this case only, there is no digit printed). > > It was recently fixed in OpenBSD, IIRC post-4.0. The fix is easy to > port. But I have to wonder why this shows up repeatedly just now. > > Who are those clients aborting their handshake with RST, and why are > they doing it? If the RST is properly passed, it's not like you end up > with a working connection, it's aborted. And if they don't intend to > complete the handshake, why start it? Some silly form of port scanning? > WTF? :) > > Daniel > The clients are users of FreeBSD, KDE and Mozilla Firefox. So I guess it is harmless? am I the only one to have this issue?? I did not find much about it. Think I should have started two threads, another one for the FTP/pftpx problem, silly me. Thank you both! -- Kimi