Date: Mon, 11 Feb 2002 10:50:23 +0100 From: devet@devet.org (Arjan de Vet) To: blovett@bsdguru.com Cc: stable@freebsd.org Subject: Re: IPF dropping packets randomly Message-ID: <20020211095023.GA31204@adv.devet.org> In-Reply-To: <20020209092201.A64202@bsdguru.com> References: <20020208100752.A13206@bsdguru.com> <3C64B5D9.1060306@rshb.com.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <20020209092201.A64202@bsdguru.com> you write: >After doing some more looking around, I discovered that my state table >was full at those points in time. I also find it peculiar that >connections to, for example, a IRC server after being closed are set to >a TTL of 1 minute, while SSH sessions disappear from the state listing >entirely, only to time out 2 hours later (or so it appears). Once a >connection is closed, how does IPF determine how long to leave an entry >in the state table for? Is it based on the TTL of a packet finalizing >the close of the connection? A connection that has been closed in a normal way (both sides sent a FIN packet) gets a timeout of 4 minutes. A connection that has only been half-closed (only one side sent a FIN packet) gets a timeout of 2 hours. See fr_tcp_age() in ip_state.c for the full algorithm. Arjan -- Arjan de Vet, Eindhoven, The Netherlands <devet@devet.org> URL : http://www.iae.nl/users/devet/ <Arjan.deVet@adv.iae.nl> Work: http://www.madison-gurkha.com/ (Security, Open Source, Education) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020211095023.GA31204>