From owner-freebsd-stable  Mon Feb 11  1:50:34 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from d13225.upc-d.chello.nl (d13225.upc-d.chello.nl [213.46.13.225])
	by hub.freebsd.org (Postfix) with ESMTP id 10BBA37B400
	for <stable@freebsd.org>; Mon, 11 Feb 2002 01:50:31 -0800 (PST)
Received: from adv.devet.org (adv.devet.org [192.168.1.2])
	by d13225.upc-d.chello.nl (Postfix) with ESMTP
	id 42332689D; Mon, 11 Feb 2002 10:50:29 +0100 (CET)
Received: by adv.devet.org (Postfix, from userid 100)
	id 9CF8F3F66; Mon, 11 Feb 2002 10:50:23 +0100 (CET)
Date: Mon, 11 Feb 2002 10:50:23 +0100
To: blovett@bsdguru.com
Cc: stable@freebsd.org
Subject: Re: IPF dropping packets randomly
Message-ID: <20020211095023.GA31204@adv.devet.org>
References: <20020208100752.A13206@bsdguru.com> <3C64B5D9.1060306@rshb.com.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020209092201.A64202@bsdguru.com>
User-Agent: Mutt/1.3.27i
X-Newsgroups: list.freebsd.stable
Organization: Eindhoven, the Netherlands
From: devet@devet.org (Arjan de Vet)
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

In article <20020209092201.A64202@bsdguru.com> you write:

>After doing some more looking around, I discovered that my state table
>was full at those points in time.  I also find it peculiar that
>connections to, for example, a IRC server after being closed are set to
>a TTL of 1 minute, while SSH sessions disappear from the state listing
>entirely, only to time out 2 hours later (or so it appears).  Once a
>connection is closed, how does IPF determine how long to leave an entry
>in the state table for?  Is it based on the TTL of a packet finalizing
>the close of the connection?

A connection that has been closed in a normal way (both sides sent a FIN
packet) gets a timeout of 4 minutes. A connection that has only been
half-closed (only one side sent a FIN packet) gets a timeout of 2 hours.

See fr_tcp_age() in ip_state.c for the full algorithm.

Arjan

-- 
Arjan de Vet, Eindhoven, The Netherlands               <devet@devet.org>
URL : http://www.iae.nl/users/devet/            <Arjan.deVet@adv.iae.nl>
Work: http://www.madison-gurkha.com/  (Security, Open Source, Education)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message