From owner-freebsd-pf@FreeBSD.ORG Tue Jul 24 21:38:03 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ECC2D106566B for ; Tue, 24 Jul 2012 21:38:03 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from mail1.jellyfishnet.co.uk (mail1.jellyfishnet.co.uk [93.91.20.9]) by mx1.freebsd.org (Postfix) with ESMTP id 856C08FC0C for ; Tue, 24 Jul 2012 21:38:03 +0000 (UTC) Received: from pemexhub01.jellyfishnet.co.uk.local (93.91.20.3) by mail1.jellyfishnet.co.uk (93.91.20.9) with Microsoft SMTP Server (TLS) id 8.1.393.1; Tue, 24 Jul 2012 22:37:56 +0100 Received: from PEMEXMBXVS04.jellyfishnet.co.uk.local ([192.168.65.52]) by pemexhub01.jellyfishnet.co.uk.local ([192.168.65.7]) with mapi; Tue, 24 Jul 2012 22:37:15 +0100 From: Greg Hennessy To: Jason Mattax Date: Tue, 24 Jul 2012 22:37:52 +0100 Thread-Topic: PF suddenly malfunctioned Thread-Index: Ac1pqoX+eH91zKzQTe2nEsTd6S1YwwAObqCg Message-ID: <9EB23F6C23A8B6488E8BCC92A48E83264BB4D27913@PEMEXMBXVS04.jellyfishnet.co.uk.local> References: <20120723100521.GC32530@insomnia.benzedrine.cx> <500E1202.20108@storytotell.org> <20120724070700.GF32530@insomnia.benzedrine.cx> <500EB432.6050803@storytotell.org> In-Reply-To: <500EB432.6050803@storytotell.org> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "jmattax@clanspum.net" , "freebsd-pf@freebsd.org" Subject: RE: PF suddenly malfunctioned X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jul 2012 21:38:04 -0000 >=20 > On 07/24/2012 01:07 AM, Daniel Hartmeier wrote: > > What's the client OS? > > > The client OS for this test is Ubuntu 12.04 LTS >=20 > jmattax@chani:~/pf_debugging$ uname -a > Linux chani 3.2.0-26-generic #41-Ubuntu SMP Thu Jun 14 16:26:01 UTC 2012 > i686 i686 i386 GNU/Linux >=20 > > It looks like it might be an incompatibility between the client and > > the peculiar wikipedia server (or loadbalancer or proxy or whatever > > there is). > > > > Like the GET request gets lost, but the FIN arrives, and the server > > selectively ACKs the FIN, and the client doesn't retransmit the request= . > > You ran the tcpdump for several seconds after the netcat was started? > > Maybe repeat it and wait longer, in case the output is buffered. The > > client should re-transmit. > > >=20 > I initially ran the tcpdumps until the client had nc return and give me a= new > prompt in my shell (that took maybe a second). I just repeated it as abov= e > letting the tcpdumps run longer and it captured the same number of packet= s. >=20 Hi Jason,=20 Try mss clamping the outside interface using the relevant 'scrub' option to= rule out a Path MTU issue.=20 Greg