From owner-freebsd-stable@FreeBSD.ORG  Fri Jul 13 09:17:45 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 06BA316A402
	for <freebsd-stable@freebsd.org>; Fri, 13 Jul 2007 09:17:45 +0000 (UTC)
	(envelope-from adler@smtp.ru)
Received: from smtp1.pochta.ru (smtp1.pochta.ru [81.211.64.6])
	by mx1.freebsd.org (Postfix) with ESMTP id 3B83613C4A8
	for <freebsd-stable@freebsd.org>; Fri, 13 Jul 2007 09:17:44 +0000 (UTC)
	(envelope-from adler@smtp.ru)
Received: from [195.2.76.131] (helo=suntechnic.mshome.net)
	by smtp.pochta.ru ( sendmail 8.13.3/8.13.1) with esmtpa id
	1I9HHQ-000GuR-QA; Fri, 13 Jul 2007 13:17:41 +0400
Date: Fri, 13 Jul 2007 13:17:33 +0400
From: Alexey Sopov <adler@smtp.ru>
X-Mailer: The Bat! (v3.5) Professional
X-Priority: 3 (Normal)
Message-ID: <1626939090.20070713131733@smtp.ru>
To: "Scott Ullrich" <sullrich@gmail.com>
In-Reply-To: <d5992baf0707120856n31c0480aw6209be33820e3e30@mail.gmail.com>
References: <241432407.20070712131014@smtp.ru>
	<d5992baf0707120856n31c0480aw6209be33820e3e30@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-stable@freebsd.org
Subject: Re[2]: Seems like pf skips some packets.
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: adler <adler@smtp.ru>
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2007 09:17:45 -0000

While thinking about why it happens once in 5 seconds and has only ACK bit
set, I tried to check some timeout variables and found interesting
thing.

These lines are in /etc/pf.conf:
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }

And this I get from pfctl -s timeouts:
TIMEOUTS:
tcp.first                    30s
tcp.opening                   5s
tcp.established           18000s
tcp.closing                  60s
tcp.finwait                  30s
tcp.closed                   30s
tcp.tsdiff                   10s
udp.first                    60s
udp.single                   30s
udp.multiple                 60s
icmp.first                   20s
icmp.error                   10s
other.first                  60s
other.single                 30s
other.multiple               60s
frag                          5s
interval                      2s
adaptive.start                0 states
adaptive.end                  0 states
src.track                     0s

Setting are loaded in pf via /etc/rc.d/pf start

Why do these things differ?

P.S. Sorry for my English.

-- 
 Alexey                           mailto:adler@smtp.ru