From owner-freebsd-stable@FreeBSD.ORG  Fri Jul 13 10:51:09 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2549E16A403
	for <freebsd-stable@freebsd.org>; Fri, 13 Jul 2007 10:51:09 +0000 (UTC)
	(envelope-from edward@carrel.org)
Received: from mail6.sea5.speakeasy.net (mail6.sea5.speakeasy.net
	[69.17.117.8]) by mx1.freebsd.org (Postfix) with ESMTP id 026A313C4A7
	for <freebsd-stable@freebsd.org>; Fri, 13 Jul 2007 10:51:08 +0000 (UTC)
	(envelope-from edward@carrel.org)
Received: (qmail 31476 invoked from network); 13 Jul 2007 10:24:27 -0000
Received: from dsl231-050-036.sea1.dsl.speakeasy.net (HELO [192.168.216.4])
	(ecarrel@[216.231.50.36]) (envelope-sender <edward@carrel.org>)
	by mail6.sea5.speakeasy.net (qmail-ldap-1.03) with AES128-SHA encrypted
	SMTP for <freebsd-stable@freebsd.org>; 13 Jul 2007 10:24:27 -0000
In-Reply-To: <1626939090.20070713131733@smtp.ru>
References: <241432407.20070712131014@smtp.ru>
	<d5992baf0707120856n31c0480aw6209be33820e3e30@mail.gmail.com>
	<1626939090.20070713131733@smtp.ru>
Mime-Version: 1.0 (Apple Message framework v752.3)
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <93EA7502-1E14-464F-BD54-D9D7F17BD844@carrel.org>
Content-Transfer-Encoding: 7bit
From: Edward Carrel <edward@carrel.org>
Date: Fri, 13 Jul 2007 03:23:02 -0700
To: adler <adler@smtp.ru>
X-Mailer: Apple Mail (2.752.3)
Cc: freebsd-stable@freebsd.org
Subject: Re: Re[2]: Seems like pf skips some packets.
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2007 10:51:09 -0000


On Jul 13, 2007, at 2:17 AM, Alexey Sopov wrote:

> While thinking about why it happens once in 5 seconds and has only  
> ACK bit
> set, I tried to check some timeout variables and found interesting
> thing.
>
> These lines are in /etc/pf.conf:
> set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
> set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
>
> And this I get from pfctl -s timeouts:
> TIMEOUTS:
> tcp.first                    30s
> tcp.opening                   5s
> tcp.established           18000s
> tcp.closing                  60s
> tcp.finwait                  30s
> tcp.closed                   30s
> tcp.tsdiff                   10s
> udp.first                    60s
> udp.single                   30s
> udp.multiple                 60s
> icmp.first                   20s
> icmp.error                   10s
> other.first                  60s
> other.single                 30s
> other.multiple               60s
> frag                          5s
> interval                      2s
> adaptive.start                0 states
> adaptive.end                  0 states
> src.track                     0s
>
> Setting are loaded in pf via /etc/rc.d/pf start
>
> Why do these things differ?

These are the timeout settings for "set optimization aggressive". If  
it appears after your set timeout lines, then it will take  
precedence. If this doesn't appear within your pf.conf, then this  
probably isn't the pf config file it's loading. If so, that may  
explain your issue with the unblocked packets as well.

Best,

Ed