Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 27 Mar 2019 12:30:33 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 236829] pf does not respect timeout values at all
Message-ID:  <bug-236829-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236829

            Bug ID: 236829
           Summary: pf does not respect timeout values at all
           Product: Base System
           Version: 11.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: rs@bytecamp.net

Created attachment 203189
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D203189&action=
=3Dedit
simple pf.conf

Timeout values (global and per rule) are not recognised. This issue is pres=
ent
since at least 10.3, I'm now reporting since I have a test case on a machine
with a recent version of FreeBSD (11.2-RELEASE-p8).

Steps to reproduce:

* load attached simple pf.conf
* start local nc in listening mode on port 12345
* telnet inbound (from another machine) to port 12345
* disconnect telnet
* see wrong timeouts in state list

The global timeout for finwait/closing are set to 20/25, the per rule timeo=
uts
are set to 15/10.

The timeouts applied can be check with the command:
# pfctl -vvvss | grep -B2 'rule 2'

1) after establishing client connection:

all tcp x.x.x.x:12345 <- y.y.y.y:53187       ESTABLISHED:ESTABLISHED
   [3217899334 + 29312] wscale 6  [1370442108 + 65537] wscale 7
   age 00:00:02, expires in 23:59:58, 2:1 pkts, 112:60 bytes, rule 2

2) after closing client connection:

all tcp x.x.x.x:12345 <- y.y.y.y:53187       FIN_WAIT_2:FIN_WAIT_2
   [3217899335 + 29312] wscale 6  [1370442110 + 65664] wscale 7
   age 00:00:04, expires in 00:01:29, 4:3 pkts, 216:164 bytes, rule 2

So clear to see: neither global timeout nor per rule timeout are applied he=
re.
Instead, the defaults are used (90s for closing).

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236829-227>