Date: Thu, 13 Mar 2008 19:20:08 GMT From: Laurent Frigault <lfrigault@agneau.org> To: freebsd-pf@FreeBSD.org Subject: Re: kern/121668: connect randomly fails with EPERM with some pf rules Message-ID: <200803131920.m2DJK8or004452@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/121668; it has been noted by GNATS. From: Laurent Frigault <lfrigault@agneau.org> To: Kian Mohageri <kian@restek.wwu.edu> Cc: bug-followup@FreeBSD.org Subject: Re: kern/121668: connect randomly fails with EPERM with some pf rules Date: Thu, 13 Mar 2008 20:16:58 +0100 On Thu, Mar 13, 2008 at 11:29:52AM -0700, Kian Mohageri wrote: > Does state-mismatch counter increase when this happens (pfctl -si)? I re-run the teste and yes and the state-mismatch counter increase is exactly the number of connect failling with EPERM. > I remember similar behavior and it was caused by source port reuse on > the client (so the new connection caused a state mismatch on an old > state). The previous connection are closed. If the source port can't be reused yet, then the kernel should use an other one for the new connection. If it can, then pf should allow it. If the connect (SYN) does not match an existing state, The pf rule should create a new state. Am I wrong ? I don't fixe the source port in my sample and mysql client don't either. How can I work around this ? Regards, -- Laurent Frigault | <url:http://www.agneau.org/>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803131920.m2DJK8or004452>