Date: Wed, 19 Dec 2007 10:30:54 +0100 From: "Martin Horcicka" <martin@horcicka.eu> To: "Kian Mohageri" <kian.mohageri@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: occasional "Operation not permitted" on state-mismatch Message-ID: <437bc1590712190130l31bdc573jc95f8c385962bfd2@mail.gmail.com> In-Reply-To: <fee88ee40712181144g55727367gf333e44c537d0b47@mail.gmail.com> References: <200712180934.58755.silver.salonen@gmail.com> <fee88ee40712181144g55727367gf333e44c537d0b47@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 18, 2007 8:44 PM, Kian Mohageri <kian.mohageri@gmail.com> wrote: > My guess is that you're re-using a source port and are mismatching an > existing state on the source or destination host (or something in > between) because the state hasn't expired before the new connection > attempt takes place. My guess is the same and this problem can be usually worked around by setting net.inet.ip.portrange.randomized to 0 on the machine where the connection is originated. It does not fix the bug in the FreeBSD's TCP stack but it helps unless there is a very high outgoing connection rate. Martin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?437bc1590712190130l31bdc573jc95f8c385962bfd2>