From owner-freebsd-stable Sat Feb 9 9:27:29 2002 Delivered-To: freebsd-stable@freebsd.org Received: from the.oneinsane.net (the.oneinsane.net [66.42.61.25]) by hub.freebsd.org (Postfix) with ESMTP id 79F9037B41A for ; Sat, 9 Feb 2002 09:27:19 -0800 (PST) Received: from venus.bsdguru.com (venus.bsdguru.com [207.113.133.11]) by the.oneinsane.net (Postfix) with ESMTP id 508E215674 for ; Sat, 9 Feb 2002 09:27:18 -0800 (PST) Received: by venus.bsdguru.com (Postfix, from userid 1000) id 627023E66; Sat, 9 Feb 2002 09:27:11 -0800 (PST) Date: Sat, 9 Feb 2002 09:27:11 -0800 From: Ben Lovett To: stable@freebsd.org Subject: Re: IPF dropping packets randomly Message-ID: <20020209092711.A64355@bsdguru.com> Mail-Followup-To: Ben Lovett , stable@freebsd.org References: <20020208100752.A13206@bsdguru.com> <3C64B5D9.1060306@rshb.com.ru> <20020209092201.A64202@bsdguru.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020209092201.A64202@bsdguru.com>; from blovett@bsdguru.com on Sat, Feb 09, 2002 at 09:22:01AM -0800 X-Moon: The Moon is Waning Crescent (7% of Full) X-GPG-Key: http://www.bsdguru.com/~blovett/blovett.pgp X-GPG-Fingerprint: C75F A722 1518 03B8 26C3 77A1 7C76 8AFA EBAB 2004 X-Disclaimer: All things expressed here are my opinions only, and not those of any past, present or future employers. X-Organization: San Diego BSD Users Group [http://www.sdbug.org] X-Operating-System: FreeBSD venus 4.4-STABLE X-Uptime: 9:24AM up 11:24, 10 users, load averages: 0.00, 0.01, 0.00 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I believe Ben Lovett (blovett@bsdguru.com) scribbled this: > After doing some more looking around, I discovered that my state table > was full at those points in time. I also find it peculiar that > connections to, for example, a IRC server after being closed are set to > a TTL of 1 minute, while SSH sessions disappear from the state listing > entirely, only to time out 2 hours later (or so it appears). Once a ^^^ - dealing with this Well, I guess I've just been blind or something, because I just saw a SSH connection time out after a few minutes of being done with it. I retract that statement. But, does anyone have any insight as to why it disappears from view until ipmon reports that it has been closed? (I can't see it in the ipfstat -t output) > connection is closed, how does IPF determine how long to leave an entry > in the state table for? Is it based on the TTL of a packet finalizing > the close of the connection? Thanks, -- Ben Lovett -------------------------------------------------------------------------- If you can't learn to do it well, learn to enjoy doing it badly. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message