pf: BAD state: TCP...

David Beck dbeck at beckground.hu
Wed Mar 29 09:23:17 PST 2006


Hello,

I have problem with pf and didn't find any information that would help. 
Could you please advise on this? I wanted a simple thing, create a jail, 
and put a squid server into that. It didn't work as expected. Later I 
phased out squid and just wanted to open a TCP connection from the jail 
to the outside world. The interesting thing is that, 4 out of 10 
outgoing connection goes as expected and the rest blocks. Then I started 
to play with pf. My last attempt was that I increased the debug level, 
then I got these messages:

Mar 29 19:16:15 w4 kernel: pf: State failure on: 1       | 5
Mar 29 19:16:27 w4 kernel: pf: BAD state: TCP 10.4.0.127:2567 
OUTSIDE_IP:53042 HOST_TO_CONNECT_IP:80 [lo=2402333945 high=2402391289 
win=57344 modulator=0 wscale=0] [lo=875209420 high=875266764 win=57344 
modulator=0 wscale=0] 11:11 SA seq=1715691499 ack=2402333945 len=0 
ackskew=0 pkts=5:1 dir=in,rev
Mar 29 19:16:27 w4 kernel: pf: State failure on: 1       | 5
Mar 29 19:16:32 w4 kernel: pf: BAD state: TCP 10.4.0.127:2569 
OUTSIDE_IP:64910 HOST_TO_CONNECT_IP:80 [lo=516944989 high=517002333 
win=57344 modulator=0 wscale=0] [lo=3318903594 high=3318960938 win=57344 
modulator=0 wscale=0] 11:11 SA seq=2611208073 ack=516944989 len=0 
ackskew=0 pkts=3:1 dir=in,rev
Mar 29 19:16:32 w4 kernel: pf: State failure on:   2     |   6
Mar 29 19:16:35 w4 kernel: pf: BAD state: TCP 10.4.0.127:2569 
OUTSIDE_IP:64910 HOST_TO_CONNECT_IP:80 [lo=516944989 high=517002333 
win=57344 modulator=0 wscale=0] [lo=3318903594 high=3318960938 win=57344 
modulator=0 wscale=0] 11:11 SA seq=2611208073 ack=516944989 len=0 
ackskew=0 pkts=3:1 dir=in,rev

I found the place in the source where these are generated, but that 
didn't help me. Any ideas?

Thanks in advance,

	David Beck.





More information about the Kernel mailing list