The following reply was made to PR kern/121668; it has been
noted by GNATS.
From: Laurent Frigault <lfrigault agneau.org>
To: Kian Mohageri <kianrestek.wwu.edu>
Cc: bug-followupFreeBSD.org
Subject: Re: kern/121668: connect randomly fails with EPERM
with some pf rules
Date: Thu, 13 Mar 2008 20:16:58 +0100
On Thu, Mar 13, 2008 at 11:29:52AM -0700, Kian Mohageri
wrote:
> Does state-mismatch counter increase when this happens
(pfctl -si)?
I re-run the teste and yes and the state-mismatch counter
increase is
exactly the number of connect failling with EPERM.
> I remember similar behavior and it was caused by
source port reuse on
> the client (so the new connection caused a state
mismatch on an old
> state).
The previous connection are closed.
If the source port can't be reused yet, then the kernel
should use an
other one for the new connection. If it can, then pf should
allow it.
If the connect (SYN) does not match an existing state, The
pf rule
should create a new state.
Am I wrong ?
I don't fixe the source port in my sample and mysql client
don't either.
How can I work around this ?
Regards,
--
Laurent Frigault | <url:http://www.agneau.org/>
_______________________________________________
freebsd-pffreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|
