[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

problem with states



Hi,

My box is running OpenBSD 3.7, and is working as internet gateway.
I'm observing strange behaviours of pf. Below is fragment od log (after using pfctl -x loud ).


Sep 13 16:23:07 boxname /bsd: pf: loose state match: TCP 10.0.0.11:4390 x.y.z.w:59286 64.92.173.90:80 [lo=54346891 high=54354107 win=65535 modulator=0] [lo=1710949469 high=1711014071 win=7722 modulator=0] 7:9 R seq=1710949469 ack=54346891 len=0 ackskew=0 pkts=9:5
Sep 13 16:23:10 boxname /bsd: pf: loose state match: TCP 10.0.0.14:1248 x.y.z.w:65047 212.77.100.82:80 [lo=1394183958 high=1394190049 win=64240 modulator=0] [lo=2905019109 high=2905083098 win=6648 modulator=0] 4:9 R seq=2905019109 ack=1394183958 len=0 ackskew=0 pkts=5:4
Sep 13 16:23:50 boxname /bsd: pf: dropping packet with ip options
Sep 13 16:24:00 boxname /bsd: pf: BAD state: TCP 10.0.0.14:1273 x.y.z.w:64323 212.77.100.82:80 [lo=1406859129 high=1406865492 win=64240 modulator=0] [lo=3426607773 high=3426671762 win=6936 modulator=0] 4:7 R seq=3426607773 ack=1406859129 len=0 ackskew=0 pkts=5:4 dir=in,rev
Sep 13 16:24:00 boxname /bsd: pf: State failure on: |
Sep 13 16:31:51 boxname /bsd: pf: BAD state: TCP 10.0.0.14:1124 x.y.z.w:51101 217.17.45.133:8074 [lo=1173671282 high=1173677706 win=64240 modulator=0] [lo=3791467175 high=3791530591 win=6432 modulator=0] 4:4 R seq=3791467175 ack=1173671282 len=0 ackskew=0 pkts=31:38 dir=in,rev
Sep 13 16:31:52 boxname /bsd: pf: State failure on: |
Sep 13 16:31:52 boxname /bsd: pf: BAD state: TCP 10.0.0.14:1124 x.y.z.w:51101 217.17.45.133:8074 [lo=1173671282 high=1173677706 win=64240 modulator=0] [lo=3791467175 high=3791530591 win=6432 modulator=0] 4:4 R seq=3791467175 ack=1173671282 len=0 ackskew=0 pkts=32:38 dir=in,rev
Sep 13 16:31:52 boxname /bsd: pf: State failure on: |
Sep 13 16:31:54 boxname /bsd: pf: BAD state: TCP 10.0.0.14:1124 x.y.z.w:51101 217.17.45.133:8074 [lo=1173671282 high=1173677706 win=64240 modulator=0] [lo=3791467175 high=3791530591 win=6432 modulator=0] 4:4 R seq=3791467175 ack=1173671282 len=0 ackskew=0 pkts=33:38 dir=in,rev
Sep 13 16:31:54 boxname /bsd: pf: State failure on: |
Sep 13 16:31:56 boxname /bsd: pf: BAD state: TCP 10.0.0.14:1124 x.y.z.w:51101 217.17.45.133:8074 [lo=1173671282 high=1173677706 win=64240 modulator=0] [lo=3791467175 high=3791530591 win=6432 modulator=0] 4:4 R seq=3791467175 ack=1173671282 len=0 ackskew=0 pkts=34:38 dir=in,rev
Sep 13 16:31:56 boxname /bsd: pf: State failure on: |
Sep 13 16:32:02 boxname /bsd: pf: BAD state: TCP 10.0.0.14:1124 x.y.z.w:51101 217.17.45.133:8074 [lo=1173671282 high=1173677706 win=64240 modulator=0] [lo=3791467175 high=3791530591 win=6432 modulator=0] 4:4 R seq=3791467175 ack=1173671282 len=0 ackskew=0 pkts=35:38 dir=in,rev
Sep 13 16:32:02 boxname /bsd: pf: State failure on: |
Sep 13 16:32:13 boxname /bsd: pf: BAD state: TCP 10.0.0.14:1124 x.y.z.w:51101 217.17.45.133:8074 [lo=1173671282 high=1173677706 win=64240 modulator=0] [lo=3791467175 high=3791530591 win=6432 modulator=0] 4:4 R seq=3791467175 ack=1173671282 len=0 ackskew=0 pkts=36:38 dir=in,rev
Sep 13 16:32:13 boxname /bsd: pf: State failure on: |
Sep 13 16:37:36 boxname /bsd: pf: dropping packet with ip options
Sep 13 16:37:36 boxname /bsd: pf: dropping packet with ip options



As You can see users in my network are using instant messaging program like gadu-gadu. This program works on with only one port (8047) at server side (217.17.45.133:8074). In normal situation this aplication openes one port at client side and there is a 1 TCP connection. A'm observing multiple states from a client to server (217.17.45.133:8074) and for other services on other servers, which need only 1 tcp connection. If You know what to do or why there are state failures, please help.


Regards.