https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236829
Bug ID: 236829
Summary: pf does not respect timeout values at all
Product: Base System
Version: 11.2-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: b...@freebsd.org
Reporter: r...@bytecamp.net
Created attachment 203189
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=203189&action=edit
simple pf.conf
Timeout values (global and per rule) are not recognised. This issue is present
since at least 10.3, I'm now reporting since I have a test case on a machine
with a recent version of FreeBSD (11.2-RELEASE-p8).
Steps to reproduce:
* load attached simple pf.conf
* start local nc in listening mode on port 12345
* telnet inbound (from another machine) to port 12345
* disconnect telnet
* see wrong timeouts in state list
The global timeout for finwait/closing are set to 20/25, the per rule timeouts
are set to 15/10.
The timeouts applied can be check with the command:
# pfctl -vvvss | grep -B2 'rule 2'
1) after establishing client connection:
all tcp x.x.x.x:12345 <- y.y.y.y:53187 ESTABLISHED:ESTABLISHED
[3217899334 + 29312] wscale 6 [1370442108 + 65537] wscale 7
age 00:00:02, expires in 23:59:58, 2:1 pkts, 112:60 bytes, rule 2
2) after closing client connection:
all tcp x.x.x.x:12345 <- y.y.y.y:53187 FIN_WAIT_2:FIN_WAIT_2
[3217899335 + 29312] wscale 6 [1370442110 + 65664] wscale 7
age 00:00:04, expires in 00:01:29, 4:3 pkts, 216:164 bytes, rule 2
So clear to see: neither global timeout nor per rule timeout are applied here.
Instead, the defaults are used (90s for closing).
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
