looking at a problem for someone on an irc channel, axel thin client
boxes talking to w2k3 terminal server over an openbsd firewall/ipsec gateway,
he sees these (and sessions dropping)..:
Jul 10 13:36:01 xx /bsd: pf: BAD state: TCP out wire: (0)
192.168.87.170:3389 192.168.0.19:1024 stack: (0) - [lo=43119220
high=43184585 win=3072 modulator=0] [lo=746630120 high=746631598
win=65535 modulator=0] 4:4 @-1 A seq=746626478 (746626478)
ack=43119203 len=1024 ackskew=17 pkts=103901:52842 dir=in,rev
Jul 10 13:36:01 xx /bsd: pf: State failure on: 2 |
my initial thought was rules picking up on intermediate packets and missing
wscale but this doesn't seem the case, at least boxes known to do scaling
do show up as expected with wscale= in pfctl -ss -v. looks like they aren't
doing rfc1323 at all - the window size is dubiously low but I guess they
have a crappy embedded tcp implementation with little ram for buffering.
anyone have experience of these boxes at all? I suggested he tries sloppy
for now, any other ideas welcome.
