Re: rdr pass for proto tcp sometimes creates states with expire time zero and so breaking connections

On Tue, Nov 13, 2018 at 11:17:47PM +0100, Kristof Provost wrote: > On 13 Nov 2018, at 22:01, Andreas Longwitz wrote: > >> > >> Are there any hints why the counter pf_default_rule->states_cur > >> could get a negative value ? > >> > >> I’m afraid I have no idea right now. > >> > > > > OK, in

Re: rdr pass for proto tcp sometimes creates states with expire time zero and so breaking connections

On Tue, Nov 13, 2018 at 10:01:14PM +0100, Andreas Longwitz wrote: A> OK, in the meantime I did some more research and I am now quite sure the A> problem with the bogus pf_default_rule->states_cur counter is not a A> problem in pf. I am convinced it is a problem in counter(9) on i386 A> server. The

Re: rdr pass for proto tcp sometimes creates states with expire time zero and so breaking connections

On 13 Nov 2018, at 22:01, Andreas Longwitz wrote: Are there any hints why the counter pf_default_rule->states_cur could get a negative value ? I’m afraid I have no idea right now. OK, in the meantime I did some more research and I am now quite sure the problem with the bogus pf_def

Re: rdr pass for proto tcp sometimes creates states with expire time zero and so breaking connections

> > Are there any hints why the counter pf_default_rule->states_cur > could get a negative value ? > > I’m afraid I have no idea right now. > OK, in the meantime I did some more research and I am now quite sure the problem with the bogus pf_default_rule->states_cur counter is not a prob