Hi all,
I have a PF machine that is giving fits. I see a lot of weird behavior.
1) TCP connections (mainly port 80) sometimes take 3 seconds to get
started instead of being virtually instant.
2) Sometimes HTTP connections just stop responding. (Client program
times out waiting for response.)
3)
On Tue, Dec 15, 2009 at 4:55 AM, Ermal Luçi wrote:
> Try enabling sticky connections here.
As a practical matter we don't care if two connections from the same
client go to the same server or not. Is there some reason to suspect
that this option would alter the behavior of single connections, li
On Tue, Dec 15, 2009 at 11:08 AM, Peter Maxwell wrote:
> I'm pretty sure you can run tcpdump against a packet capture from the
> pflog interface on the pf box; that will include fields like
> block/pass and rule number for each packet filtered.
I have done that with "log" on all block rules. The
On Tue, Dec 15, 2009 at 3:33 PM, Peter Maxwell wrote:
> Add in an explicit "pass all" rule at the start and set the
> log keyword on it. Make sure *none* of the web traffic is hitting
> this rule.
> If the box isn't too loaded, you may try using "log (all)" on the pass
> rules (so that ALL packe
Hi all,
I have a 7.2-STABLE machine with the old "hostile client causes Apache
sockets to persist forever in FIN_WAIT_1" problem.
These connections hang forever as long as the client continues to send
packets advertising a 0 window size; I believe this problem is pretty
well-understood. (And ess
