Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
bit.listserv.openbsd-pf
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Bad State error analysis
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   1 message - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Michael Grigoni  
View profile  
 More options Aug 21, 4:08 am
Newsgroups: bit.listserv.openbsd-pf
From: michael.grig...@cybertheque.org (Michael Grigoni)
Date: 20 Aug 2009 11:08:10 -0700
Local: Fri, Aug 21 2009 4:08 am
Subject: Bad State error analysis
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
We have a web server behind OpenBSD (version unimportant for this question)
NAT, and client connections stall with bad state errors from 'pf'.  I have
posted a very detailed report of this issue months ago, with links to
debugging logs, rulesets and packet dumps and I have received no
replies.

Web server: 10.0.0.202
OpenBSD router internal IP: 10.0.0.100
OpenBSD router public IP: 216.251.177.106
Remote client host IP: 173.11.57.241

For the moment, I would appreciate an explanation of the error
message below, in the context that it occurs:

Aug 19 21:38:57 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 173.11.57.241:52070 [lo=1500434706 high=1500444842
win=5840 modulator=0] [lo=3893295577 high=3893295828 win=10136 modulator=0] 4:4 PA seq=3893295577 ack=1500434706 len=1448 ackskew=0
pkts=15 dir=out,rev

Here is a fragment of the packet dump on the internal interface, beginning
with the last passed packet before the 'bad state' and ending with the
'bad state' packet:

21:38:55.161593 IP (tos 0x0, ttl 255, id 48774, offset 0, flags [DF], proto TCP (6), length 1500)
     ipx1.cybertheque.net.www > waste.org.52070: Flags [.], seq 3893294129:3893295577, ack 1500434706, win 10136, options
[nop,nop,TS val 456194478 ecr 552342707], length 1448

21:38:55.162808 IP (tos 0x0, ttl 255, id 48775, offset 0, flags [DF], proto TCP (6), length 1500)
     ipx1.cybertheque.net.www > waste.org.52070: Flags [P.], seq 3893295577:3893297025, ack 1500434706, win 10136, options
[nop,nop,TS val 456194478 ecr 552342707], length 1448

Here is a fragment of the packet dump on the external interface, showing the
last passed packet before the 'bad state' (id 48775 isn't passed of course):

21:38:55.163134 IP (tos 0x0, ttl 254, id 48774, offset 0, flags [none], proto TCP (6), length 1500)
     domesys.cybertheque.org.www > waste.org.52070: Flags [.], seq 3893294129:3893295577, ack 1500434706, win 10136, options
[nop,nop,TS val 456194478 ecr 552342707], length 1448

What is wrong here? Is the TS val an issue (duplicated)? I don't see 'bad state'
errors on other packets with duplicate timestamps. This only happens on PUSH
packets, what is the significance of that?

Thanks much,

Michael


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google