Re: FairQ ALTQ for PF - Patch #2

From: Max Laier <max@xxxxxxxxxxxxxx>
Date: Mon, 7 Apr 2008 01:31:44 +0200

On Monday 07 April 2008 00:36:29 Matthew Dillon wrote:
> :Matthew Dillon wrote:
> :>     This has been running well on my router and doesn't really
> :> effect other ALTQ disciplines so I am going to go ahead and commit
> :> it to clear room to port the probability keyword that Cedric
> :> mentioned, before I get back to finishing up HAMMER.
> :>
> :> 					-Matt
> :
> :For some reason, since a week ago, your servers have been unreachable
> : to Linux clients. The problem can be temporarily bypassed by setting
> : the Linux sysctl net.ipv4.tcp_window_scaling to 0
> :
> :--
> :Robert Luciani
>     It's got to be something PF (packet filter) is doing.  I was using
> a Cisco with the T1.  I'm using a DFly box running PF with the DSL
> line. I'm trying to track it down.

This is usually a symptom of creating state on a TCP packet other than the 
initial SYN.  Make sure you add "flags S/SA" to all your tcp keep state 
rules.  There is plenty on this in the FAQs and lists (freebsd-pf@ and 
the OpenBSD pf list) for more detailed reference.

/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

