[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: synproxy issue
From:       "Stephan A. Rickauer" <stephan.rickauer () ini ! phys ! ethz ! ch>
Date:       2008-12-05 14:27:05
Message-ID: 1228487225.7339.12.camel () x300
[Download RAW message or body]

On Fri, 2008-12-05 at 06:01 -0700, Darrin Chandler wrote:
> Stephan,
> 
> On Fri, Dec 05, 2008 at 09:14:10AM +0100, Stephan A. Rickauer wrote:
> > 
> > $ lynx -dump -head http://cds.sun.com
> > 
> > The matching pf rule is:
> >  pass in log quick inet proto tcp to port http synproxy state
> > (with default pass out policy)
> > 
> > However, the http connection stalls. Changing the above rule to:
> >  pass in log quick inet proto tcp to port http modulate state
> > 
> > "fixes" the stall and the header is transmitted by the webserver just
> > fine.
> 
> Does this happen with hosts other than cds.sun.com?

I have witnessed it myself with a different site that I completed a
checkout with. I can't reproduce it again without ordering more stuff ;)

Even if it is likely a 'sun' problem I thought I'd better report it
here, since it might be a possible border case that could trigger a
wrong synproxy behaviour. Were the tcpdump's helpful at all?

-- 

 Stephan A. Rickauer

 -----------------------------------------------------------
 Institute of Neuroinformatics         Tel  +41 44 635 30 50
 University / ETH Zurich               Sec  +41 44 635 30 52
 Winterthurerstrasse 190               Fax  +41 44 635 30 53
 CH-8057 Zurich                        Web    www.ini.uzh.ch
[prev in list] [next in list] [prev in thread] [next in thread]