very odd PF + FreeBSD6.0 problems
Daniel Hartmeier
daniel at benzedrine.cx
Sat Dec 17 00:01:20 PST 2005
On Fri, Dec 16, 2005 at 01:47:59PM -0600, Paul Dokas wrote:
> Bingo (I think). I found the following in the firewall's kernel config:
>
> options HZ=2000
>
> I'm going to get than changed and see if the problem goes away.
I just discovered that this seems to be a know problem with setting HZ,
if only I had searched earlier ;)
Subject: 6-STABLE: HZ>1000, RFC1323 non-compliance, and PF
http://marc.theaimsgroup.com/?t=113476573600004&r=1&w=2
Problem Report kern/61404 : RFC1323 timestamps with HZ > 1000
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/61404
It appears that this is related to the HZ setting on your SSH server
(i.e. one of the TCP endpoints) not any HZ setting on the kernel pf
runs on itself (so it requires a fix in the generic TCP code, not within
pf).
Daniel
More information about the freebsd-pf
mailing list