kernel: pf: state reuse TCP

[cracker1985]

Hello guys,

I am logging messages from pf, and seeing a lot of state reuses. What does it mean, and do I need to fix anything? Many, many messages like:

pf: state reuse TCP out wire: (0) 2ipaddress:port_goes_here
ip_address:port_goes_here stack:
(0) ip_address:port_goes_here ip_address:port_goes_here [lo=39216066
high=39216068 win=16384 mo
dulator=0] [lo=0 high=16384 win=1 modulator=0] 10:10 S

Thank you!

 

[johnblue]

As you may know, PF relies on the source and destination IP addresses/ports to track TCP states. When something has an active connection, but then tries to open the exact same connection again, PF drops it as it looks like spoofed traffic (you should never be opening a connection that's already open).

HTH's