PF pf logs report BAD state as State failure on 1

sfzhang · Jan 14, 2025

Hello,
I deployed a Qt application as a VNC server on a QNX system which uses BSD Package Filter as firewall. A VNC viewer client running on Linux connects to it.
After running continuously for approximately 3 to 4 days without any user interaction, the VNC viewer became unresponsive.
Then, I touched the screen of the VNC viewer, I observed that the VNC viewer reestablished its connection to the server.

Code:

tcp        0      0 172.16.3.253:42906      172.16.3.254:5901       ESTABLISHED

But on the server side, there were two concurrent connections established:

Code:

tcp6       0      0  ::ffff:172.16.3..5901  ::ffff:172.16.3..42906 ESTABLISHED
tcp6       0      0  ::ffff:172.16.3..5901  ::ffff:172.16.3..42904 ESTABLISHED
tcp6       0      0  *.5901                 *.*                    LISTEN

Here are the logs of pf:

Code:

Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0  pf: BAD state:
Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0  TCP
Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0  172.16.3.254
Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0  :5901
Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0  172.16.3.254
Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0  :5901
Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0  172.16.3.253
Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0  :42904
Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0   [lo=2557846121 high=2557846153 win=12288 modulator=0
Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0   [lo=39015816 high=39028104 win=32 modulator=0
Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0   4:4
Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0   seq=2557846121 ack=39015816 len=106 ackskew=0 pkts=344:1112 dir=in,fwd

Jan 14 09:45:50.909                   iopkt.552983          main_buffer      0  pf: State failure on: 1       |

The pf.conf I used lists as followed:

Code:

set debug loud
#set loginterface rt0

# pre-defines
qnx_intf = "rt0"
table <qnx> const { 172.16.3.254, 172.16.3.248, 172.16.3.240 }
table <internal> const { 172.16.3.0/24 }

# manage queues to restrict bandwidth for each proto
altq on $qnx_intf cbq bandwidth 1000Mb queue { dflt, vnc, rtps, ssh }
queue dflt bandwidth 10% cbq(default)
queue vnc bandwidth 20% priority 7 cbq(borrow red)
queue rtps bandwidth 60% cbq(borrow red)
queue ssh bandwidth 10% priority 0 cbq(red)

# by default deny all access from/to the QNX target
block in log all
block out log all

# port 5900/5901 for VNC port
pass in log-all quick on $qnx_intf proto tcp from <internal> to <qnx> port 5900:5901 keep state queue vnc
pass out log-all quick on $qnx_intf proto tcp from <qnx> port 5900:5901 to <internal> keep state queue vnc

# default rule for internal access
pass in on $qnx_intf from <internal> to <qnx> keep state queue dflt
pass out on $qnx_intf from <qnx> to <internal> keep state queue dflt

What is the meaning of the pf logs? And is it the pf configuration that causes the VNC to function abnormally?

Thanks!

SirDice · Jan 14, 2025

sfzhang said:
I deployed a Qt application as a VNC server on a QNX system which uses BSD Package Filter as firewall.

We only support FreeBSD here mate.

Rule #7: FreeBSD Forums Rules

PF pf logs report BAD state as State failure on 1

sfzhang

SirDice

Administrator