Date: Wed, 14 May 2008 09:30:17 +0100 (BST) From: "Reinhold" <freebsd@violetlan.net> To: freebsd-pf@freebsd.org Subject: a few problems with pf Message-ID: <52914.217.41.34.61.1210753817.squirrel@www.violetlan.net>
next in thread | raw e-mail | index | archive | help
Hi
I'm have a few problems with pf on my FreeBSD 7 STABLE systems, I have two
running 7 and 4 running 6.3 and the problems are only on my 7 systems.
The first problem is that I'm plagued by bad hdr length on both my 7 systems
Here are the unames for them
FreeBSD host1.name.local 7.0-STABLE FreeBSD 7.0-STABLE #0: Mon May 12
20:22:55 BST 2008 edit@host1.name.local:/usr/obj/usr/src/sys/MYKERN
i386
FreeBSD host.name.local 7.0-STABLE FreeBSD 7.0-STABLE #0: Mon May 12
12:45:19 BST 2008 edit@host.name.local:/usr/obj/usr/src/sys/MYKERN
i386
>From both of them I see the following when I run
tcpdump -n -e -tttt -r /var/log/pflog
2008-05-07 23:42:06.596965 rule 78/0(match): pass in on ng0:
89.240.55.163.3164 > 192.168.1.5.80: tcp 20 [bad hdr length 8 - too
short, < 20]
2008-05-07 23:42:07.051043 rule 78/0(match): pass in on ng0:
89.240.55.163.3165 > 192.168.1.5.80: tcp 20 [bad hdr length 8 - too
short, < 20]
2008-05-07 23:42:25.697087 rule 76/0(match): pass in on ng0:
80.81.242.13.51145 > 192.168.1.5.22: tcp 36 [bad hdr length 8 - too
short, < 20]
2008-05-07 23:42:30.561467 rule 77/0(match): pass in on ng1:
80.81.242.14.63900 > 192.168.1.5.22: tcp 36 [bad hdr length 8 - too
short, < 20]
And here are the same log again
tcpdump -n -e -tttt -r /var/log/pflog
2008-05-07 23:42:06.596965 rule 78/0(match): pass in on ng0:
89.240.55.163.3164 > 192.168.1.5.80: S 3008361134:3008361134(0) win 16384
<mss 1360,nop,nop,sackOK>
2008-05-07 23:42:07.051043 rule 78/0(match): pass in on ng0:
89.240.55.163.3165 > 192.168.1.5.80: S 1482992447:1482992447(0) win 16384
<mss 1360,nop,nop,sackOK>
2008-05-07 23:42:25.697087 rule 76/0(match): pass in on ng0:
80.81.242.13.51145 > 192.168.1.5.22: S 555277666:555277666(0) win 65535
<mss 1460,nop,wscale 1,nop,nop,timestamp[|tcp]>
2008-05-07 23:42:30.561467 rule 77/0(match): pass in on ng1:
80.81.242.14.63900 > 192.168.1.5.22: S 966982942:966982942(0) win 65535
<mss 1460,nop,wscale 1,nop,nop,timestamp[|tcp]>
I know these logs are a few days old, but I just enabled pf on
host.name.local and I saw the same things on it.
I've tried a few variables with my scub rules but none seems to help
I've tried all of these
#scrub in on $ext_if1 all fragment reassemble max-mss 1452
#scrub out on $ext_if1 all random-id fragment reassemble max-mss 1452
#scrub all random-id max-mss 1452 fragment reassemble
scrub all random-id reassemble tcp max-mss 1452
#scrub on $ext_if1 all reassemble tcp
Here are the ifconfig for both hosts.
host1.name.local
ath0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
mtu 2290
ether 00:0b:6b:0b:62:c8
media: IEEE 802.11 Wireless Ethernet autoselect <hostap>
(autoselect <hostap>)
status: associated
ssid somename channel 2 (2417 Mhz 11g) bssid 00:0b:6b:0b:62:c8
authmode WPA privacy MIXED deftxkey 3 TKIP 2:128-bit TKIP 3:128-bit
txpower 31.5 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250
roam:rssi11g 7 roam:rate11g 5 protmode CTS burst dtimperiod 1
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:04:a7:09:81:80
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:04:a7:09:81:7f
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
mtu 1500
options=3998<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
ether 00:04:a7:05:88:c0
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu
1500
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether b6:f6:e0:49:1a:ac
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 7 priority 128 path cost 55
member: ath0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 370370
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0
mtu 1492
inet 217.xx.yy.zz --> 217.xx.yyy.zzz netmask 0xffffffff
ng1: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0
mtu 1492
inet 217.xy.yyz.zzz --> 217.xx.xyy.zzz netmask 0xffffffff
And for host.name.local
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
mtu 1500
options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:13:72:5f:89:b9
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128
pflog0: flags=0<> metric 0 mtu 33204
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether ce:4a:be:be:bc:cc
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 7 priority 128 path cost 2000000
member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 55
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
mtu 1500
ether 00:bd:e8:60:52:00
Opened by PID 45164
The other weirdness is that on host.name.local /var/log/pflog is not there.
tcpdump -n -e -tttt -i pflog0
tcpdump: /var/log/pflog: No such file or directory
but tcpdump -n -e -tttt -i pflog0 works fine.
In both systems I have the following in the kernel
# PF
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_PRIQ
These problems only exists in my FreeBSD 7.0-STABLE machines and not in
any of the 6.3-STABLE once.
The last bit of help I need is to get pf to allow ssh trough to the qemu
host.
Any help will be appreciated
Thanks
Reinhold
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52914.217.41.34.61.1210753817.squirrel>