Date: Wed, 19 Mar 2008 10:30:38 +0100 From: Norman Maurer <norman@apache.org> To: girishvenkatachalam@gmail.com Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD 7.0 and pf Message-ID: <1205919038.7011.13.camel@norman-laptop> In-Reply-To: <1205916002.7011.11.camel@norman-laptop> References: <1205909808.7011.9.camel@norman-laptop> <20080319083428.GE28928@saraswathy.madambakam.org> <1205916002.7011.11.camel@norman-laptop>
next in thread | previous in thread | raw e-mail | index | archive | help
Am Mittwoch, den 19.03.2008, 09:40 +0100 schrieb Norman Maurer: > Am Mittwoch, den 19.03.2008, 14:04 +0530 schrieb Girish Venkatachalam: > > On 07:56:48 Mar 19, Norman Maurer wrote: > > > Hi all, > > > > > > im using freebsd 7.0 + gif interfaces + racoon + pf to filter stuff on > > > my box. After upgrading to freebsd 7.0 I see some strange behavior. I > > > see packets get dropped because of bad hdr length. The problems only > > > seems to happen on traffic between the local nets and nets routed via > > > ipsec. Here is a tcpdump snipped: > > > > > > block in on em5: 192.168.175.4.1107 > 192.168.116.6.22: tcp 544 [bad > > > hdr length 12 - too short, < 20] > > > > > > gif interface: > > > gif5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1402 > > > tunnel inet 213.157.17.67 --> 213.23.198.131 > > > inet 192.168.116.1 --> 192.168.175.1 netmask 0xffffff00 > > > > > > > > > Any help is welcome. > > > > A TCP header can never be less than 20 bytes. > > > > And 12 is odd since all headers are a multiple of 4 bytes (word > > boundary). > > > > Check your MTU of the PPPoE/PPPoA/Ethernet/WiFi or whatever datalink > > layer. I bet there is a problem there. > > > > Best, > > Girish > > > Maybe the problem is the mtu of the gif interface ( 1402 ) ? > I have a 4 mbit broadband connection ( no dsl ). > > bye > Norman btw, if i remove pf all works fine :-/ Cheers, Norman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1205919038.7011.13.camel>