From owner-freebsd-questions@FreeBSD.ORG  Wed Mar 19 08:40:12 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CE4A0106566B
	for <freebsd-questions@freebsd.org>;
	Wed, 19 Mar 2008 08:40:12 +0000 (UTC)
	(envelope-from norman@apache.org)
Received: from vs159071.vserver.de (hiphopcorner.de [62.75.159.71])
	by mx1.freebsd.org (Postfix) with ESMTP id 85D978FC1E
	for <freebsd-questions@freebsd.org>;
	Wed, 19 Mar 2008 08:40:12 +0000 (UTC)
	(envelope-from norman@apache.org)
Received: from [10.99.0.2] (unknown [213.188.107.182])
	by vs159071.vserver.de (Postfix) with ESMTP id AB6EABE855C;
	Wed, 19 Mar 2008 08:40:11 +0000 (UTC)
From: Norman Maurer <norman@apache.org>
To: girishvenkatachalam@gmail.com
In-Reply-To: <20080319083428.GE28928@saraswathy.madambakam.org>
References: <1205909808.7011.9.camel@norman-laptop>
	<20080319083428.GE28928@saraswathy.madambakam.org>
Content-Type: text/plain
Date: Wed, 19 Mar 2008 09:40:02 +0100
Message-Id: <1205916002.7011.11.camel@norman-laptop>
Mime-Version: 1.0
X-Mailer: Evolution 2.12.1 
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: FreeBSD 7.0 and pf
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2008 08:40:12 -0000


Am Mittwoch, den 19.03.2008, 14:04 +0530 schrieb Girish Venkatachalam:
> On 07:56:48 Mar 19, Norman Maurer wrote:
> > Hi all,
> > 
> > im using freebsd 7.0  + gif interfaces + racoon + pf to filter stuff on
> > my box. After upgrading to freebsd 7.0 I see some strange behavior. I
> > see packets get dropped because of bad hdr length. The problems only
> > seems to happen on traffic between the local nets and nets routed via
> > ipsec. Here is a tcpdump snipped:
> > 
> > block in on em5: 192.168.175.4.1107 > 192.168.116.6.22:  tcp 544 [bad
> > hdr length 12 - too short, < 20]
> > 
> > gif interface:
> > gif5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1402
> >         tunnel inet 213.157.17.67 --> 213.23.198.131
> >         inet 192.168.116.1 --> 192.168.175.1 netmask 0xffffff00 
> > 
> > 
> > Any help is welcome.
> 
> A TCP header can never be less than 20 bytes.
> 
> And 12 is odd since all headers are a multiple of 4 bytes (word
> boundary).
> 
> Check your MTU of the PPPoE/PPPoA/Ethernet/WiFi or whatever datalink
> layer. I bet there is a problem there.
> 
> Best,
> Girish
> 
Maybe the problem is the mtu of the gif interface ( 1402 ) ?
I have a 4 mbit broadband connection ( no dsl ).

bye
Norman