Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 2 Jun 2007 17:04:52 +0200
From:      Max Laier <max@love2party.net>
To:        Hugo Koji Kobayashi <koji@registro.br>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: udp fragmentation
Message-ID:  <200706021704.53787.max@love2party.net>
In-Reply-To: <20070531134923.GH39552@registro.br>
References:  <20070528224225.GC40678@registro.br> <200705301002.04911.max@love2party.net> <20070531134923.GH39552@registro.br>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hi Hugo,

On Thursday 31 May 2007, Hugo Koji Kobayashi wrote:
> Please find attached the tests results after enabling extended
> logging.
>
> I've done the test twice, changing dig's "+bufsize" parameter.

looking at your log file, it seems that the packet traverses pf alright:

> ---- Console begin
> pf_normalize_ip: reass frag 11881 @ 0-1480
> pf_normalize_ip: reass frag 11881 @ 1480-2960
> pf_normalize_ip: reass frag 11881 @ 2960-4094
> pf_reassemble: 4094 < 4094?
> pf_reassemble: complete: 0xc4338000(4114)
> ---- Console end
>
> fbsd7# date ; pfctl -si
> Tue May  8 04:15:24 BRT 2007
> No ALTQ support in kernel
> ALTQ related functions disabled
> Status: Enabled for 0 days 00:05:27             Debug: Misc
>
> Hostid: 0xfd3ea603
>
> State Table                          Total             Rate
>   current entries                        3              
>   searches                             405            1.2/s
>   inserts                               40            0.1/s
>   removals                              37            0.1/s
> Counters
>   match                                 40            0.1/s
>   bad-offset                             0            0.0/s
>   fragment                               0            0.0/s
>   short                                  0            0.0/s
>   normalize                              0            0.0/s
>   memory                                 0            0.0/s
>   bad-timestamp                          0            0.0/s
>   congestion                             0            0.0/s
>   ip-option                              0            0.0/s
>   proto-cksum                            0            0.0/s
>   state-mismatch                         0            0.0/s
>   state-insert                           0            0.0/s
>   state-limit                            0            0.0/s
>   src-limit                              0            0.0/s
>   synproxy                               0            0.0/s

So the culprit should be somewhere up the stack. i.e. FreeBSD chokes on 
the already reassembled packet.  Could you also provide netstat -ssp udp 
and netstat -ssp ip from before and after your test to get an idea where 
the packet is lost?  To make sure I understand your setup correctly:  pf 
is running on the DNS server i.e. the destination address of the datagram 
is a local address?

-- 
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706021704.53787.max>