Date: Fri, 13 Jul 2007 19:50:02 +0200 From: Max Laier <max@love2party.net> To: freebsd-current@freebsd.org Cc: Hugo Silva <hugo@barafranca.com>, Abdullah Ibn Hamad Al-Marri <almarrie@gmail.com> Subject: Re: Spurious RSTs, syncache, and pf weirdness Message-ID: <200707131950.12304.max@love2party.net> In-Reply-To: <499c70c0707130917q41979bc9y5ab69d6fb6454cc0@mail.gmail.com> References: <4697A3BB.90607@barafranca.com> <499c70c0707130917q41979bc9y5ab69d6fb6454cc0@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart3737676.pFfa2h7ix8 Content-Type: multipart/mixed; boundary="Boundary-01=_Ot7lGQXxVc5kRWZ" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_Ot7lGQXxVc5kRWZ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 13 July 2007, Abdullah Ibn Hamad Al-Marri wrote: > On 7/13/07, Hugo Silva <hugo@barafranca.com> wrote: > > But these have been talked about on the lists before. > > > > What's new for me is the following bits of the firewall (pf) logs: > > > > tcpdump: WARNING: pflog0: no IPv4 address assigned > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), > > capture size 96 bytes > > 000000 rule 0/0(match): block unkn(99) on em0: SERVER_IP.52582 > > > 70.87.97.148.80: [|tcp] > > 29. 232416 rule 0/0(match): block unkn(99) on em0: SERVER_IP.53798 > > > 70.87.97.148.80: [|tcp] > > <snip> > > > Notice the unkn(99) and the bad hdr length errors. on 6.2, this > > problem doesn't exist. Is this something new or is it related to the > > spurious rsts & syncache errors ? > > > > > > Best regards, > > > > Hugo > > It's known bug, they are trying to fix it before FreeBSD 7.0-RELEASE. No it's not. It's a known feature. The attached patch fixes it. This=20 needs to go through tcpdump.org, but I haven't had time to take care of=20 it, yet. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-01=_Ot7lGQXxVc5kRWZ Content-Type: text/x-diff; charset="utf-8"; name="pf.41.tcpdump_local.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="pf.41.tcpdump_local.diff" Index: contrib/libpcap/gencode.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/contrib/libpcap/gencode.c,v retrieving revision 1.16 diff -u -r1.16 gencode.c =2D-- contrib/libpcap/gencode.c 4 Sep 2006 19:54:21 -0000 1.16 +++ contrib/libpcap/gencode.c 30 Jun 2007 17:01:13 -0000 @@ -75,7 +75,14 @@ #include "ppp.h" #include "sll.h" #include "arcnet.h" +#ifdef HAVE_NET_PFVAR_H +#include <sys/socket.h> +#include <net/if.h> +#include <net/pfvar.h> +#include <net/if_pflog.h> +#else #include "pf.h" +#endif #ifndef offsetof #define offsetof(s, e) ((size_t)&((s *)0)->e) #endif Index: contrib/libpcap/grammar.y =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/contrib/libpcap/grammar.y,v retrieving revision 1.11 diff -u -r1.11 grammar.y =2D-- contrib/libpcap/grammar.y 4 Sep 2006 19:54:21 -0000 1.11 +++ contrib/libpcap/grammar.y 30 Jun 2007 17:02:55 -0000 @@ -53,7 +53,13 @@ #include "pcap-int.h" =20 #include "gencode.h" +#ifdef HAVE_NET_PFVAR_H +#include <net/if.h> +#include <net/pfvar.h> +#include <net/if_pflog.h> +#else #include "pf.h" +#endif #include <pcap-namedb.h> =20 #ifdef HAVE_OS_PROTO_H Index: contrib/tcpdump/print-pflog.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/contrib/tcpdump/print-pflog.c,v retrieving revision 1.1.1.3 diff -u -r1.1.1.3 print-pflog.c =2D-- contrib/tcpdump/print-pflog.c 4 Sep 2006 20:04:14 -0000 1.1.1.3 +++ contrib/tcpdump/print-pflog.c 30 Jun 2007 17:03:26 -0000 @@ -28,6 +28,16 @@ #include "config.h" #endif =20 +#ifdef HAVE_NET_PFVAR_H +#include <sys/types.h> +#include <sys/socket.h> +#include <net/if.h> +#include <net/pfvar.h> +#include <net/if_pflog.h> +#else +#include "pf.h" +#endif + #include <tcpdump-stdinc.h> =20 #include <stdio.h> @@ -35,7 +45,6 @@ =20 #include "interface.h" #include "addrtoname.h" =2D#include "pf.h" =20 static struct tok pf_reasons[] =3D { { 0, "0(match)" }, Index: lib/libpcap/config.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/lib/libpcap/config.h,v retrieving revision 1.5 diff -u -r1.5 config.h =2D-- lib/libpcap/config.h 29 May 2005 18:12:46 -0000 1.5 +++ lib/libpcap/config.h 30 Jun 2007 17:05:20 -0000 @@ -45,6 +45,9 @@ /* Define to 1 if you have the <memory.h> header file. */ #define HAVE_MEMORY_H 1 =20 +/* Define to 1 if you have the <net/pfvar.h> header file. */ +#define HAVE_NET_PFVAR_H 1 + /* Define to 1 if you have the <netinet/ether.h> header file. */ /* #undef HAVE_NETINET_ETHER_H */ =20 Index: usr.sbin/tcpdump/tcpdump/config.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/usr.sbin/tcpdump/tcpdump/config.h,v retrieving revision 1.7 diff -u -r1.7 config.h =2D-- usr.sbin/tcpdump/tcpdump/config.h 11 Jul 2005 04:14:42 -0000 1.7 +++ usr.sbin/tcpdump/tcpdump/config.h 30 Jun 2007 17:06:34 -0000 @@ -193,6 +193,9 @@ /* Define to 1 if you have the <netdnet/dnetdb.h> header file. */ /* #undef HAVE_NETDNET_DNETDB_H */ =20 +/* Define to 1 if you have the <net/pfvar.h> header file. */ +#define HAVE_NET_PFVAR_H 1 + /* Define to 1 if you have the <netinet/ether.h> header file. */ /* #undef HAVE_NETINET_ETHER_H */ =20 --Boundary-01=_Ot7lGQXxVc5kRWZ-- --nextPart3737676.pFfa2h7ix8 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBGl7tUXyyEoT62BG0RAmSnAJ9SHK5KUZsxgBYT2iF5vT6iJ2bfcACfZ+W+ zq1C6q7+Mgy5TFBwq8PjDqM= =abpn -----END PGP SIGNATURE----- --nextPart3737676.pFfa2h7ix8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707131950.12304.max>