From owner-freebsd-pf@FreeBSD.ORG Tue Nov 4 09:57:49 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B5820106567B for ; Tue, 4 Nov 2008 09:57:49 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA04.emeryville.ca.mail.comcast.net (qmta04.emeryville.ca.mail.comcast.net [76.96.30.40]) by mx1.freebsd.org (Postfix) with ESMTP id 99BFF8FC0A for ; Tue, 4 Nov 2008 09:57:49 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA02.emeryville.ca.mail.comcast.net ([76.96.30.19]) by QMTA04.emeryville.ca.mail.comcast.net with comcast id axxB1a0050QkzPwA4xxpAZ; Tue, 04 Nov 2008 09:57:49 +0000 Received: from koitsu.dyndns.org ([69.181.141.110]) by OMTA02.emeryville.ca.mail.comcast.net with comcast id axxo1a0052P6wsM8Nxxokq; Tue, 04 Nov 2008 09:57:49 +0000 X-Authority-Analysis: v=1.0 c=1 a=T2B_cOh0iMAA:10 a=nl8DGsr-ROMA:10 a=QycZ5dHgAAAA:8 a=hS0_rkcWputuvXv1jKgA:9 a=8i6Y-82Ne3fWIvDrRJAA:7 a=8nvb05qNahQEaUJbPfAdvnoI8v8A:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id 15E44C9419; Tue, 4 Nov 2008 01:57:48 -0800 (PST) Date: Tue, 4 Nov 2008 01:57:48 -0800 From: Jeremy Chadwick To: Matthias Kellermann Message-ID: <20081104095748.GA44045@icarus.home.lan> References: <491012AE.7000409@adminlife.net> <20081104093800.GA43676@icarus.home.lan> <49101B48.2060704@adminlife.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <49101B48.2060704@adminlife.net> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-pf@freebsd.org Subject: Re: rdr rule does not work (bad hdr length) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2008 09:57:49 -0000 On Tue, Nov 04, 2008 at 10:52:08AM +0100, Matthias Kellermann wrote: > Jeremy Chadwick wrote: > > On Tue, Nov 04, 2008 at 10:15:26AM +0100, Matthias Kellermann wrote: > >> # tcpdump -netttvvi pflog0 > >> 000000 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id 26668, > >> offset 0, flags [DF], proto TCP (6), length 60) 192.168.0.51.54460 > > >> 192.168.0.10.23: [|tcp] > >> 000266 rule 0/0(match): pass out on sis0: (tos 0x10, ttl 64, id 25527, > >> offset 0, flags [DF], proto TCP (6), length 44) 192.168.0.51.54460 > > >> 192.168.0.10.23: tcp 24 [bad hdr length 0 - too short, < 20] > >> > >> Anybody has an idea whats wrong here? > > > > This is not a pf problem. tcpdump's snaplen defaults to 56 bytes, which > > is too small when reading from pflog. Use the -s flag to increase the > > snaplen to 256 bytes, for example. > > > > Thanks Jeremy. Did that. This is the output of tcdump after increasing > the snaplen to 256 bytes: > > # tcpdump -s 256 -netttvvi pflog0 > 000000 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id 23993, > offset 0, flags [DF], proto TCP (6), length 60) 192.168.0.51.43758 > > 192.168.0.10.23: S, cksum 0xeb13 (correct), 3072328535:3072328535(0) win > 5840 > 000319 rule 0/0(match): pass out on sis0: (tos 0x10, ttl 64, id 22314, > offset 0, flags [DF], proto TCP (6), length 44) 192.168.0.51.43758 > > 192.168.0.10.23: S, cksum 0x4553 (correct), 108273612:108273612(0) win 0 > > > I still have no clue whats going wrong here. Try changing "synproxy state" to "keep state", and see if you have the same problem. Note that you may need to reset your state table after changing this rule (see pfctl -k). -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |