Date: Tue, 4 Nov 2008 01:57:48 -0800 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Matthias Kellermann <mk@adminlife.net> Cc: freebsd-pf@freebsd.org Subject: Re: rdr rule does not work (bad hdr length) Message-ID: <20081104095748.GA44045@icarus.home.lan> In-Reply-To: <49101B48.2060704@adminlife.net> References: <491012AE.7000409@adminlife.net> <20081104093800.GA43676@icarus.home.lan> <49101B48.2060704@adminlife.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 04, 2008 at 10:52:08AM +0100, Matthias Kellermann wrote: > Jeremy Chadwick wrote: > > On Tue, Nov 04, 2008 at 10:15:26AM +0100, Matthias Kellermann wrote: > >> # tcpdump -netttvvi pflog0 > >> 000000 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id 26668, > >> offset 0, flags [DF], proto TCP (6), length 60) 192.168.0.51.54460 > > >> 192.168.0.10.23: [|tcp] > >> 000266 rule 0/0(match): pass out on sis0: (tos 0x10, ttl 64, id 25527, > >> offset 0, flags [DF], proto TCP (6), length 44) 192.168.0.51.54460 > > >> 192.168.0.10.23: tcp 24 [bad hdr length 0 - too short, < 20] > >> > >> Anybody has an idea whats wrong here? > > > > This is not a pf problem. tcpdump's snaplen defaults to 56 bytes, which > > is too small when reading from pflog. Use the -s flag to increase the > > snaplen to 256 bytes, for example. > > > > Thanks Jeremy. Did that. This is the output of tcdump after increasing > the snaplen to 256 bytes: > > # tcpdump -s 256 -netttvvi pflog0 > 000000 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id 23993, > offset 0, flags [DF], proto TCP (6), length 60) 192.168.0.51.43758 > > 192.168.0.10.23: S, cksum 0xeb13 (correct), 3072328535:3072328535(0) win > 5840 <mss 1460,sackOK,timestamp 2383598 0,nop,wscale 6> > 000319 rule 0/0(match): pass out on sis0: (tos 0x10, ttl 64, id 22314, > offset 0, flags [DF], proto TCP (6), length 44) 192.168.0.51.43758 > > 192.168.0.10.23: S, cksum 0x4553 (correct), 108273612:108273612(0) win 0 > <mss 1460> > > I still have no clue whats going wrong here. Try changing "synproxy state" to "keep state", and see if you have the same problem. Note that you may need to reset your state table after changing this rule (see pfctl -k). -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081104095748.GA44045>