Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 27 Nov 2004 13:01:49 +0100
From:      Daniel Hartmeier <daniel@benzedrine.cx>
To:        freebsd-net@freebsd.org, freebsd-current@freebsd.org
Subject:   Re: rsh is malfunctioning due to pf
Message-ID:  <20041127120149.GE23786@insomnia.benzedrine.cx>
In-Reply-To: <20041126203354.GB81834@astral-on.net>
References:  <20041126203354.GB81834@astral-on.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 26, 2004 at 10:33:54PM +0200, Andrew Degtiariov wrote:

> I have ipcad installed on 2 PC's running 5.3-RELEASE and 5-STABLE from
> Nov 21. ipcad (ports/net-mgmt/ipcad) provides ability to control them
> by rsh (ipcad implement rsh server by yourself). While using pf with
> primitive rulesets rsh stops its working. It seems like pf drop short
> packets.

The 'short' reason is a little overloaded, it can have two meanings.
The less likely case is where the mbuf didn't contain a complete IP
header. More likely, the packet contains IP options, which pf blocks by
default. You can isolate the problem by

  a) enabling debug logging with pfctl -xm and watching the console
     or /var/log/messages for messages from 'pf: '
  b) dumping an entire packet that is being blocked, with
     tcpdump -s 1600 -nvvvetttSXi pflog0
  c) adding 'allow-opts' to all your pass rules and see if the problem
     goes away

Daniel



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041127120149.GE23786>