Site Navigation

Date:      Wed, 26 Oct 2005 12:41:25 +0400
From:      Anton Nikiforov <anton@nikiforov.ru>
To:        dawnshade <dawnshade@mail.ru>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: pf and short packets
Message-ID:  <435F4135.9000405@nikiforov.ru>
In-Reply-To: <200510261220.32300.dawnshade@mail.ru>
References:  <435E85AB.3070701@nikiforov.ru> <200510261053.27853.dawnshade@mail.ru> <435F3994.9020801@nikiforov.ru> <200510261220.32300.dawnshade@mail.ru>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
dawnshade wrote:

> On Wednesday 26 October 2005 12:08, Anton Nikiforov wrote:
> 
>> On Tuesday 25 October 2005 23:21, Anton Nikiforov wrote:
>>
>>>>tcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1
>>>>000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 >
>>>>127.0.0.1.643: . ack 30 win 65535
>>>>        0x0000:  4600 002c 6605 4000 0306 11c5 7f00 0001
>>>> F..,f.@......... 0x0010:  7f00 0001 0100 0000 0202 0283 8129 5dab
>>>> .............)]. 0x0020:  5db7 f2f2 5010 ffff 7dce 0000          
>>>> ]...P...}... 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514
>>>>
>>>>127.0.0.1.643: . ack 30 win 65535
>>>>        0x0000:  4600 002c d21d 4000 0306 a5ac 7f00 0001
>>>> F..,..@......... 0x0010:  7f00 0001 0100 0000 0202 0283 8129 5dab
>>>> .............)]. 0x0020:  5db7 f2f2 5010 ffff 7dce 0000          
>>>> ]...P...}...
>>>>
>>>>The rule for this packet is not a "log" one, but the sign (short) is
>>>>what i cannot understand.
>>>
>>>Read 'man 1 tcpdump' about key "-s".
>>>You command must be like "tcpdump -s 1000 -n -e -ttt -x -i pflog0 host
>>>127.0.0.1"
>>>
>>>Change value 1000 to appropriate.
>>
>>Hi, and thanks for the replay,
>>but my question is not about how to use tcpdump (i know -s key), but
>>what to do with pf to make this packets pass through.
>>When my pf is up i cannot rsh to ipcad, but when it is down - everything
>>is working just fine.
>>I need this rsh to get my ip statistics.
> 
> 
> 
> sorry, i misunderstand you.
> can you provide output 'pfctl -sr -g' (at leat sensitive rules before number 
> 34)
> 
> 
Hello and thanks again for the replay.
Here is the output of pfctl -sr -g.
@0 scrub in all fragment reassemble
   [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
@1 scrub out all random-id fragment reassemble
   [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
@0 pass quick on lo0 all
   [ Skip steps: p=4 sp=802 da=2 dp=17 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
I was "playing" with this rule and used to install it in different ways 
and places. I have no idea what to do with this.
I was turning off scrubbing, everything beloew. With no result.

All the rest is not about lo0, but here they are (34 out of 9849):

@1 block drop in quick inet from 192.168.11.1 to any
@2 block drop in log quick on fxp0 inet from any to 224.0.0.0/3
@3 block drop out log quick on fxp0 inet from 224.0.0.0/3 to any
@4 block drop in log quick on fxp0 inet proto tcp all flags FPU/FPU
@5 block drop in log quick on fxp0 inet proto tcp all flags FS/FSRA
@6 block drop in log quick on fxp0 inet proto tcp all flags /FSRA
@7 block drop in log on fxp0 proto tcp all
@8 block drop in log on fxp0 proto udp all
@9 block drop out log on fxp0 proto tcp all
@10 block drop out log on fxp0 proto udp all
@11 block drop in log on fxp0 proto icmp all
@12 block drop out log on fxp0 proto icmp all
@13 block return-rst in log on fxp0 proto tcp all
@14 block return-rst out log on fxp0 proto tcp all
@15 block return-icmp(port-unr, port-unr) in log on fxp0 proto udp all
@16 block return-icmp(port-unr, port-unr) out log on fxp0 proto udp all
@17 block drop in log on fxp0 proto tcp from any to any port = pop3
@18 block drop in log on fxp0 proto tcp from any to any port = loc-srv
@19 block drop in log on fxp0 proto tcp from any to any port = profile
@20 block drop in log on fxp0 proto tcp from any to any port = netbios-ns
@21 block drop in log on fxp0 proto tcp from any to any port = netbios-dgm
@22 block drop in log on fxp0 proto tcp from any to any port = netbios-ssn
@23 block drop in log on fxp0 proto tcp from any to any port = microsoft-ds
@24 block drop in log on fxp0 proto udp from any to any port = pop3
@25 block drop in log on fxp0 proto udp from any to any port = loc-srv
@26 block drop in log on fxp0 proto udp from any to any port = profile
@27 block drop in log on fxp0 proto udp from any to any port = netbios-ns
@28 block drop in log on fxp0 proto udp from any to any port = netbios-dgm
@29 block drop in log on fxp0 proto udp from any to any port = netbios-ssn
@30 block drop in log on fxp0 proto udp from any to any port = microsoft-ds
@31 block drop out log on fxp0 proto tcp from any to any port = pop3
@32 block drop out log on fxp0 proto tcp from any to any port = loc-srv
@33 block drop out log on fxp0 proto tcp from any to any port = profile
@34 block drop out log on fxp0 proto tcp from any to any port = netbios-ns

Just in case:
# pfctl -sr -g | grep lo0
@0 pass quick on lo0 all

Best regards,
Anton

[-- Attachment #2 --]
0�	*�H��

��0�

10	+0�	*�H��


��(0��0�J�
�c0
	*�H��


0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
050416110311Z
060416110311Z0D10UThawte Freemail Member1!0	*�H��

	
anton@nikiforov.ru0�
"0
	*�H��



�
0�

�

����A�\l�2�[�����t��	P[	������
�
�*�_|.��!�bc�T�CG�S��k5�������bCq���J��<�ڵK2�Eoծ�6 �Vㅂ��Å9�k��npnj���"
���LE��“��3�!�^�_�3�̂U���\Y[�fظ�t�RW�,׵��u�.둣P�:��6J��>���Q�,�L������s5����-浪�'Ŗ�d��zr�����8^���sj,&�^?

�?0=0U

��0U0�anton@nikiforov.ru0U

�00
	*�H��


���M��"��-�;rE��z�[/�d/�_*d�#���\�k����
��k�rt}:c��i�K����N?ʉ�f9+�%R�2Y�q�ص�[��K���:\4<'`K�Vޗ����|�"�Hb�0�?0���


0
	*�H��


0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��

	
personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0��0
	*�H��



��0����Ħ<UsU�N�ʙZh�up��������[�v�:a�Q�
��P
0�cZ,�p����+�Z�?qV˯<���6$*�+��w=�+��>�@�dק���e��*T�H���<a@dr`��

���0��0U

�0

�
0CU<0:08�6�4�2http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U
0)U"0 �010UPrivateLabel2-1380
	*�H��


��H��P��.�
�f�g�����C���L!��6�-�6/��P �p<���ab��:~�����t�%P�b��'qW%�ݩ�9�� Oe_�������N���4�[5Mw�V!x��!5�$��F�]_eO1�D0�@

0i0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA�c0	+���0	*�H��

	1	*�H��


0	*�H��

	1
051026084125Z0#	*�H��

	1���X]E�����VO���a�0R	*�H��

	1E0C0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0
	*�H��



�
-��,���r�Ȥ�
{��Y�7���k�3�H~�1�D�<N	yC[�c��n0���`�U�3�>$4��`�W�o^�j>����|f2��t��n���1�:K��Y��U��/���f�R�B�Z9/�v��B2��XF��"+��$.}�t�9;��f)�ots_�D,�>�=D*#8��
�X��S�)!�CK�EFKީ\�~o�?��
<��
*��;�5|�U���U������y?���f]�b��ѹ/��T��C-��

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?435F4135.9000405>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact