From owner-freebsd-stable@FreeBSD.ORG Wed Oct 26 08:41:43 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51C6016A41F for ; Wed, 26 Oct 2005 08:41:43 +0000 (GMT) (envelope-from anton@nikiforov.ru) Received: from vika.newlines.ru (anna.newlines.ru [81.13.10.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BCC243D46 for ; Wed, 26 Oct 2005 08:41:42 +0000 (GMT) (envelope-from anton@nikiforov.ru) Received: from localhost (unknown [127.0.0.1]) by vika.newlines.ru (Postfix) with ESMTP id 598F91172F; Wed, 26 Oct 2005 12:41:41 +0400 (MSD) Received: from vika.newlines.ru ([127.0.0.1]) by localhost (anna.newlines.ru [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 86766-02; Wed, 26 Oct 2005 12:41:27 +0400 (MSD) Received: from [192.168.80.100] (ushakova.office.sportlottery.ru [192.168.80.100]) by vika.newlines.ru (Postfix) with ESMTP; Wed, 26 Oct 2005 12:41:27 +0400 (MSD) Message-ID: <435F4135.9000405@nikiforov.ru> Date: Wed, 26 Oct 2005 12:41:25 +0400 From: Anton Nikiforov User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: dawnshade References: <435E85AB.3070701@nikiforov.ru> <200510261053.27853.dawnshade@mail.ru> <435F3994.9020801@nikiforov.ru> <200510261220.32300.dawnshade@mail.ru> In-Reply-To: <200510261220.32300.dawnshade@mail.ru> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020309090604030703080305" X-Virus-Scanned: By amavis at office-gw.newlines.ru Cc: freebsd-stable@freebsd.org Subject: Re: pf and short packets X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: anton@nikiforov.ru List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2005 08:41:43 -0000 This is a cryptographically signed message in MIME format. --------------ms020309090604030703080305 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit dawnshade wrote: > On Wednesday 26 October 2005 12:08, Anton Nikiforov wrote: > >> On Tuesday 25 October 2005 23:21, Anton Nikiforov wrote: >> >>>>tcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1 >>>>000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > >>>>127.0.0.1.643: . ack 30 win 65535 >>>> 0x0000: 4600 002c 6605 4000 0306 11c5 7f00 0001 >>>> F..,f.@......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab >>>> .............)]. 0x0020: 5db7 f2f2 5010 ffff 7dce 0000 >>>> ]...P...}... 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 >>>> >>>>127.0.0.1.643: . ack 30 win 65535 >>>> 0x0000: 4600 002c d21d 4000 0306 a5ac 7f00 0001 >>>> F..,..@......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab >>>> .............)]. 0x0020: 5db7 f2f2 5010 ffff 7dce 0000 >>>> ]...P...}... >>>> >>>>The rule for this packet is not a "log" one, but the sign (short) is >>>>what i cannot understand. >>> >>>Read 'man 1 tcpdump' about key "-s". >>>You command must be like "tcpdump -s 1000 -n -e -ttt -x -i pflog0 host >>>127.0.0.1" >>> >>>Change value 1000 to appropriate. >> >>Hi, and thanks for the replay, >>but my question is not about how to use tcpdump (i know -s key), but >>what to do with pf to make this packets pass through. >>When my pf is up i cannot rsh to ipcad, but when it is down - everything >>is working just fine. >>I need this rsh to get my ip statistics. > > > > sorry, i misunderstand you. > can you provide output 'pfctl -sr -g' (at leat sensitive rules before number > 34) > > Hello and thanks again for the replay. Here is the output of pfctl -sr -g. @0 scrub in all fragment reassemble [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] @1 scrub out all random-id fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] @0 pass quick on lo0 all [ Skip steps: p=4 sp=802 da=2 dp=17 ] [ queue: qname= qid=0 pqname= pqid=0 ] I was "playing" with this rule and used to install it in different ways and places. I have no idea what to do with this. I was turning off scrubbing, everything beloew. With no result. All the rest is not about lo0, but here they are (34 out of 9849): @1 block drop in quick inet from 192.168.11.1 to any @2 block drop in log quick on fxp0 inet from any to 224.0.0.0/3 @3 block drop out log quick on fxp0 inet from 224.0.0.0/3 to any @4 block drop in log quick on fxp0 inet proto tcp all flags FPU/FPU @5 block drop in log quick on fxp0 inet proto tcp all flags FS/FSRA @6 block drop in log quick on fxp0 inet proto tcp all flags /FSRA @7 block drop in log on fxp0 proto tcp all @8 block drop in log on fxp0 proto udp all @9 block drop out log on fxp0 proto tcp all @10 block drop out log on fxp0 proto udp all @11 block drop in log on fxp0 proto icmp all @12 block drop out log on fxp0 proto icmp all @13 block return-rst in log on fxp0 proto tcp all @14 block return-rst out log on fxp0 proto tcp all @15 block return-icmp(port-unr, port-unr) in log on fxp0 proto udp all @16 block return-icmp(port-unr, port-unr) out log on fxp0 proto udp all @17 block drop in log on fxp0 proto tcp from any to any port = pop3 @18 block drop in log on fxp0 proto tcp from any to any port = loc-srv @19 block drop in log on fxp0 proto tcp from any to any port = profile @20 block drop in log on fxp0 proto tcp from any to any port = netbios-ns @21 block drop in log on fxp0 proto tcp from any to any port = netbios-dgm @22 block drop in log on fxp0 proto tcp from any to any port = netbios-ssn @23 block drop in log on fxp0 proto tcp from any to any port = microsoft-ds @24 block drop in log on fxp0 proto udp from any to any port = pop3 @25 block drop in log on fxp0 proto udp from any to any port = loc-srv @26 block drop in log on fxp0 proto udp from any to any port = profile @27 block drop in log on fxp0 proto udp from any to any port = netbios-ns @28 block drop in log on fxp0 proto udp from any to any port = netbios-dgm @29 block drop in log on fxp0 proto udp from any to any port = netbios-ssn @30 block drop in log on fxp0 proto udp from any to any port = microsoft-ds @31 block drop out log on fxp0 proto tcp from any to any port = pop3 @32 block drop out log on fxp0 proto tcp from any to any port = loc-srv @33 block drop out log on fxp0 proto tcp from any to any port = profile @34 block drop out log on fxp0 proto tcp from any to any port = netbios-ns Just in case: # pfctl -sr -g | grep lo0 @0 pass quick on lo0 all Best regards, Anton --------------ms020309090604030703080305 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGKDCC AuEwggJKoAMCAQICAw6AYzANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNDE2MTEwMzExWhcNMDYwNDE2MTEwMzEx WjBEMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSEwHwYJKoZIhvcNAQkBFhJh bnRvbkBuaWtpZm9yb3YucnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp45jI HORB4RVcbIIDMttb19fW9gb9dIX4CVBbCZSPmX+gpsYUCswB/wcqnF98LoSTIYxiY/hUrENH 5lObA+oEazWWmZQR5MQIgZViQ3H7vJ1KpaQ8tR7atUsCMudFb9Wu4jYgvFbjhYLO0cOFOfhr n99ucG5qpsXwriIbDYLT20xFvsbCk/zlMwPsIfxell+EM87MglUH5uym8LtcWVvfZgzYuNN0 1lJXF4Qs17X3y3XELuuRowdQGZQ6nNM2StTePuOL6J3piVERqhscLIpM9rjfH6nV8HM1+BW3 trgt5rWqzSfFlvxk6MF6cvz06xnE6Yw4FV63lrRzaiwm914/AgMBAAGjPzA9MA4GA1UdDwEB /wQEAwIHgDAdBgNVHREEFjAUgRJhbnRvbkBuaWtpZm9yb3YucnUwDAYDVR0TAQH/BAIwADAN BgkqhkiG9w0BAQQFAAOBgQASvk2h3CLH4S3NOw9yRfEdpHruWxov2mQvsV8qZKwjG8/661ze FmsQhAS18+6hCgK84qNrCINydH06Y5jsAGmwS8r9m+xOPxDKiehmOSsOpSVShzIfWdRx5Ni1 uFvPwH9L6czsOlw0PAQnYEv0jVbel6SA5MUWHwJ8liIGxkhi3jCCAz8wggKooAMCAQICAQ0w DQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx EjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNV BAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQ ZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxA dGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYT AlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQ CjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk 16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAG AQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQ ZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgG A1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNm rGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0 niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx 0x1G/11fZU8xggJEMIICQAIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUg Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h aWwgSXNzdWluZyBDQQIDDoBjMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3 DQEHATAcBgkqhkiG9w0BCQUxDxcNMDUxMDI2MDg0MTI1WjAjBgkqhkiG9w0BCQQxFgQU2u7m WF1FEZ+EupCPVk8EgfLHYcQwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG 9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZI hvcNAQEBBQAEggEALamsLO7g0nLxyKSRAXvp81nHN5MEkctr7zORSH6CMcJEkjxOCXlDW95j g8BuMNHQBeVgmQhVAN4z2wM+JDTYw2DVV6VvXqdqPpkdvJiDfBJmMuzBdKbWbh/iwc0xsDpL +aRZ7ddV7vwviLjSZrMLUvpC2Fo5L6x2l4hCMorlFlhGj9EiK/SYJC4Qfb50/Tk7vOhmKf5v CHRzXwPqokQsjj4Hjx09RCojOOvIAQaYWMQIylO5KQYhE89DS8xFRkveqVyUfm+WP+UcxQ08 mJ4NKsCLO9Q1fLIcCFXi4QCOVabwy/ur4nk/BaDI02Zd9WKdytG5L7eZAlTa4YdDLasdwAAA AAAAAA== --------------ms020309090604030703080305--