From owner-freebsd-current@FreeBSD.ORG Tue Oct 25 19:21:28 2005 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1351116A41F; Tue, 25 Oct 2005 19:21:28 +0000 (GMT) (envelope-from anton@nikiforov.ru) Received: from vika.newlines.ru (anna.newlines.ru [81.13.10.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id F162F43D6E; Tue, 25 Oct 2005 19:21:24 +0000 (GMT) (envelope-from anton@nikiforov.ru) Received: from localhost (unknown [127.0.0.1]) by vika.newlines.ru (Postfix) with ESMTP id 6AFB3114E6; Tue, 25 Oct 2005 23:21:22 +0400 (MSD) Received: from vika.newlines.ru ([127.0.0.1]) by localhost (anna.newlines.ru [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03635-07; Tue, 25 Oct 2005 23:21:17 +0400 (MSD) Received: from [192.168.80.100] (ushakova.office.sportlottery.ru [192.168.80.100]) by vika.newlines.ru (Postfix) with ESMTP; Tue, 25 Oct 2005 23:21:17 +0400 (MSD) Message-ID: <435E85AB.3070701@nikiforov.ru> Date: Tue, 25 Oct 2005 23:21:15 +0400 From: Anton Nikiforov User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: stable@FreeBSD.org Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms000200040006020205040905" X-Virus-Scanned: By amavis at office-gw.newlines.ru Cc: current@freebsd.org Subject: pf and short packets X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: anton@nikiforov.ru List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Oct 2005 19:21:28 -0000 This is a cryptographically signed message in MIME format. --------------ms000200040006020205040905 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Dear ALL! Maybe someone can help me with my problem? I have no adea what is happening with my packets :( I have 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 box running pf. And i have ipcad daemon running (installed from ports) pf.conf says pass quick on lo0 all and when i'm trying to rsh to ipcad that is listening on anna# netstat -a|grep shell tcp4 0 0 localhost.shell *.* LISTEN anna# rsh -l root localhost show ip accounting i got no replay, but pflog says the following: anna# tcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > 127.0.0.1.643: . ack 30 win 65535 0x0000: 4600 002c 6605 4000 0306 11c5 7f00 0001 F..,f.@......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab .............)]. 0x0020: 5db7 f2f2 5010 ffff 7dce 0000 ]...P...}... 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > 127.0.0.1.643: . ack 30 win 65535 0x0000: 4600 002c d21d 4000 0306 a5ac 7f00 0001 F..,..@......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab .............)]. 0x0020: 5db7 f2f2 5010 ffff 7dce 0000 ]...P...}... The rule for this packet is not a "log" one, but the sign (short) is what i cannot understand. The only place i have found this word is in man pflogd (reason why this packet appers in this log) When i'm disabling pf by pfctl -d everything works just fine and i can get my ip accounting. Best regards, Anton Nikiforov --------------ms000200040006020205040905 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGKDCC AuEwggJKoAMCAQICAw6AYzANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNDE2MTEwMzExWhcNMDYwNDE2MTEwMzEx WjBEMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSEwHwYJKoZIhvcNAQkBFhJh bnRvbkBuaWtpZm9yb3YucnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp45jI HORB4RVcbIIDMttb19fW9gb9dIX4CVBbCZSPmX+gpsYUCswB/wcqnF98LoSTIYxiY/hUrENH 5lObA+oEazWWmZQR5MQIgZViQ3H7vJ1KpaQ8tR7atUsCMudFb9Wu4jYgvFbjhYLO0cOFOfhr n99ucG5qpsXwriIbDYLT20xFvsbCk/zlMwPsIfxell+EM87MglUH5uym8LtcWVvfZgzYuNN0 1lJXF4Qs17X3y3XELuuRowdQGZQ6nNM2StTePuOL6J3piVERqhscLIpM9rjfH6nV8HM1+BW3 trgt5rWqzSfFlvxk6MF6cvz06xnE6Yw4FV63lrRzaiwm914/AgMBAAGjPzA9MA4GA1UdDwEB /wQEAwIHgDAdBgNVHREEFjAUgRJhbnRvbkBuaWtpZm9yb3YucnUwDAYDVR0TAQH/BAIwADAN BgkqhkiG9w0BAQQFAAOBgQASvk2h3CLH4S3NOw9yRfEdpHruWxov2mQvsV8qZKwjG8/661ze FmsQhAS18+6hCgK84qNrCINydH06Y5jsAGmwS8r9m+xOPxDKiehmOSsOpSVShzIfWdRx5Ni1 uFvPwH9L6czsOlw0PAQnYEv0jVbel6SA5MUWHwJ8liIGxkhi3jCCAz8wggKooAMCAQICAQ0w DQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx EjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNV BAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQ ZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxA dGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYT AlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQ CjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk 16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAG AQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQ ZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgG A1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNm rGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0 niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx 0x1G/11fZU8xggJEMIICQAIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUg Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h aWwgSXNzdWluZyBDQQIDDoBjMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3 DQEHATAcBgkqhkiG9w0BCQUxDxcNMDUxMDI1MTkyMTE1WjAjBgkqhkiG9w0BCQQxFgQU852Z 0bjItZRjpKxbkNOc76nbOcgwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG 9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZI hvcNAQEBBQAEggEA31wWOjQ2syKGQr7Lv9MwGQbdLnV1VaPkwWm5IHFsE3esAhR7KyTlS57E wTtdY7PTpgOjCVZ+cCXwMPl0njtb9P0pRqg7X7cs9MIAexocajdG/oO7EFnMfTvrFwC18tpD Rxr0Qxwt3DiGOPTFFZ4S+zTUkA736zJ1M3/0bPSvOSHRqukpVlk79pfBuMn4SbUTLfB1jArY 2nkaYMCw7lSVvKLcui4UAtOuaMCBclRbxc8kz6nPM70/u++jnJtKife9bBno0uMtdloXmYhZ VPrX2/DvYUM/jLKunfsweBuvbwS72jEQT1p4pgA1QRfOks5oZr8bsrQKNF8HpmxgJP+LYgAA AAAAAA== --------------ms000200040006020205040905--