From owner-freebsd-current@FreeBSD.ORG Sat Nov 27 14:08:16 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F3D416A4CE; Sat, 27 Nov 2004 14:08:16 +0000 (GMT) Received: from therion.astral-on.net (therion.astral-on.net [193.41.4.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7ACF543D49; Sat, 27 Nov 2004 14:08:14 +0000 (GMT) (envelope-from ad@astral-on.net) Received: from odin.astral-on.net (odin.astral-on.net [193.41.4.6]) iARE7AFs093427; Sat, 27 Nov 2004 16:07:12 +0200 (EET) (envelope-from ad@astral-on.net) Received: from odin.astral-on.net (localhost [127.0.0.1]) by odin.astral-on.net (8.12.8p2/8.12.8) with ESMTP id iARE7Awk027914; Sat, 27 Nov 2004 16:07:10 +0200 (EET) (envelope-from ad@odin.astral-on.net) Received: (from ad@localhost) by odin.astral-on.net (8.12.8p2/8.12.8/Submit) id iARE77BV027913; Sat, 27 Nov 2004 16:07:07 +0200 (EET) Date: Sat, 27 Nov 2004 16:07:07 +0200 From: Andrew Degtiariov To: Daniel Hartmeier Message-ID: <20041127140707.GA20356@astral-on.net> Mail-Followup-To: Daniel Hartmeier , freebsd-net@freebsd.org, freebsd-current@freebsd.org References: <20041126203354.GB81834@astral-on.net> <20041127120149.GE23786@insomnia.benzedrine.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041127120149.GE23786@insomnia.benzedrine.cx> User-Agent: Mutt/1.5.6i X-Mailman-Approved-At: Sun, 28 Nov 2004 13:01:34 +0000 cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: rsh is malfunctioning due to pf X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ad@astral-on.net List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Nov 2004 14:08:16 -0000 On Sat, Nov 27, 2004 at 01:01:49PM +0100, Daniel Hartmeier wrote: > On Fri, Nov 26, 2004 at 10:33:54PM +0200, Andrew Degtiariov wrote: > > > I have ipcad installed on 2 PC's running 5.3-RELEASE and 5-STABLE from > > Nov 21. ipcad (ports/net-mgmt/ipcad) provides ability to control them > > by rsh (ipcad implement rsh server by yourself). While using pf with > > primitive rulesets rsh stops its working. It seems like pf drop short > > packets. > > The 'short' reason is a little overloaded, it can have two meanings. > The less likely case is where the mbuf didn't contain a complete IP > header. More likely, the packet contains IP options, which pf blocks by > default. You can isolate the problem by > > a) enabling debug logging with pfctl -xm and watching the console > or /var/log/messages for messages from 'pf: ' > b) dumping an entire packet that is being blocked, with > tcpdump -s 1600 -nvvvetttSXi pflog0 > c) adding 'allow-opts' to all your pass rules and see if the problem > goes away Yes, allow-opts restored ipcad functionality. Probality need to add warning to pf documentation about this behavior, b/c enabling pf broke multicast (ospf for me) with out rules with allow-opts. I was see note about it exists only in pf.conf (in allow-opts description) and leave out it unnoticed while read this manual page. -- Andrew Degtiariov DA-RIPE