From owner-freebsd-pf@FreeBSD.ORG Wed May 14 08:29:02 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC3C11065682 for ; Wed, 14 May 2008 08:29:02 +0000 (UTC) (envelope-from freebsd@violetlan.net) Received: from mail.violetlan.net (ns2.violetlan.net [80.81.242.6]) by mx1.freebsd.org (Postfix) with ESMTP id 4B8968FC1F for ; Wed, 14 May 2008 08:29:02 +0000 (UTC) (envelope-from freebsd@violetlan.net) Received: from mail.violetlan.net (localhost [127.0.0.1]) by mail.violetlan.net (Postfix) with ESMTP id E392E11460 for ; Wed, 14 May 2008 09:32:16 +0100 (BST) Received: from www.violetlan.net (mbali.violetlan.net [10.0.100.150]) by mail.violetlan.net (Postfix) with ESMTP id B127A1142B for ; Wed, 14 May 2008 09:32:16 +0100 (BST) Received: from 217.41.34.61 (SquirrelMail authenticated user freebsd@violetlan.net) by www.violetlan.net with HTTP; Wed, 14 May 2008 09:30:17 +0100 (BST) Message-ID: <52914.217.41.34.61.1210753817.squirrel@www.violetlan.net> Date: Wed, 14 May 2008 09:30:17 +0100 (BST) From: "Reinhold" To: freebsd-pf@freebsd.org User-Agent: SquirrelMail/1.5.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV using ClamSMTP Subject: a few problems with pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2008 08:29:02 -0000 Hi I'm have a few problems with pf on my FreeBSD 7 STABLE systems, I have two running 7 and 4 running 6.3 and the problems are only on my 7 systems. The first problem is that I'm plagued by bad hdr length on both my 7 systems Here are the unames for them FreeBSD host1.name.local 7.0-STABLE FreeBSD 7.0-STABLE #0: Mon May 12 20:22:55 BST 2008 edit@host1.name.local:/usr/obj/usr/src/sys/MYKERN i386 FreeBSD host.name.local 7.0-STABLE FreeBSD 7.0-STABLE #0: Mon May 12 12:45:19 BST 2008 edit@host.name.local:/usr/obj/usr/src/sys/MYKERN i386 >From both of them I see the following when I run tcpdump -n -e -tttt -r /var/log/pflog 2008-05-07 23:42:06.596965 rule 78/0(match): pass in on ng0: 89.240.55.163.3164 > 192.168.1.5.80: tcp 20 [bad hdr length 8 - too short, < 20] 2008-05-07 23:42:07.051043 rule 78/0(match): pass in on ng0: 89.240.55.163.3165 > 192.168.1.5.80: tcp 20 [bad hdr length 8 - too short, < 20] 2008-05-07 23:42:25.697087 rule 76/0(match): pass in on ng0: 80.81.242.13.51145 > 192.168.1.5.22: tcp 36 [bad hdr length 8 - too short, < 20] 2008-05-07 23:42:30.561467 rule 77/0(match): pass in on ng1: 80.81.242.14.63900 > 192.168.1.5.22: tcp 36 [bad hdr length 8 - too short, < 20] And here are the same log again tcpdump -n -e -tttt -r /var/log/pflog 2008-05-07 23:42:06.596965 rule 78/0(match): pass in on ng0: 89.240.55.163.3164 > 192.168.1.5.80: S 3008361134:3008361134(0) win 16384 2008-05-07 23:42:07.051043 rule 78/0(match): pass in on ng0: 89.240.55.163.3165 > 192.168.1.5.80: S 1482992447:1482992447(0) win 16384 2008-05-07 23:42:25.697087 rule 76/0(match): pass in on ng0: 80.81.242.13.51145 > 192.168.1.5.22: S 555277666:555277666(0) win 65535 2008-05-07 23:42:30.561467 rule 77/0(match): pass in on ng1: 80.81.242.14.63900 > 192.168.1.5.22: S 966982942:966982942(0) win 65535 I know these logs are a few days old, but I just enabled pf on host.name.local and I saw the same things on it. I've tried a few variables with my scub rules but none seems to help I've tried all of these #scrub in on $ext_if1 all fragment reassemble max-mss 1452 #scrub out on $ext_if1 all random-id fragment reassemble max-mss 1452 #scrub all random-id max-mss 1452 fragment reassemble scrub all random-id reassemble tcp max-mss 1452 #scrub on $ext_if1 all reassemble tcp Here are the ifconfig for both hosts. host1.name.local ath0: flags=8943 metric 0 mtu 2290 ether 00:0b:6b:0b:62:c8 media: IEEE 802.11 Wireless Ethernet autoselect (autoselect ) status: associated ssid somename channel 2 (2417 Mhz 11g) bssid 00:0b:6b:0b:62:c8 authmode WPA privacy MIXED deftxkey 3 TKIP 2:128-bit TKIP 3:128-bit txpower 31.5 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi11g 7 roam:rate11g 5 protmode CTS burst dtimperiod 1 rl0: flags=8843 metric 0 mtu 1500 options=8 ether 00:04:a7:09:81:80 media: Ethernet autoselect (100baseTX ) status: active rl1: flags=8843 metric 0 mtu 1500 options=8 ether 00:04:a7:09:81:7f media: Ethernet autoselect (100baseTX ) status: active re0: flags=8943 metric 0 mtu 1500 options=3998 ether 00:04:a7:05:88:c0 media: Ethernet autoselect (1000baseTX ) status: active plip0: flags=108810 metric 0 mtu 1500 pflog0: flags=141 metric 0 mtu 33204 bridge0: flags=8843 metric 0 mtu 1500 ether b6:f6:e0:49:1a:ac inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0 flags=143 ifmaxaddr 0 port 7 priority 128 path cost 55 member: ath0 flags=143 ifmaxaddr 0 port 1 priority 128 path cost 370370 ng0: flags=88d1 metric 0 mtu 1492 inet 217.xx.yy.zz --> 217.xx.yyy.zzz netmask 0xffffffff ng1: flags=88d1 metric 0 mtu 1492 inet 217.xy.yyz.zzz --> 217.xx.xyy.zzz netmask 0xffffffff And for host.name.local em0: flags=8943 metric 0 mtu 1500 options=98 ether 00:13:72:5f:89:b9 inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255 media: Ethernet autoselect (1000baseTX ) status: active pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 pflog0: flags=0<> metric 0 mtu 33204 bridge0: flags=8843 metric 0 mtu 1500 ether ce:4a:be:be:bc:cc id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: tap0 flags=143 ifmaxaddr 0 port 7 priority 128 path cost 2000000 member: em0 flags=143 ifmaxaddr 0 port 1 priority 128 path cost 55 tap0: flags=8943 metric 0 mtu 1500 ether 00:bd:e8:60:52:00 Opened by PID 45164 The other weirdness is that on host.name.local /var/log/pflog is not there. tcpdump -n -e -tttt -i pflog0 tcpdump: /var/log/pflog: No such file or directory but tcpdump -n -e -tttt -i pflog0 works fine. In both systems I have the following in the kernel # PF device pf device pflog device pfsync options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_PRIQ These problems only exists in my FreeBSD 7.0-STABLE machines and not in any of the 6.3-STABLE once. The last bit of help I need is to get pf to allow ssh trough to the qemu host. Any help will be appreciated Thanks Reinhold