From owner-freebsd-questions@FreeBSD.ORG Wed May 7 22:59:30 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA57E1065679 for ; Wed, 7 May 2008 22:59:30 +0000 (UTC) (envelope-from freebsd@violetlan.net) Received: from mail.violetlan.net (mail.violetlan.net [80.81.242.7]) by mx1.freebsd.org (Postfix) with ESMTP id A9ABA8FC27 for ; Wed, 7 May 2008 22:59:30 +0000 (UTC) (envelope-from freebsd@violetlan.net) Received: from mail.violetlan.net (localhost [127.0.0.1]) by mail.violetlan.net (Postfix) with ESMTP id AA86511460 for ; Thu, 8 May 2008 00:02:10 +0100 (BST) Received: from www.violetlan.net (mbali.violetlan.net [10.0.100.150]) by mail.violetlan.net (Postfix) with ESMTP id 78EFE1142B for ; Thu, 8 May 2008 00:02:10 +0100 (BST) Received: from 89.240.55.163 (SquirrelMail authenticated user freebsd@violetlan.net) by www.violetlan.net with HTTP; Thu, 8 May 2008 00:00:32 +0100 (BST) Message-ID: <3184.89.240.55.163.1210201232.squirrel@www.violetlan.net> Date: Thu, 8 May 2008 00:00:32 +0100 (BST) From: "Reinhold" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.5.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV using ClamSMTP Subject: plagued by bad hdr length X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2008 22:59:31 -0000 Hi I'm getting loads of bad hdr length from pf on our router running freebsd 7.0 I've tried just about everything I could find with google. Lowering the mtu on my ng devices from 1492 all the way to 1485, anything lower then that and we can't ssh out of our network and I get loads of time outs every where. I've tried also pretty much every possible solution with the scrub rules in pf, I even disabled it a few times. I honestly don't know what to try next. tcpdump -n -e -tttt -i pflog0 2008-05-07 23:42:06.596965 rule 78/0(match): pass in on ng0: 89.240.55.163.3164 > 192.168.1.5.80: tcp 20 [bad hdr length 8 - too short, < 20] 2008-05-07 23:42:07.051043 rule 78/0(match): pass in on ng0: 89.240.55.163.3165 > 192.168.1.5.80: tcp 20 [bad hdr length 8 - too short, < 20] 2008-05-07 23:42:25.697087 rule 76/0(match): pass in on ng0: 80.81.242.13.51145 > 192.168.1.5.22: tcp 36 [bad hdr length 8 - too short, < 20] 2008-05-07 23:42:30.561467 rule 77/0(match): pass in on ng1: 80.81.242.14.63900 > 192.168.1.5.22: tcp 36 [bad hdr length 8 - too short, < 20] And here are the same log again tcpdump -n -e -tttt -r /var/log/pflog 2008-05-07 23:42:06.596965 rule 78/0(match): pass in on ng0: 89.240.55.163.3164 > 192.168.1.5.80: S 3008361134:3008361134(0) win 16384 2008-05-07 23:42:07.051043 rule 78/0(match): pass in on ng0: 89.240.55.163.3165 > 192.168.1.5.80: S 1482992447:1482992447(0) win 16384 2008-05-07 23:42:25.697087 rule 76/0(match): pass in on ng0: 80.81.242.13.51145 > 192.168.1.5.22: S 555277666:555277666(0) win 65535 2008-05-07 23:42:30.561467 rule 77/0(match): pass in on ng1: 80.81.242.14.63900 > 192.168.1.5.22: S 966982942:966982942(0) win 65535 Here is my ifconfig ng0: flags=88d1 metric 0 mtu 1492 inet wan1-ip --> wan1-gw netmask 0xffffffff ng1: flags=88d1 metric 0 mtu 1492 inet wan2-ip --> wan2-gw netmask 0xffffffff Anyone out there that can lend me a hand with fixing this? Thanks Reinhold