[pf4freebsd] Re: [patch] NOINET6 ; port numbers
Pyun YongHyeon
yongari at kt-is.co.kr
Wed Sep 15 20:54:23 PDT 2004
On Thu, Oct 09, 2003 at 08:31:48PM +0700, Michael O. Boev wrote:
> Hello!
>
> It's me again, asking for an IPv6-free port.
> When I build current port (1.66) and define NOINET6,
> the build fails inside pftcpdump.
>
> This simple patch seems to fix the build issue. )
>
> --- freebsd_tcpdump/print-tcp.c.orig Thu Oct 9 20:11:05 2003
> +++ freebsd_tcpdump/print-tcp.c Thu Oct 9 20:11:35 2003
> @@ -406,7 +406,11 @@
> }
>
> /* OS Fingerprint */
> +#ifndef INET6
> + if (oflag && (flags & (TH_SYN|TH_ACK)) == TH_SYN) {
> +#else
> if (oflag && ip6 == NULL && (flags & (TH_SYN|TH_ACK)) == TH_SYN) {
> +#endif
> struct pf_osfp_enlist *head = NULL;
> struct pf_osfp_entry *fp;
> unsigned long left;
>
> P.S. pftcpdump doesn't show tcp/udp ports. It prints colons after
> destination,
> but no number after it. It prints nothing after source address.
>
> gw# pftcpdump -i pflog0
> pftcpdump: WARNING: pflog0: no IPv4 address assigned
> pftcpdump: listening on pflog0
> 20:30:20.670224 213.183.101.200 > 213.183.101.207: [|udp]
> 20:30:32.168202 200-171-18-234.speedyterra.com.br > 1.tric.tomsk.gov.ru:
> [|tcp] (DF) [tos 0x20]
>
> Am I missing something?
This is a valid tcpdump output. It occurrs when you have short snap
length than that of protocol header. Therefore tcpdump can't analyze
full protocol header due to missing information.
Try to increase snap length of pflogd with '-s' option.
(Default snap length should work for most protocols.)
If you didn't change default snap length, there may be other bugs
in pftcpdump. In this case, please tell me more detailed information
in order to reproduce on my box.
(rule set, network setup, the procedure taken to generate the packet,
etc.)
> --
> Best wishes,
> [mike at tric.tomsk.gov.ru].
>
>
Regards,
Pyun YongHyeon
--
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>
More information about the freebsd-pf
mailing list