FreeBSD 7.0 and pf
Girish Venkatachalam
girishvenkatachalam at gmail.com
Wed Mar 19 01:34:38 PDT 2008
On 07:56:48 Mar 19, Norman Maurer wrote:
> Hi all,
>
> im using freebsd 7.0 + gif interfaces + racoon + pf to filter stuff on
> my box. After upgrading to freebsd 7.0 I see some strange behavior. I
> see packets get dropped because of bad hdr length. The problems only
> seems to happen on traffic between the local nets and nets routed via
> ipsec. Here is a tcpdump snipped:
>
> block in on em5: 192.168.175.4.1107 > 192.168.116.6.22: tcp 544 [bad
> hdr length 12 - too short, < 20]
>
> gif interface:
> gif5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1402
> tunnel inet 213.157.17.67 --> 213.23.198.131
> inet 192.168.116.1 --> 192.168.175.1 netmask 0xffffff00
>
>
> Any help is welcome.
A TCP header can never be less than 20 bytes.
And 12 is odd since all headers are a multiple of 4 bytes (word
boundary).
Check your MTU of the PPPoE/PPPoA/Ethernet/WiFi or whatever datalink
layer. I bet there is a problem there.
Best,
Girish
--
"unix soi qui mal y pense"
UNIX to him who evil thinks
+------------------------------------------------------------------+
| GnuPG key : 0xC7BBF207 | http://wwwkeys.nl.pgp.net |
| Fingerprint: 2AFF C264 20CE C80C DDFF CC15 AD3E F190 C7BB F207 |
+------------------------------------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080319/89ba7208/attachment.pgp
More information about the freebsd-questions
mailing list