plagued by bad hdr length

Reinhold freebsd at violetlan.net
Thu May 8 07:49:08 UTC 2008 

Thanks for the reply

If tried that as well and it didn't help



On Thu, May 8, 2008 00:24, Ansar Mohammed wrote:
> Yes I had similar issues
>
>
> Try
> scrub on ng0 all reassemble tcp scrub on ng1 all reassemble tcp
>
>
>
>> -----Original Message-----
>> From: owner-freebsd-questions at freebsd.org [mailto:owner-freebsd-
>> questions at freebsd.org] On Behalf Of Reinhold Sent: May 7, 2008 7:01 PM
>> To: freebsd-questions at freebsd.org
>> Subject: plagued by bad hdr length
>>
>>
>> Hi
>>
>>
>> I'm getting loads of bad hdr length from pf on our router running
>> freebsd 7.0
>>
>> I've tried just about everything I could find with google.
>>
>>
>> Lowering the mtu on my ng devices from 1492 all the way to 1485,
>> anything lower then that and we can't ssh out of our network and I get
>> loads of time outs every where.
>>
>> I've tried also pretty much every possible solution with the scrub
>> rules in pf, I even disabled it a few times.
>>
>> I honestly don't know what to try next.
>>
>>
>> tcpdump -n -e -tttt -i pflog0 2008-05-07 23:42:06.596965 rule
>> 78/0(match): pass in on ng0:
>> 89.240.55.163.3164 > 192.168.1.5.80:  tcp 20 [bad hdr length 8 - too
>> short, < 20] 2008-05-07 23:42:07.051043 rule 78/0(match): pass in on ng0:
>>  89.240.55.163.3165 > 192.168.1.5.80:  tcp 20 [bad hdr length 8 - too
>> short, < 20] 2008-05-07 23:42:25.697087 rule 76/0(match): pass in on ng0:
>>  80.81.242.13.51145 > 192.168.1.5.22:  tcp 36 [bad hdr length 8 - too
>> short, < 20] 2008-05-07 23:42:30.561467 rule 77/0(match): pass in on ng1:
>>  80.81.242.14.63900 > 192.168.1.5.22:  tcp 36 [bad hdr length 8 - too
>> short, < 20]
>>
>> And here are the same log again
>> tcpdump -n -e -tttt -r /var/log/pflog 2008-05-07 23:42:06.596965 rule
>> 78/0(match): pass in on ng0:
>> 89.240.55.163.3164 > 192.168.1.5.80: S 3008361134:3008361134(0) win
>> 16384
>> <mss 1360,nop,nop,sackOK>
>> 2008-05-07 23:42:07.051043 rule 78/0(match): pass in on ng0:
>> 89.240.55.163.3165 > 192.168.1.5.80: S 1482992447:1482992447(0) win
>> 16384
>> <mss 1360,nop,nop,sackOK>
>> 2008-05-07 23:42:25.697087 rule 76/0(match): pass in on ng0:
>> 80.81.242.13.51145 > 192.168.1.5.22: S 555277666:555277666(0) win 65535
>> <mss 1460,nop,wscale 1,nop,nop,timestamp[|tcp]>
>> 2008-05-07 23:42:30.561467 rule 77/0(match): pass in on ng1:
>> 80.81.242.14.63900 > 192.168.1.5.22: S 966982942:966982942(0) win 65535
>> <mss 1460,nop,wscale 1,nop,nop,timestamp[|tcp]>
>>
>>
>> Here is my ifconfig
>> ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric
>> 0
>> mtu 1492 inet wan1-ip --> wan1-gw netmask 0xffffffff ng1:
>> flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0
>> mtu 1492 inet wan2-ip --> wan2-gw netmask 0xffffffff
>>
>> Anyone out there that can lend me a hand with fixing this?
>>
>>
>> Thanks
>> Reinhold
>>
>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-
>> unsubscribe at freebsd.org"
>
>

More information about the freebsd-questions mailing list