pf and short packets
Anton Nikiforov
anton at nikiforov.ru
Tue Oct 25 12:21:28 PDT 2005
Dear ALL!
Maybe someone can help me with my problem? I have no adea what is
happening with my packets :(
I have 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 box running pf.
And i have ipcad daemon running (installed from ports)
pf.conf says
pass quick on lo0 all
and when i'm trying to rsh to ipcad that is listening on
anna# netstat -a|grep shell
tcp4 0 0 localhost.shell *.* LISTEN
anna# rsh -l root localhost show ip accounting
i got no replay, but pflog says the following:
anna# tcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1
000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 >
127.0.0.1.643: . ack 30 win 65535
0x0000: 4600 002c 6605 4000 0306 11c5 7f00 0001 F..,f. at .........
0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab .............)].
0x0020: 5db7 f2f2 5010 ffff 7dce 0000 ]...P...}...
000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 >
127.0.0.1.643: . ack 30 win 65535
0x0000: 4600 002c d21d 4000 0306 a5ac 7f00 0001 F..,.. at .........
0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab .............)].
0x0020: 5db7 f2f2 5010 ffff 7dce 0000 ]...P...}...
The rule for this packet is not a "log" one, but the sign (short) is
what i cannot understand. The only place i have found this word is in
man pflogd (reason why this packet appers in this log)
When i'm disabling pf by pfctl -d everything works just fine and i can
get my ip accounting.
Best regards,
Anton Nikiforov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2218 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20051025/b2356433/smime.bin
More information about the freebsd-stable
mailing list