Date: Sat, 04 Dec 2004 21:24:42 +0100 From: Bernhard Schmidt <berni@birkenwald.de> To: Daniel Hartmeier <daniel@benzedrine.cx> Cc: freebsd-pf@freebsd.org Subject: Re: IPv6 MLD packets blocked Message-ID: <1102191882.12613.39.camel@cholera> In-Reply-To: <20041204200312.GE32076@insomnia.benzedrine.cx> References: <slrncr28gr.ig8.berni@bschmidt.msgid.cybernet-ag.net> <20041204200312.GE32076@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > > http://www.birkenwald.de/~berni/tmp/mld.dump > > The decoded packet looks sane: [...] > This should not be dropped, at least I can't spot where it would be. > > Can you make sure that you don't get _anything_ in /var/log/message with > pfctl -xm when such a packet is dropped? Nothing, I kept it running that way and the only kernel messages I got so far are Dec 4 20:16:51 heimdall kernel: pf_map_addr: selected address 62.245.160.121 with my regular ruleset which is probably NATing or something like that. > If you compare pfctl -si counter before and after a drop, do any of > them increase? I'll have to offload some traffic from the box, unfortunately it has the PPP connection (to my provider) and no display. I could disconnect PPP, but I would still have ssh (probably counting). I can say though that the following counters bad-offset 0 0.0/s fragment 4 0.0/s short 158 0.0/s normalize 0 0.0/s memory 8 0.0/s do not increase when a report is dropped. I can say quite sure that the match counter doesn't increase also (I run the command before and after I sent a packet, if the update of the counter is sufficiently fast it is not in there) and that there is no state for this packet. BTW, I've opened a PR for that, misc/74683 Bernhard
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1102191882.12613.39.camel>