Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 May 2008 11:28:39 -0500
From:      David DeSimone <fox@verio.net>
To:        freebsd-pf@freebsd.org
Subject:   Re: PF occasionally "losing" packets
Message-ID:  <20080528162839.GA8700@verio.net>
In-Reply-To: <483D5BB9.40900@lgkap.com>
References:  <483D5BB9.40900@lgkap.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

user <user@lgkap.com> wrote:
>
> I seem to have a problem with PF "losing" packets.  With PF enabled
> (7.0-RELEASE) allowed traffic will sometimes get through but more
> often will not.

Are you certain that the packets are not passing, or are they simply not
being logged?  You appear to be assuming that every packet that passes
will be logged via pflog(4).

> pass out quick log all
> pass in quick log on fxp1 proto {tcp,udp} from X.33.195/24 to X.33.10.20 port 53 keep state

Both of your rules specify that state be established ("keep state" is
now explicit in 7.0).  Packet logging is only performed when the
rulebase is matched; once that is done, state is established and packets
matching that state are passed without being logged.

The only way to be sure you are losing traffic is by running tcpdump on
both the internal and external interface, and comparing traffic.

- -- 
David DeSimone == Network Admin == fox@verio.net
"This email message is intended for the use of the person to whom
 it has been sent, and may contain information that is confidential
 or legally protected.  If you are not the intended recipient or have
 received this message in error, you are not authorized to copy, dis-
 tribute, or otherwise use this message or its attachments.  Please
 notify the sender immediately by return e-mail and permanently delete
 this message and any attachments.  Verio, Inc. makes no warranty that
 this email is error or virus free.  Thank you."  --Lawyer Bot 6000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFIPYg3FSrKRjX5eCoRAhoAAKCgj9IB0LY4Iu3AHrXTZPoF+2ramQCfWeV8
tjLhYkVQ3Tq4FlbnJatf5A0=
=wg8t
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080528162839.GA8700>