From owner-freebsd-pf@FreeBSD.ORG  Thu Sep 16 03:54:23 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 674)
	id 20EFF16A4D0; Thu, 16 Sep 2004 03:54:23 +0000 (GMT)
Delivered-To: mlaier@vampire.homelinux.org
Received: (qmail 9385 invoked by uid 1005); 10 Oct 2003 02:39:23 -0000
Delivered-To: max@vampire.homelinux.org
Received: (qmail 9382 invoked from network); 10 Oct 2003 02:39:23 -0000
Received: from moutng.kundenserver.de (212.227.126.183)
  by pd9530134.dip.t-dialin.net with SMTP; 10 Oct 2003 02:39:23 -0000
Received: from [212.227.126.153] (helo=mxng02.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1A7n8x-0000Gf-00
	for max@vampire.homelinux.org; Fri, 10 Oct 2003 04:36:39 +0200
Received: from [206.53.239.180] (helo=turing.freelists.org)
	by mxng02.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1A7n8w-0000a2-00
	for max@love2party.net; Fri, 10 Oct 2003 04:36:38 +0200
Received: from turing (localhost [127.0.0.1])ESMTP
	id B084B391258; Thu,  9 Oct 2003 21:30:37 -0500 (EST)
Received: with ECARTIS (v1.0.0; list pf4freebsd);
	Thu, 09 Oct 2003 21:30:31 -0500 (EST)
X-Original-To: pf4freebsd@freelists.org
Delivered-To: pf4freebsd@freelists.org
Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125])
	ESMTP id 2370D391231
	for <pf4freebsd@freelists.org>; Thu,  9 Oct 2003 21:30:30 -0500 (EST)
Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193])
	(authenticated bits=128)
	by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id h9A2Zs5G019408
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
	for <pf4freebsd@freelists.org>; Fri, 10 Oct 2003 11:35:54 +0900 (KST)
Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1])
	by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h9A2aP9t000882
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <pf4freebsd@freelists.org>; Fri, 10 Oct 2003 11:36:25 +0900 (KST)
	(envelope-from yongari@kt-is.co.kr)
Received: (from yongari@localhost)
	by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h9A2aPCG000881
	for pf4freebsd@freelists.org; Fri, 10 Oct 2003 11:36:25 +0900 (KST)
	(envelope-from yongari@kt-is.co.kr)
From: Pyun YongHyeon <yongari@kt-is.co.kr>
To: pf4freebsd@freelists.org
Message-ID: <20031010023625.GC645@kt-is.co.kr>
References: <GFEGLCJPLEIINPCCACNGAEGACAAA.mike@tric.tomsk.gov.ru>
Mime-Version: 1.0
Content-type: text/plain;
  charset=us-ascii
Content-Disposition: inline
In-Reply-To: <GFEGLCJPLEIINPCCACNGAEGACAAA.mike@tric.tomsk.gov.ru>
User-Agent: Mutt/1.4.1i
X-Filter-Version: 1.11a (ns.kt-is.co.kr)
X-archive-position: 192
X-ecartis-version: Ecartis v1.0.0
Sender: pf4freebsd-bounce@freelists.org
Errors-To: pf4freebsd-bounce@freelists.org
X-original-sender: yongari@kt-is.co.kr
Precedence: normal
X-list: pf4freebsd
Content-Transfer-Encoding: quoted-printable
X-UID: 307
X-Length: 5098
X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000
Subject: [pf4freebsd] Re: [patch] NOINET6 ; port numbers
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Reply-To: pf4freebsd@freelists.org
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
Date: Thu, 16 Sep 2004 03:54:23 -0000
X-Original-Date: Fri, 10 Oct 2003 11:36:25 +0900
X-List-Received-Date: Thu, 16 Sep 2004 03:54:23 -0000

On Thu, Oct 09, 2003 at 08:31:48PM +0700, Michael O. Boev wrote:
 > Hello!
 >=20
 > It's me again, asking for an IPv6-free port.
 > When I build current port (1.66) and define NOINET6,
 > the build fails inside pftcpdump.
 >=20
 > This simple patch seems to fix the build issue. )
 >=20
 > --- freebsd_tcpdump/print-tcp.c.orig    Thu Oct  9 20:11:05 2003
 > +++ freebsd_tcpdump/print-tcp.c Thu Oct  9 20:11:35 2003
 > @@ -406,7 +406,11 @@
 >         }
 >=20
 >         /* OS Fingerprint */
 > +#ifndef INET6
 > +       if (oflag && (flags & (TH_SYN|TH_ACK)) =3D=3D TH_SYN) {
 > +#else
 >         if (oflag && ip6 =3D=3D NULL && (flags & (TH_SYN|TH_ACK)) =3D=3D=
 TH_SYN) {
 > +#endif
 >                 struct pf_osfp_enlist *head =3D NULL;
 >                 struct pf_osfp_entry *fp;
 >                 unsigned long left;
 >=20
 > P.S. pftcpdump doesn't show tcp/udp ports. It prints colons after
 > destination,
 > but no number after it. It prints nothing after source address.
 >=20
 > gw# pftcpdump -i pflog0
 > pftcpdump: WARNING: pflog0: no IPv4 address assigned
 > pftcpdump: listening on pflog0
 > 20:30:20.670224 213.183.101.200 > 213.183.101.207: [|udp]
 > 20:30:32.168202 200-171-18-234.speedyterra.com.br > 1.tric.tomsk.gov.r=
u:
 > [|tcp] (DF) [tos 0x20]
 >=20
 > Am I missing something?

This is a valid tcpdump output. It occurrs when you have short snap
length than that of protocol header. Therefore tcpdump can't analyze
full protocol header due to missing information.
Try to increase snap length of pflogd with '-s' option.
(Default snap length should work for most protocols.)
If you didn't change default snap length, there may be other bugs
in pftcpdump. In this case, please tell me more detailed information
in order to reproduce on my box.
(rule set, network setup, the procedure taken to generate the packet,
etc.)

 > --
 > Best wishes,
 > [mike@tric.tomsk.gov.ru].
 >=20
 >=20

Regards,
Pyun YongHyeon
--=20
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>