Date: Thu, 8 May 2008 08:50:10 +0100 (BST) From: "Reinhold" <freebsd@violetlan.net> To: "Ansar Mohammed" <ansarm@gmail.com> Cc: freebsd-questions@freebsd.org Subject: RE: plagued by bad hdr length Message-ID: <55450.217.41.34.61.1210233010.squirrel@www.violetlan.net> In-Reply-To: <00cf01c8b099$77abc5d0$67035170$@com> References: <3184.89.240.55.163.1210201232.squirrel@www.violetlan.net> <00cf01c8b099$77abc5d0$67035170$@com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the reply If tried that as well and it didn't help On Thu, May 8, 2008 00:24, Ansar Mohammed wrote: > Yes I had similar issues > > > Try > scrub on ng0 all reassemble tcp scrub on ng1 all reassemble tcp > > > >> -----Original Message----- >> From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- >> questions@freebsd.org] On Behalf Of Reinhold Sent: May 7, 2008 7:01 PM >> To: freebsd-questions@freebsd.org >> Subject: plagued by bad hdr length >> >> >> Hi >> >> >> I'm getting loads of bad hdr length from pf on our router running >> freebsd 7.0 >> >> I've tried just about everything I could find with google. >> >> >> Lowering the mtu on my ng devices from 1492 all the way to 1485, >> anything lower then that and we can't ssh out of our network and I get >> loads of time outs every where. >> >> I've tried also pretty much every possible solution with the scrub >> rules in pf, I even disabled it a few times. >> >> I honestly don't know what to try next. >> >> >> tcpdump -n -e -tttt -i pflog0 2008-05-07 23:42:06.596965 rule >> 78/0(match): pass in on ng0: >> 89.240.55.163.3164 > 192.168.1.5.80: tcp 20 [bad hdr length 8 - too >> short, < 20] 2008-05-07 23:42:07.051043 rule 78/0(match): pass in on ng0: >> 89.240.55.163.3165 > 192.168.1.5.80: tcp 20 [bad hdr length 8 - too >> short, < 20] 2008-05-07 23:42:25.697087 rule 76/0(match): pass in on ng0: >> 80.81.242.13.51145 > 192.168.1.5.22: tcp 36 [bad hdr length 8 - too >> short, < 20] 2008-05-07 23:42:30.561467 rule 77/0(match): pass in on ng1: >> 80.81.242.14.63900 > 192.168.1.5.22: tcp 36 [bad hdr length 8 - too >> short, < 20] >> >> And here are the same log again >> tcpdump -n -e -tttt -r /var/log/pflog 2008-05-07 23:42:06.596965 rule >> 78/0(match): pass in on ng0: >> 89.240.55.163.3164 > 192.168.1.5.80: S 3008361134:3008361134(0) win >> 16384 >> <mss 1360,nop,nop,sackOK> >> 2008-05-07 23:42:07.051043 rule 78/0(match): pass in on ng0: >> 89.240.55.163.3165 > 192.168.1.5.80: S 1482992447:1482992447(0) win >> 16384 >> <mss 1360,nop,nop,sackOK> >> 2008-05-07 23:42:25.697087 rule 76/0(match): pass in on ng0: >> 80.81.242.13.51145 > 192.168.1.5.22: S 555277666:555277666(0) win 65535 >> <mss 1460,nop,wscale 1,nop,nop,timestamp[|tcp]> >> 2008-05-07 23:42:30.561467 rule 77/0(match): pass in on ng1: >> 80.81.242.14.63900 > 192.168.1.5.22: S 966982942:966982942(0) win 65535 >> <mss 1460,nop,wscale 1,nop,nop,timestamp[|tcp]> >> >> >> Here is my ifconfig >> ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric >> 0 >> mtu 1492 inet wan1-ip --> wan1-gw netmask 0xffffffff ng1: >> flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 >> mtu 1492 inet wan2-ip --> wan2-gw netmask 0xffffffff >> >> Anyone out there that can lend me a hand with fixing this? >> >> >> Thanks >> Reinhold >> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions- >> unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55450.217.41.34.61.1210233010.squirrel>