Date: Wed, 26 Oct 2005 12:41:25 +0400 From: Anton Nikiforov <anton@nikiforov.ru> To: dawnshade <dawnshade@mail.ru> Cc: freebsd-stable@freebsd.org Subject: Re: pf and short packets Message-ID: <435F4135.9000405@nikiforov.ru> In-Reply-To: <200510261220.32300.dawnshade@mail.ru> References: <435E85AB.3070701@nikiforov.ru> <200510261053.27853.dawnshade@mail.ru> <435F3994.9020801@nikiforov.ru> <200510261220.32300.dawnshade@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms020309090604030703080305 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit dawnshade wrote: > On Wednesday 26 October 2005 12:08, Anton Nikiforov wrote: > >> On Tuesday 25 October 2005 23:21, Anton Nikiforov wrote: >> >>>>tcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1 >>>>000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > >>>>127.0.0.1.643: . ack 30 win 65535 >>>> 0x0000: 4600 002c 6605 4000 0306 11c5 7f00 0001 >>>> F..,f.@......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab >>>> .............)]. 0x0020: 5db7 f2f2 5010 ffff 7dce 0000 >>>> ]...P...}... 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 >>>> >>>>127.0.0.1.643: . ack 30 win 65535 >>>> 0x0000: 4600 002c d21d 4000 0306 a5ac 7f00 0001 >>>> F..,..@......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab >>>> .............)]. 0x0020: 5db7 f2f2 5010 ffff 7dce 0000 >>>> ]...P...}... >>>> >>>>The rule for this packet is not a "log" one, but the sign (short) is >>>>what i cannot understand. >>> >>>Read 'man 1 tcpdump' about key "-s". >>>You command must be like "tcpdump -s 1000 -n -e -ttt -x -i pflog0 host >>>127.0.0.1" >>> >>>Change value 1000 to appropriate. >> >>Hi, and thanks for the replay, >>but my question is not about how to use tcpdump (i know -s key), but >>what to do with pf to make this packets pass through. >>When my pf is up i cannot rsh to ipcad, but when it is down - everything >>is working just fine. >>I need this rsh to get my ip statistics. > > > > sorry, i misunderstand you. > can you provide output 'pfctl -sr -g' (at leat sensitive rules before number > 34) > > Hello and thanks again for the replay. Here is the output of pfctl -sr -g. @0 scrub in all fragment reassemble [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] @1 scrub out all random-id fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] @0 pass quick on lo0 all [ Skip steps: p=4 sp=802 da=2 dp=17 ] [ queue: qname= qid=0 pqname= pqid=0 ] I was "playing" with this rule and used to install it in different ways and places. I have no idea what to do with this. I was turning off scrubbing, everything beloew. With no result. All the rest is not about lo0, but here they are (34 out of 9849): @1 block drop in quick inet from 192.168.11.1 to any @2 block drop in log quick on fxp0 inet from any to 224.0.0.0/3 @3 block drop out log quick on fxp0 inet from 224.0.0.0/3 to any @4 block drop in log quick on fxp0 inet proto tcp all flags FPU/FPU @5 block drop in log quick on fxp0 inet proto tcp all flags FS/FSRA @6 block drop in log quick on fxp0 inet proto tcp all flags /FSRA @7 block drop in log on fxp0 proto tcp all @8 block drop in log on fxp0 proto udp all @9 block drop out log on fxp0 proto tcp all @10 block drop out log on fxp0 proto udp all @11 block drop in log on fxp0 proto icmp all @12 block drop out log on fxp0 proto icmp all @13 block return-rst in log on fxp0 proto tcp all @14 block return-rst out log on fxp0 proto tcp all @15 block return-icmp(port-unr, port-unr) in log on fxp0 proto udp all @16 block return-icmp(port-unr, port-unr) out log on fxp0 proto udp all @17 block drop in log on fxp0 proto tcp from any to any port = pop3 @18 block drop in log on fxp0 proto tcp from any to any port = loc-srv @19 block drop in log on fxp0 proto tcp from any to any port = profile @20 block drop in log on fxp0 proto tcp from any to any port = netbios-ns @21 block drop in log on fxp0 proto tcp from any to any port = netbios-dgm @22 block drop in log on fxp0 proto tcp from any to any port = netbios-ssn @23 block drop in log on fxp0 proto tcp from any to any port = microsoft-ds @24 block drop in log on fxp0 proto udp from any to any port = pop3 @25 block drop in log on fxp0 proto udp from any to any port = loc-srv @26 block drop in log on fxp0 proto udp from any to any port = profile @27 block drop in log on fxp0 proto udp from any to any port = netbios-ns @28 block drop in log on fxp0 proto udp from any to any port = netbios-dgm @29 block drop in log on fxp0 proto udp from any to any port = netbios-ssn @30 block drop in log on fxp0 proto udp from any to any port = microsoft-ds @31 block drop out log on fxp0 proto tcp from any to any port = pop3 @32 block drop out log on fxp0 proto tcp from any to any port = loc-srv @33 block drop out log on fxp0 proto tcp from any to any port = profile @34 block drop out log on fxp0 proto tcp from any to any port = netbios-ns Just in case: # pfctl -sr -g | grep lo0 @0 pass quick on lo0 all Best regards, Anton --------------ms020309090604030703080305 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGKDCC AuEwggJKoAMCAQICAw6AYzANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNDE2MTEwMzExWhcNMDYwNDE2MTEwMzEx WjBEMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSEwHwYJKoZIhvcNAQkBFhJh bnRvbkBuaWtpZm9yb3YucnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp45jI HORB4RVcbIIDMttb19fW9gb9dIX4CVBbCZSPmX+gpsYUCswB/wcqnF98LoSTIYxiY/hUrENH 5lObA+oEazWWmZQR5MQIgZViQ3H7vJ1KpaQ8tR7atUsCMudFb9Wu4jYgvFbjhYLO0cOFOfhr n99ucG5qpsXwriIbDYLT20xFvsbCk/zlMwPsIfxell+EM87MglUH5uym8LtcWVvfZgzYuNN0 1lJXF4Qs17X3y3XELuuRowdQGZQ6nNM2StTePuOL6J3piVERqhscLIpM9rjfH6nV8HM1+BW3 trgt5rWqzSfFlvxk6MF6cvz06xnE6Yw4FV63lrRzaiwm914/AgMBAAGjPzA9MA4GA1UdDwEB /wQEAwIHgDAdBgNVHREEFjAUgRJhbnRvbkBuaWtpZm9yb3YucnUwDAYDVR0TAQH/BAIwADAN BgkqhkiG9w0BAQQFAAOBgQASvk2h3CLH4S3NOw9yRfEdpHruWxov2mQvsV8qZKwjG8/661ze FmsQhAS18+6hCgK84qNrCINydH06Y5jsAGmwS8r9m+xOPxDKiehmOSsOpSVShzIfWdRx5Ni1 uFvPwH9L6czsOlw0PAQnYEv0jVbel6SA5MUWHwJ8liIGxkhi3jCCAz8wggKooAMCAQICAQ0w DQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx EjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNV BAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQ ZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxA dGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYT AlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQ CjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk 16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAG AQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQ ZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgG A1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNm rGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0 niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx 0x1G/11fZU8xggJEMIICQAIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUg Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h aWwgSXNzdWluZyBDQQIDDoBjMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3 DQEHATAcBgkqhkiG9w0BCQUxDxcNMDUxMDI2MDg0MTI1WjAjBgkqhkiG9w0BCQQxFgQU2u7m WF1FEZ+EupCPVk8EgfLHYcQwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG 9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZI hvcNAQEBBQAEggEALamsLO7g0nLxyKSRAXvp81nHN5MEkctr7zORSH6CMcJEkjxOCXlDW95j g8BuMNHQBeVgmQhVAN4z2wM+JDTYw2DVV6VvXqdqPpkdvJiDfBJmMuzBdKbWbh/iwc0xsDpL +aRZ7ddV7vwviLjSZrMLUvpC2Fo5L6x2l4hCMorlFlhGj9EiK/SYJC4Qfb50/Tk7vOhmKf5v CHRzXwPqokQsjj4Hjx09RCojOOvIAQaYWMQIylO5KQYhE89DS8xFRkveqVyUfm+WP+UcxQ08 mJ4NKsCLO9Q1fLIcCFXi4QCOVabwy/ur4nk/BaDI02Zd9WKdytG5L7eZAlTa4YdDLasdwAAA AAAAAA== --------------ms020309090604030703080305--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?435F4135.9000405>