Jeremy Chadwick wrote: > On Tue, Nov 04, 2008 at 10:15:26AM +0100, Matthias Kellermann wrote: >> # tcpdump -netttvvi pflog0 >> 000000 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id 26668, >> offset 0, flags [DF], proto TCP (6), length 60) 192.168.0.51.54460 > >> 192.168.0.10.23: [|tcp] >> 000266 rule 0/0(match): pass out on sis0: (tos 0x10, ttl 64, id 25527, >> offset 0, flags [DF], proto TCP (6), length 44) 192.168.0.51.54460 > >> 192.168.0.10.23: tcp 24 [bad hdr length 0 - too short, < 20] >> >> Anybody has an idea whats wrong here? > > This is not a pf problem. tcpdump's snaplen defaults to 56 bytes, which > is too small when reading from pflog. Use the -s flag to increase the > snaplen to 256 bytes, for example. >
Thanks Jeremy. Did that. This is the output of tcdump after increasing the snaplen to 256 bytes: # tcpdump -s 256 -netttvvi pflog0 000000 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id 23993, offset 0, flags [DF], proto TCP (6), length 60) 192.168.0.51.43758 > 192.168.0.10.23: S, cksum 0xeb13 (correct), 3072328535:3072328535(0) win 5840 <mss 1460,sackOK,timestamp 2383598 0,nop,wscale 6> 000319 rule 0/0(match): pass out on sis0: (tos 0x10, ttl 64, id 22314, offset 0, flags [DF], proto TCP (6), length 44) 192.168.0.51.43758 > 192.168.0.10.23: S, cksum 0x4553 (correct), 108273612:108273612(0) win 0 <mss 1460> I still have no clue whats going wrong here. Regards, Matthias _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
