Now I tested wuth very simply topology: just 2 pc's and switch One OpenBSD another Linux with web server.
Now I have only one line in my pf.conf: scrub all max-mss 1400 fragment reassemble This is wget downloading 1K file tcp, and I see mss 1460 in very first packet from my OpenBSD box tcpdump -i eth0 -n host 10.137.8.104 and port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 17:00:57.532589 IP 10.137.8.104.30290 > 10.137.9.55.80: S 568783555:568783555(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 1246726788 0> 17:00:57.533068 IP 10.137.9.55.80 > 10.137.8.104.30290: S 347064380:347064380(0) ack 568783556 win 5792 <mss 1460,sackOK,timestamp 1980361 1246726788,nop,wscale 7> 17:00:57.532720 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 1 win 16384 <nop,nop,timestamp 1246726788 1980361> 17:00:57.532792 IP 10.137.8.104.30290 > 10.137.9.55.80: P 1:105(104) ack 1 win 16384 <nop,nop,timestamp 1246726788 1980361> 17:00:57.532800 IP 10.137.9.55.80 > 10.137.8.104.30290: . ack 105 win 46 <nop,nop,timestamp 1980361 1246726788> 17:00:57.532863 IP 10.137.9.55.80 > 10.137.8.104.30290: P 1:234(233) ack 105 win 46 <nop,nop,timestamp 1980361 1246726788> 17:00:57.532876 IP 10.137.9.55.80 > 10.137.8.104.30290: . 234:3130(2896) ack 105 win 46 <nop,nop,timestamp 1980361 1246726788> 17:00:57.533333 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 1682 win 14936 <nop,nop,timestamp 1246726788 1980361> 17:00:57.533344 IP 10.137.9.55.80 > 10.137.8.104.30290: . 3130:7474(4344) ack 105 win 46 <nop,nop,timestamp 1980361 1246726788> 17:00:57.533699 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 4578 win 12040 <nop,nop,timestamp 1246726788 1980361> 17:00:57.533706 IP 10.137.9.55.80 > 10.137.8.104.30290: P 7474:10370(2896) ack 105 win 46 <nop,nop,timestamp 1980361 1246726788> 17:00:57.533709 IP 10.137.9.55.80 > 10.137.8.104.30290: P 10370:10474(104) ack 105 win 46 <nop,nop,timestamp 1980361 1246726788> 17:00:57.533898 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 6026 win 16384 <nop,nop,timestamp 1246726788 1980361> 17:00:57.534079 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 8922 win 14936 <nop,nop,timestamp 1246726788 1980361> 17:00:57.534201 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 10474 win 14832 <nop,nop,timestamp 1246726788 1980361> 17:00:57.534532 IP 10.137.8.104.30290 > 10.137.9.55.80: F 105:105(0) ack 10474 win 16384 <nop,nop,timestamp 1246726788 1980361> 17:00:57.534552 IP 10.137.9.55.80 > 10.137.8.104.30290: F 10474:10474(0) ack 106 win 46 <nop,nop,timestamp 1980361 1246726788> 17:00:57.534705 IP 10.137.8.104.30290 > 10.137.9.55.80: . ack 10475 win 16384 <nop,nop,timestamp 1246726788 1980361> 18 packets captured 18 packets received by filter 0 packets dropped by kernel 04.06.08, 05:22, "jean-philippe luiggi" <[EMAIL PROTECTED]>: > On Tue, 03 Jun 2008 18:35:35 +0400 > B A <[EMAIL PROTECTED]> wrote: > > tcpdump output: > > > > 03:17:15.390852 192.168.133.200.42631 > 217.76.32.61.80: S > > 669277748:669277748(0) win 16384 <mss 1400,nop,nop,sackOK,nop,wscale > > 0,nop,nop,timestamp 2675320559 0> [tos 0x10] > > 03:17:15.512524 217.76.32.61.80 > 192.168.133.200.42631: S > > 81853979:81853979(0) ack 669277749 win 64240 <mss 1460> > > 03:17:15.512625 192.168.133.200.42631 > > so I see 1460 packets. No ? > > > Hello, > I did some test here on an OpenBSD 4.3 using the same setup as you > (pf+217.76.32.61) and all is fine. The network stack works as > expected. > Do you've a scheme of the topology you use ? > What is the interface you're using for capture ? > Is 192.168.133.200 an internal interface of the box connected to > Internet or do you've another network box between 192.168.133.200 and > 217.76.32.61 ? > With regards, > Jean-Philippe.
