07.06.08, 21:04, "Alexey Suslikov" <[EMAIL PROTECTED]>:
> [EMAIL PROTECTED] wrote: > > Now I tested wuth very simply topology: just 2 pc's and switch > > One OpenBSD another Linux with web server. > > Now I have only one line in my pf.conf: > > > > scrub all max-mss 1400 fragment reassemble > This one-liner will not work unless you have corresponding > pass rule in your pf.conf, so I highly suspect what you even > have packet filter disabled. > Do you have pf=YES in /etc/rc.conf.local? Yes. I have. bash-3.2# pfctl -sr scrub all no-df random-id max-mss 1400 fragment reassemble pass in quick all flags S/SA keep state pass out quick all flags S/SA keep state > Also, topology you have will not route packets as you told us > before. Yes. I made it simplie to understand. Now I have only one BSD as client ftching one file from linux box. > And we don't really like linux tcpdumps here so very few will > speak up and help. If you can't get OpenBSD box to work > please provide OpenBSD tcpdump output. Ok. Here is openbsd tcpdump. But I still see len 1440 packets. 03:57:54.035986 192.168.133.200.9901 > 192.168.133.1.80: S [tcp sum ok] 1790495358:1790495358(0) win 16384 <mss 1400,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3743718606 0> (ttl 64, id 55493, len 64) 03:57:54.036047 192.168.133.1.80 > 192.168.133.200.9901: S [tcp sum ok] 2480387518:2480387518(0) ack 1790495359 win 5792 <mss 1460,sackOK,timestamp 343617 3743718606,nop,wscale 7> (DF) (ttl 64, id 0, len 60) 03:57:54.036080 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 1 win 16384 <nop,nop,timestamp 3743718606 343617> (ttl 64, id 40579, len 52) 03:57:54.036210 192.168.133.200.9901 > 192.168.133.1.80: P 1:70(69) ack 1 win 16384 <nop,nop,timestamp 3743718606 343617> (ttl 64, id 7424, len 121) 03:57:54.036257 192.168.133.1.80 > 192.168.133.200.9901: . [tcp sum ok] ack 70 win 46 <nop,nop,timestamp 343617 3743718606> (DF) (ttl 64, id 35838, len 52) 03:57:54.040971 192.168.133.1.80 > 192.168.133.200.9901: P 1:229(228) ack 70 win 46 <nop,nop,timestamp 343617 3743718606> (DF) (ttl 64, id 35839, len 280) 03:57:54.040976 192.168.133.1.80 > 192.168.133.200.9901: . 229:1617(1388) ack 70 win 46 <nop,nop,timestamp 343617 3743718606> (DF) (ttl 64, id 35840, len 1440) 03:57:54.040979 192.168.133.1.80 > 192.168.133.200.9901: . 1617:3005(1388) ack 70 win 46 <nop,nop,timestamp 343617 3743718606> (DF) (ttl 64, id 35841, len 1440) 03:57:54.041009 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 1617 win 14768 <nop,nop,timestamp 3743718606 343617> (ttl 64, id 64488, len 52) 03:57:54.041066 192.168.133.1.80 > 192.168.133.200.9901: . 3005:4393(1388) ack 70 win 46 <nop,nop,timestamp 343617 3743718606> (DF) (ttl 64, id 35842, len 1440) 03:57:54.041076 192.168.133.1.80 > 192.168.133.200.9901: . 4393:5781(1388) ack 70 win 46 <nop,nop,timestamp 343617 3743718606> (DF) (ttl 64, id 35843, len 1440) 03:57:54.041080 192.168.133.1.80 > 192.168.133.200.9901: . 5781:7169(1388) ack 70 win 46 <nop,nop,timestamp 343617 3743718606> (DF) (ttl 64, id 35844, len 1440) 03:57:54.041106 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 4393 win 11992 <nop,nop,timestamp 3743718606 343617> (ttl 64, id 23140, len 52) 03:57:54.041158 192.168.133.1.80 > 192.168.133.200.9901: P 7169:8557(1388) ack 70 win 46 <nop,nop,timestamp 343617 3743718606> (DF) (ttl 64, id 35845, len 1440) 03:57:54.041163 192.168.133.1.80 > 192.168.133.200.9901: . 8557:9945(1388) ack 70 win 46 <nop,nop,timestamp 343617 3743718606> (DF) (ttl 64, id 35846, len 1440) 03:57:54.041166 192.168.133.1.80 > 192.168.133.200.9901: FP 9945:10469(524) ack 70 win 46 <nop,nop,timestamp 343617 3743718606> (DF) (ttl 64, id 35847, len 576) 03:57:54.041189 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 7169 win 9216 <nop,nop,timestamp 3743718606 343617> (ttl 64, id 19692, len 52) 03:57:54.041242 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 9945 win 6440 <nop,nop,timestamp 3743718606 343617> (ttl 64, id 11042, len 52) 03:57:54.041292 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 10470 win 5916 <nop,nop,timestamp 3743718606 343617> (ttl 64, id 19856, len 52) 03:57:54.041463 192.168.133.200.9901 > 192.168.133.1.80: . [tcp sum ok] ack 10470 win 16384 <nop,nop,timestamp 3743718606 343617> (ttl 64, id 18257, len 52) 03:57:54.044006 192.168.133.200.9901 > 192.168.133.1.80: F [tcp sum ok] 70:70(0) ack 10470 win 16384 <nop,nop,timestamp 3743718606 343617> (ttl 64, id 44491, len 52) 03:57:54.044058 192.168.133.1.80 > 192.168.133.200.9901: . [tcp sum ok] ack 71 win 46 <nop,nop,timestamp 343618 3743718606> (DF) (ttl 64, id 0, len 52) > - Alexey.
