udp fragmentation
Max Laier
max at love2party.net
Sat Jun 2 15:05:03 UTC 2007
Hi Hugo,
On Thursday 31 May 2007, Hugo Koji Kobayashi wrote:
> Please find attached the tests results after enabling extended
> logging.
>
> I've done the test twice, changing dig's "+bufsize" parameter.
looking at your log file, it seems that the packet traverses pf alright:
> ---- Console begin
> pf_normalize_ip: reass frag 11881 @ 0-1480
> pf_normalize_ip: reass frag 11881 @ 1480-2960
> pf_normalize_ip: reass frag 11881 @ 2960-4094
> pf_reassemble: 4094 < 4094?
> pf_reassemble: complete: 0xc4338000(4114)
> ---- Console end
>
> fbsd7# date ; pfctl -si
> Tue May 8 04:15:24 BRT 2007
> No ALTQ support in kernel
> ALTQ related functions disabled
> Status: Enabled for 0 days 00:05:27 Debug: Misc
>
> Hostid: 0xfd3ea603
>
> State Table Total Rate
> current entries 3
> searches 405 1.2/s
> inserts 40 0.1/s
> removals 37 0.1/s
> Counters
> match 40 0.1/s
> bad-offset 0 0.0/s
> fragment 0 0.0/s
> short 0 0.0/s
> normalize 0 0.0/s
> memory 0 0.0/s
> bad-timestamp 0 0.0/s
> congestion 0 0.0/s
> ip-option 0 0.0/s
> proto-cksum 0 0.0/s
> state-mismatch 0 0.0/s
> state-insert 0 0.0/s
> state-limit 0 0.0/s
> src-limit 0 0.0/s
> synproxy 0 0.0/s
So the culprit should be somewhere up the stack. i.e. FreeBSD chokes on
the already reassembled packet. Could you also provide netstat -ssp udp
and netstat -ssp ip from before and after your test to get an idea where
the packet is lost? To make sure I understand your setup correctly: pf
is running on the DNS server i.e. the destination address of the datagram
is a local address?
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-pf
mailing list