rdr rule does not work (bad hdr length)

Jeremy Chadwick koitsu at FreeBSD.org
Tue Nov 4 01:57:49 PST 2008 

On Tue, Nov 04, 2008 at 10:52:08AM +0100, Matthias Kellermann wrote:
> Jeremy Chadwick wrote:
> > On Tue, Nov 04, 2008 at 10:15:26AM +0100, Matthias Kellermann wrote:
> >> # tcpdump -netttvvi pflog0
> >> 000000 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id 26668,
> >> offset 0, flags [DF], proto TCP (6), length 60) 192.168.0.51.54460 >
> >> 192.168.0.10.23: [|tcp]
> >> 000266 rule 0/0(match): pass out on sis0: (tos 0x10, ttl 64, id 25527,
> >> offset 0, flags [DF], proto TCP (6), length 44) 192.168.0.51.54460 >
> >> 192.168.0.10.23:  tcp 24 [bad hdr length 0 - too short, < 20]
> >>
> >> Anybody has an idea whats wrong here?
> > 
> > This is not a pf problem.  tcpdump's snaplen defaults to 56 bytes, which
> > is too small when reading from pflog.  Use the -s flag to increase the
> > snaplen to 256 bytes, for example.  
> > 
> 
> Thanks Jeremy. Did that. This is the output of tcdump after increasing
> the snaplen to 256 bytes:
> 
> # tcpdump -s 256 -netttvvi pflog0
> 000000 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id 23993,
> offset 0, flags [DF], proto TCP (6), length 60) 192.168.0.51.43758 >
> 192.168.0.10.23: S, cksum 0xeb13 (correct), 3072328535:3072328535(0) win
> 5840 <mss 1460,sackOK,timestamp 2383598 0,nop,wscale 6>
> 000319 rule 0/0(match): pass out on sis0: (tos 0x10, ttl 64, id 22314,
> offset 0, flags [DF], proto TCP (6), length 44) 192.168.0.51.43758 >
> 192.168.0.10.23: S, cksum 0x4553 (correct), 108273612:108273612(0) win 0
> <mss 1460>
> 
> I still have no clue whats going wrong here.

Try changing "synproxy state" to "keep state", and see if you have the
same problem.  Note that you may need to reset your state table after
changing this rule (see pfctl -k).

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

More information about the freebsd-pf mailing list