On Fri, Nov 26, 2004 at 10:33:54PM +0200, Andrew Degtiariov wrote: > I have ipcad installed on 2 PC's running 5.3-RELEASE and 5-STABLE from > Nov 21. ipcad (ports/net-mgmt/ipcad) provides ability to control them > by rsh (ipcad implement rsh server by yourself). While using pf with > primitive rulesets rsh stops its working. It seems like pf drop short > packets. The 'short' reason is a little overloaded, it can have two meanings. The less likely case is where the mbuf didn't contain a complete IP header. More likely, the packet contains IP options, which pf blocks by default. You can isolate the problem by a) enabling debug logging with pfctl -xm and watching the console or /var/log/messages for messages from 'pf: ' b) dumping an entire packet that is being blocked, with tcpdump -s 1600 -nvvvetttSXi pflog0 c) adding 'allow-opts' to all your pass rules and see if the problem goes away DanielReceived on Sat Nov 27 2004 - 11:01:52 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:23 UTC