On Sat, Nov 27, 2004 at 01:01:49PM +0100, Daniel Hartmeier wrote: > On Fri, Nov 26, 2004 at 10:33:54PM +0200, Andrew Degtiariov wrote: > > > I have ipcad installed on 2 PC's running 5.3-RELEASE and 5-STABLE from > > Nov 21. ipcad (ports/net-mgmt/ipcad) provides ability to control them > > by rsh (ipcad implement rsh server by yourself). While using pf with > > primitive rulesets rsh stops its working. It seems like pf drop short > > packets. > > The 'short' reason is a little overloaded, it can have two meanings. > The less likely case is where the mbuf didn't contain a complete IP > header. More likely, the packet contains IP options, which pf blocks by > default. You can isolate the problem by > > a) enabling debug logging with pfctl -xm and watching the console > or /var/log/messages for messages from 'pf: ' > b) dumping an entire packet that is being blocked, with > tcpdump -s 1600 -nvvvetttSXi pflog0 > c) adding 'allow-opts' to all your pass rules and see if the problem > goes away Yes, allow-opts restored ipcad functionality. Probality need to add warning to pf documentation about this behavior, b/c enabling pf broke multicast (ospf for me) with out rules with allow-opts. I was see note about it exists only in pf.conf (in allow-opts description) and leave out it unnoticed while read this manual page. -- Andrew Degtiariov DA-RIPEReceived on Sat Nov 27 2004 - 13:08:16 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:23 UTC