Re: Spurious RSTs, syncache, and pf weirdness

From: Max Laier <max_at_love2party.net>
Date: Fri, 13 Jul 2007 19:50:02 +0200
On Friday 13 July 2007, Abdullah Ibn Hamad Al-Marri wrote:
> On 7/13/07, Hugo Silva <hugo_at_barafranca.com> wrote:
> > But these have been talked about on the lists before.
> >
> > What's new for me is the following bits of the firewall (pf) logs:
> >
> > tcpdump: WARNING: pflog0: no IPv4 address assigned
> > tcpdump: verbose output suppressed, use -v or -vv for full protocol
> > decode listening on pflog0, link-type PFLOG (OpenBSD pflog file),
> > capture size 96 bytes
> > 000000 rule 0/0(match): block unkn(99) on em0: SERVER_IP.52582 >
> > 70.87.97.148.80: [|tcp]
> > 29. 232416 rule 0/0(match): block unkn(99) on em0: SERVER_IP.53798 >
> > 70.87.97.148.80: [|tcp]
>
> <snip>
>
> > Notice the unkn(99) and the bad hdr length errors. on 6.2, this
> > problem doesn't exist. Is this something new or is it related to the
> > spurious rsts & syncache errors ?
> >
> >
> > Best regards,
> >
> > Hugo
>
> It's known bug, they are trying to fix it before FreeBSD 7.0-RELEASE.

No it's not.  It's a known feature.  The attached patch fixes it.  This 
needs to go through tcpdump.org, but I haven't had time to take care of 
it, yet.

-- 
/"\  Best regards,                      | mlaier_at_freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier_at_EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

Received on Fri Jul 13 2007 - 15:48:24 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:14 UTC