Hi all, If I disable checksum offloading on the NIC I do the tcpdump on, then I assume that the checksum-check will provide accurate results? With checksum disabled, I see that the checksum is incorrect when the client does not respond to the SYN,ACK, and correct when it does.
Out of curiousity I tried with pf as well and it behaves the same. Kind regards, Spil. On Mon, Apr 15, 2013 at 9:04 PM, Spil Oss <[email protected]> wrote: > Hi all, > > Network dumps as promised > On 172.17.2.1: > tcpdump -p -i bridge0 -s 0 -w ssh-fail.pcap host not 172.17.2.167 > From 172.17.2.1 I ran > telnet 172.17.2.111/157 22 > In Wireshark I trimmed the capture a bit further with expression > 'not stp and not http' > > Initial setup (ue0 ext, re0 int, rule 10 to allow ssh) > -> ue0-ssh-success.pcap > Removed rule 10 > -> ue0-ssh-fail.pcap > Switched re0 and ue0, default ruleset (without 10) > -> re0-ssh-success.pcap > > According to YungHyeong the sample ASIX NIC he has works normally when > checksumming is disabled. > > Kind regards, > > Spil. > > > > > On Mon, Apr 15, 2013 at 8:25 AM, Ian Smith <[email protected]> wrote: > >> On Sun, 14 Apr 2013 10:34:06 -0700, Michael Sierchio wrote: >> > On Sun, Apr 14, 2013 at 10:26 AM, Ian Smith <[email protected]> >> wrote: >> > >> > > 'allow ip' aka 'allow all' doesn't usually take a port number, which >> > > applies only to tcp and udp. >> > >> > It does in ipfw - in which case it means ( udp | tcp ) >> >> You're quite right, and my assumption that it would also permit icmp >> was quite wrong, after a quick test. >> >> Which appears to leave the bypassed divert not working with rx/txcsum >> the only viable suspect. The ruleset is otherwise 'out of the box'. >> >> Does anyone know whether this is an issue with libalias(3) generally - >> in which case using nat instead of divert shouldn't help - or just with >> natd in particular? >> >> cheers, Ian >> > > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
