I just noticed an odd entry into one of my firewall's logs earlier this evening. It looks like this:
Feb 1 21:10:02 cortez pf: cookie: d581cae75f749704->0000000000000000 msgid: 00000000 len: 680 Googling "openbsd pf cookie msgid len" turned up a couple threads with similar errors. Both times the error was attributed to an exceeded MTU after scrub, and also seemed to occur primarily on bridges (although this may be an incorrect assumption), and was fixed in 3.1 -current. Based on this, I attributed it to exceeded MTU errors on the box (which is also a bridge, albeit 3.2 -stable). Armed with this knowledge, I edited my logparsing script to skip /cookie: /. Lo and behold, just over an hour later, I get a similar type of entry in a *different* firewall that is NOT a bridge. Feb 1 22:35:02 gw pf: cookie: db3db2d2522aaa97->0000000000000000 msgid: 00000000 len: 648 Feb 1 22:35:02 gw pf: cookie: db3db2d2522aaa97->0000000000000000 msgid: 33e1ce50 len: 56 With the exception of the bridge setup and minor pf modifications (now filtering on both interfaces, of course), this build is basically identical to the other. Nevertheless, both boxes are nowhere within the vicinity of each other, either at layer 1 or 3. ;-) Any clue as to what I'm seeing here? -J.
