Scrub problem?

Sat, 31 Jan 2009 01:01:59 -0800 

Hi all,
With 'scrub in all' in my pf.conf and 'pfctl -x misc' I get the next in /var/log/messages: 

[...]
Jan 31 09:38:55 deimos /bsd: pf: State failure on:         |
Jan 31 09:38:55 deimos /bsd: pf_normalize_ip: reass frag 61981 @ 11840-13320
Jan 31 09:38:55 deimos /bsd: pf_normalize_ip: reass frag 61981 @ 13320-14800
Jan 31 09:38:55 deimos /bsd: pf_normalize_ip: reass frag 61981 @ 14800-16280
Jan 31 09:38:55 deimos /bsd: pf_normalize_ip: reass frag 61981 @ 16280-17760
Jan 31 09:38:55 deimos /bsd: pf_normalize_ip: reass frag 61981 @ 17760-19240
Jan 31 09:38:55 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 0-1480
Jan 31 09:38:55 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 1480-2960
Jan 31 09:38:55 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 2960-4440
Jan 31 09:38:55 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 4440-5920
Jan 31 09:38:55 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 5920-7400
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 7400-8880
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 8880-10360
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 10360-11840
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 11840-13320
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 13320-14800
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 14800-16280
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 16280-17760
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 17760-19240
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 19240-20720
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 20720-22200
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 22200-23680
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 23680-25160
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 25160-26640
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 26640-28120
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 28120-29600
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 29600-31080
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 63773 @ 31080-32560
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 64541 @ 0-1480
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 64541 @ 1480-2960
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 64541 @ 2960-4440
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 64541 @ 4440-5920
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 64541 @ 5920-7400
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 64541 @ 7400-8880
Jan 31 09:38:56 deimos /bsd: pf_normalize_ip: reass frag 64541 @ 8880-10360
[...]


If I use 'no scrub in all', I dont' get the previous messages, however I 
get:



Jan 31 09:40:24 deimos /bsd: pf_purge_expired_fragments: expiring 
14879(0xfffffe8064c3b060)
Jan 31 09:40:24 deimos /bsd: pf_purge_expired_fragments: expiring 
15391(0xfffffe8064c3b380)
Jan 31 09:40:24 deimos /bsd: pf_purge_expired_fragments: expiring 
15903(0xfffffe8064c3b5b0)
Jan 31 09:40:24 deimos /bsd: pf_purge_expired_fragments: expiring 
17183(0xfffffe8064c3b2e0)
Jan 31 09:40:24 deimos /bsd: pf_purge_expired_fragments: expiring 
17951(0xfffffe8064c3b0b0)
Jan 31 09:40:24 deimos /bsd: pf_purge_expired_fragments: expiring 
18463(0xfffffe8064c3bb50)
Jan 31 09:40:24 deimos /bsd: pf_purge_expired_fragments: expiring 
18719(0xfffffe8013815870)
Jan 31 09:40:24 deimos /bsd: pf_purge_expired_fragments: expiring 
19487(0xfffffe80138152d0)
Jan 31 09:40:25 deimos /bsd: pf: BAD state: TCP 212.36.75.129:25 
212.36.75.129:25 60.189.43.74 [lo=3035015690 high=3034950397 win=6144 
modulator=0] [lo=0 high=6144 win=1 modulator=0] 10:10 S seq=3041351171 
(3041351171) ack=0 len=0 ackskew=0 pkts=8:0 dir=in,fwd

Jan 31 09:40:25 deimos /bsd: pf: State failure on: 1       | 5

Jan 31 09:40:27 deimos /bsd: pf: BAD state: TCP 212.36.75.129:25 
212.36.75.129:25 60.189.43.74 [lo=3035015690 high=3034950397 win=6144 
modulator=0] [lo=0 high=6144 win=1 modulator=0] 10:10 S seq=3041155151 
(3041155151) ack=0 len=0 ackskew=0 pkts=8:0 dir=in,fwd

Jan 31 09:40:27 deimos /bsd: pf: State failure on: 1       | 5

Jan 31 09:40:27 deimos /bsd: pf: loose state match: TCP 212.36.75.129:25 
212.36.75.129:25 60.189.43.74 [lo=3035015690 high=3034950397 win=6144 
modulator=0] [lo=0 high=6144 win=1 modulator=0] 10:10 RA seq=3035015690 
(3041155152) ack=0 len=0 ackskew=0 pkts=8:0
Jan 31 09:40:27 deimos /bsd: pf: BAD state: TCP 212.36.75.129:25 
212.36.75.129:25 60.189.43.74 [lo=3035015690 high=3034950397 win=6144 
modulator=0] [lo=0 high=6144 win=1 modulator=0] 10:10 S seq=3041285829 
(3041285829) ack=0 len=0 ackskew=0 pkts=9:0 dir=in,fwd

Jan 31 09:40:27 deimos /bsd: pf: State failure on: 1       | 5

Jan 31 09:40:28 deimos /bsd: pf: loose state match: TCP 212.36.75.129:25 
212.36.75.129:25 60.189.43.74 [lo=3035015690 high=3034950397 win=6144 
modulator=0] [lo=0 high=6144 win=1 modulator=0] 10:10 RA seq=3035015690 
(3041285830) ack=0 len=0 ackskew=0 pkts=9:0
Jan 31 09:40:28 deimos /bsd: pf: BAD state: TCP 212.36.75.129:25 
212.36.75.129:25 60.189.43.74 [lo=3035015690 high=3034950397 win=6144 
modulator=0] [lo=0 high=6144 win=1 modulator=0] 10:10 S seq=3041351171 
(3041351171) ack=0 len=0 ackskew=0 pkts=10:0 dir=in,fwd

Jan 31 09:40:28 deimos /bsd: pf: State failure on: 1       | 5

Jan 31 09:40:28 deimos /bsd: pf: loose state match: TCP 212.36.75.129:25 
212.36.75.129:25 60.189.43.74 [lo=3035015690 high=3034950397 win=6144 
modulator=0] [lo=0 high=6144 win=1 modulator=0] 10:10 RA seq=3035015690 
(3041351172) ack=0 len=0 ackskew=0 pkts=10:0
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
20255(0xfffffe80138151e0)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
20511(0xfffffe8064c3b290)
Jan 31 09:40:34 deimos /bsdJan 31 09:40:34 deimos /bsd: 
pf_purge_expired_fragments: expiring 21279(0xfffffe8064c3bc90)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
23839(0xfffffe8013815690)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
24863(0xfffffe80138155a0)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
25887(0xfffffe8013815f50)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
26399(0xfffffe8013815c30)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
26911(0xfffffe8013815b90)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
28703(0xfffffe80138156e0)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
29215(0xfffffe80138159b0)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
29471(0xfffffe8013815230)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
29983(0xfffffe80138158c0)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
32543(0xfffffe8013815c80)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
33311(0xfffffe8013815e60)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
33823(0xfffffe8013815190)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
35871(0xfffffe8013815a50)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
36383(0xfffffe8013815370)
Jan 31 09:40:34 deimos /bsd: pf_purge_expired_fragments: expiring 
36639(0xfffffe8064c3ba60)
Jan 31 09:40:41 deimos /bsd: pf: loose state match: TCP 212.36.75.116:80 
212.36.75.116:80 220.181.32.35:33005 [lo=2410908441 high=2410908443 
win=1460 modulator=0] [lo=0 high=1460 win=1 modulator=0] 2:0 PA 
seq=2410908442 (2410908442) ack=0 len=245 ackskew=0 pkts=2:0

: pf_purge_expired_fragments: expiring 21023(0xfffffe8064c3bf10)

¿What's wrong?


I've seen some PF loose TCP state match, but never a lot of 
pf_normalize_ip: reass frag and pf_purge_expired_fragments.



At present, a single VLAN is passing through the bridge where PF works. 
Maybe is related to VLAN...


--
Thanks,
Jordi Espasa Clofent














    











					Reply via email to