Machine: FreeBSD 4.3 ipf: IP Filter: v3.4.20 (264) First this bug may be resolved by me upgrading IPF. If that's the case I'll just do that once informed :-) I haven't yet as I've not had and problems.
One of my users tried to send a 'larger than normal' email today, and we found it would hang at different point during the transmission (50%, 70%, 99%, etc). But with IPF disabled it wouldn't hang. I watched him over tcpdump to see what was happening.. the output is at the end of the email. I'm assuming that it has something to do with the fragmented packets that he's sending? I don't have any rules in place that block short, or block ipopts. Thanks :) 213.x.x.x.33198 > 212.x.x.x.x.25: S 1202933080:1202933080(0) win 16384 <mss 1460,nop,nop,sackOK> 212.x.x.x.x.25 > 213.x.x.x.33198: S 1822686022:1822686022(0) ack 1202933081 win 65535 <mss 1460> (DF) 213.x.x.x.33198 > 212.x.x.x.x.25: . ack 1 win 17520 212.x.x.x.x.25 > 213.x.x.x.33198: P 1:52(51) ack 1 win 65535 (DF) 213.x.x.x.33198 > 212.x.x.x.x.25: P 1:15(14) ack 52 win 17469 212.x.x.x.x.25 > 213.x.x.x.33198: P 52:97(45) ack 15 win 65535 (DF) 213.x.x.x.33198 > 212.x.x.x.x.25: P 15:49(34) ack 97 win 17424 212.x.x.x.x.25 > 213.x.x.x.33198: P 97:105(8) ack 49 win 65535 (DF) 213.x.x.x.33198 > 212.x.x.x.x.25: P 49:81(32) ack 105 win 17416 212.x.x.x.x.25 > 213.x.x.x.33198: P 105:113(8) ack 81 win 65535 (DF) 213.x.x.x.33198 > 212.x.x.x.x.25: P 81:87(6) ack 113 win 17408 212.x.x.x.x.25 > 213.x.x.x.33198: P 113:127(14) ack 87 win 65535 (DF) 213.x.x.x.33198 > 212.x.x.x.x.25: . 87:1523(1436) ack 127 win 17394 (frag 8539:1456@0+) 213.x.x.x.33198 > 212.x.x.x.x.25: . 1547:2983(1436) ack 127 win 17394 (frag 8540:1456@0+) 213.x.x.x.33198 > 212.x.x.x.x.25: . 3007:4443(1436) ack 127 win 17394 (frag 8541:1456@0+) 213.x.x.x.33198 > 212.x.x.x.x.25: P 4467:5377(910) ack 127 win 17394 212.x.x.x.x.25 > 213.x.x.x.33198: . ack 87 win 65535 (DF) 213.x.x.x.33198 > 212.x.x.x.x.25: P 5377:5382(5) ack 127 win 17394 212.x.x.x.x.25 > 213.x.x.x.33198: . ack 87 win 65535 (DF) 213.x.x.x.33198 > 212.x.x.x.x.25: . 87:1523(1436) ack 127 win 17394 (frag 8544:1456@0+) 213.x.x.x.33198 > 212.x.x.x.x.25: . 87:1523(1436) ack 127 win 17394 (frag 8545:1456@0+) 213.x.x.x.33198 > 212.x.x.x.x.25: . 87:1523(1436) ack 127 win 17394 (frag 8547:1456@0+) 213.x.x.x.33198 > 212.x.x.x.x.25: . 87:1523(1436) ack 127 win 17394 (frag 8548:1456@0+) -- Avleen Vig Work Time: Unix Systems Administrator Play Time: Network Security Officer Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf
