Hi everyone, I have a strange situation on three 5.3 machines for few days now. After dropping what appears to be a malformed echo request, interface goes down for 20 min. PF block policy is set to drop. Interface is connected to a Cisco switch, sorry no other details from our collo provider. Re-initializing interface solved the problem. Any clue how to avoid the problem in the first place? Here is the log capture on echo request.
Best regards, Julian No. Time Source Destination Protocol port Info 54735 2013-09-02 00:27:24.524180 4.53.128.211 68.68.3.87 ICMP [dropped em0/18] Echo (ping) request Frame 54735 (148 bytes on wire, 148 bytes captured) Arrival Time: Sep 2, 2013 00:27:24.524180000 [Time delta from previous captured frame: 0.640103000 seconds] [Time delta from previous displayed frame: 24.016554000 seconds] [Time since reference or first frame: 16042.186110000 seconds] Frame Number: 54735 Frame Length: 148 bytes Capture Length: 148 bytes [Frame is marked: True] [Protocols in frame: pflog:ip:icmp:data] [Coloring Rule Name: ICMP] [Coloring Rule String: icmp || icmpv6] PF Log IPv4 dropped on em0 by rule 18 Header Length: 100 Address Family: IPv4 (2) Action: dropped (1) Reason: match (0) Interface: em0 Ruleset: Rule Number: 18 Sub Rule Number: -1 Direction: Unknown (255) Internet Protocol, Src: 4.53.128.211 (4.53.128.211), Dst: 68.68.3.87 (68.68.3.87) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0000 (0) Flags: 0x02 (Don't Fragment) 0.. = Reserved bit: Not Set .1. = Don't fragment: Set ..0 = More fragments: Not Set Fragment offset: 0 Time to live: 47 Protocol: ICMP (0x01) Header checksum: 0x7f2a [correct] [Good: True] [Bad : False] Source: 4.53.128.211 (4.53.128.211) Destination: 68.68.3.87 (68.68.3.87) Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 () Checksum: 0xba7d [correct] Identifier: 0x3d82 Sequence number: 0 (0x0000) Data (20 bytes) 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0010 00 00 00 00 .... Data: 0000000000000000000000000000000000000000 [Length: 20]
