[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: tcpdump and rule -1/0

It looks to me like I just needed to flush all the rules and start over.  My rules are being parsed ok now.  I do have one other question though.  Why won’t a rule like the following match?


pass in quick log-all on vlan6 inet proto tcp  from to port 135  flags S/SA keep state


I know that resides on vlan6. I can see that traffic in a tcpdump –n –e –ttt –I pflog0 net port 135.  However this rule will not match anything until I remove the “on vlan6”.  Then it works fine.  If I pull out the “on vlan6” and change “keep state” to “modulate state” the rule will die too.

I am testing with telnet 135 and I am using OpenBSD 3.3 stable.



Thanks again,



Andrew Eaton


-----Original Message-----
From: Eaton, Andy
Sent: Thursday, September 11, 2003 5:38 PM
To: '[email protected]'
Subject: tcpdump and rule -1/0


Hello all,


I am having a problem with filtering on a vlan aware bridge.  I am wondering if anyone has seen a tcpdump that looks like the following and what it means.  Particularly the part about the rule -1/0(match).


Sep 11 17:35:33.988497 rule -1/0(match): pass in on vlan16: > . 63809:64321(512) ack 1 win 4096

Sep 11 17:35:33.988501 rule -1/0(match): pass out on vlan17: > . 63809:64321(512) ack 1 win 4096

Sep 11 17:35:33.989717 rule -1/0(match): pass in on vlan17: > . ack 64321 win 0 (DF)

Sep 11 17:35:33.989720 rule -1/0(match): pass out on vlan16: > . ack 64321 win 0 (DF)


I have spent a lot of time debugging this and the rules are not being parsed right.  I thought I might start here.



Thanks in advance,



Andrew Eaton