Weird pf messages

4 views
Skip to first unread message

Carlos López Martínez

unread,
Sep 8, 2022, 1:02:50 PMSep 8
to hardenedBSD Users
Hi another time,

UHmm ... Maybe update
hbsd-v1300063-13151f38590e4f7fa0a0d5df93594efebafa410f is really buggy.
Doing a tcpdump in pflog0 I am seeing the following:

00:00:00.000000 rule 4294967295/0(match): pass in on vtnet5: (tos 0x0,
ttl 127, id 11047, offset 0, flags [none], proto TCP (6), length 92)
192.168.37.3.60721 > 172.18.75.11.22: Flags [P.], cksum 0x537a
(correct), seq 2785598103:2785598155, ack 2189209720, win 6145, length 52
00:00:00.000345 rule 4294967295/0(match): pass out on vtnet5: (tos
0x48, ttl 63, id 43102, offset 0, flags [none], proto TCP (6), length 220)
172.18.75.11.22 > 192.168.37.3.60721: Flags [P.], cksum 0xe9e5
(correct), seq 1:181, ack 52, win 501, length 180
00:00:00.106549 rule 4294967295/0(match): pass in on vtnet5: (tos 0x0,
ttl 127, id 31922, offset 0, flags [none], proto TCP (6), length 40)
192.168.37.3.60721 > 172.18.75.11.22: Flags [.], cksum 0x1946
(correct), ack 181, win 6144, length 0
00:00:00.087851 rule 4294967295/0(match): pass in on vtnet5: (tos 0x0,
ttl 127, id 51084, offset 0, flags [none], proto TCP (6), length 92)
192.168.37.3.60721 > 172.18.75.11.22: Flags [P.], cksum 0xa158
(correct), seq 52:104, ack 181, win 6144, length 52
00:00:00.000211 rule 4294967295/0(match): pass out on vtnet5: (tos
0x48, ttl 63, id 24941, offset 0, flags [none], proto TCP (6), length 220)
172.18.75.11.22 > 192.168.37.3.60721: Flags [P.], cksum 0xa7cc
(correct), seq 181:361, ack 104, win 501, length 180
00:00:00.094042 rule 4294967295/0(match): pass in on vtnet5: (tos 0x0,
ttl 127, id 49864, offset 0, flags [none], proto TCP (6), length 40)
192.168.37.3.60721 > 172.18.75.11.22: Flags [.], cksum 0x185e
(correct), ack 361, win 6144, length 0

Rule 4294967295??? It doesn't exists ....
--
Best regards,
C. L. Martinez

Shawn Webb

unread,
Sep 8, 2022, 1:29:44 PMSep 8
to Carlos López Martínez, hardenedBSD Users
That's the max of a 32-bit integer value (0xffffffff). I know FreeBSD
has done work with pf recently. I'm unsure what would cause that
issue, though.

--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Reply all
Reply to author
Forward
0 new messages