On Thu, 24 Feb 2005 14:50:12 +0200 (EET), Arto Selonen <arto@selonen.org> wrote:
> 13:58:22.658571 truncated-ip - 15300 bytes missing!name.example.com.5680 > 
> 192.168.242.231.ssh: 3796056737:3796072037(15300) win 32768 <mss 
> 1460,nop,wscale 0,nop,nop,timestamp 84 0>

I emailed to an earlier thread in current-users about this.  We also noted
this on an X86 machine acting as a firewall and running -current.  The
problem seems to be that somewhere in IPFilter, the length field of the IP
header (ip_len) is getting byte swapped.  We noticed that certain ICMP
packets were coming into the firewall with a length of 0x0240 and leaving
with a length of 0x4002.  I'm not using NAT or fastrouting, just straight
filtering.

My guess is that there's a missing ntohs() or htons() somewhere.

Paul
-- 
Paul Dokas                                            dokas@cs.umn.edu
======================================================================
Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."