On Wed, Jul 30, 2003 at 08:32:07PM -0700, Adam Bozanich wrote:
> 
> Hi all.  Whenever I try to http://www.netbsd.org, ipfilter drops packets
> with this:
> 
> Jul 30 12:57:59 temple ipmon[111]: 12:57:58.931317 dc0 @0:7 b 204.152.184.116 ->
> 192.168.x.x PR tcp len 20 (164) frag 144@1336 IN
> 
> I believe that this line is grabbing it:
> 
> block in log body quick all with short                          head 10
> 
> Or maybe it's from default drop.

You can tell by matching the @0:7 with the output of ipfstat -i -n

> 
> For some reason I _ONLY_ have this problem with netbsd.org
> 
> Does anybody have information on the dangers of letting in these
> fragments?
> 
> It looks like two packets come with every attempt:
> 
> 204.152.184.116 -> 192.168.1.100 TCP TTL:53 TOS:0x0 ID:17939 IpLen:20
> DgmLen:1356 MF
> Frag Offset: 0x0000   Frag Size: 0x0014
> 
> 204.152.184.116 -> 192.168.1.100 TCP TTL:53 TOS:0x0 ID:17939 IpLen:20
> DgmLen:164
> Frag Offset: 0x00A7   Frag Size: 0x0014
> 
> 
> Am I just being paranoid by droping these? Why only netbsd.org giving
> this to me?

I don't know, but it looks more like something on the path is fragmenting the
packets. www.netbsd.org itself shouldn't send fragmented TCP packets.
What is your network setup ?

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 24 ans d'experience feront toujours la difference
--