Problem with FIAIF_INVALID
Anders Fugmann
email hidden
Sat Aug 8 09:16:01 CEST 2009
Steven W. Orr wrote:
> On 08/07/09 17:06, quoth Anders Fugmann:
>> It would seem like Linux has decided that the packet is invalid.
>
> Is it Linux of is it fiaif?
I believe it is Linux own packet inspection that determines that the
packet is invalid.
>
>> Are you unable to use the pgp server, or is it just the logged packet
>> that bugs you? If not, are you able to use any pgp server, or is it just
>> this specific one.
>
> That pgp server seems to be not working for me, but I can use other servers.
Ok. I would guess the problem is that the PGP server tries to make an
ident lookup (port 113). Some legacy servers do that. Fiaif rejects
these packets, that that may cause the server to close the connection
unexpectedly.
>
> Should I be able to see something wrong with the packet?
Well It an acknowledgment to closing the connection, but it contains the
"push" bit, which is a bit strange. This packet drop can safely bee
ignored. The reason for the pgp server communication problems lies
elsewere.
Perhaps you could try dump all communication to the pgp-server with
Fiaif disabled and when Fiaif is enabled, using tcpdump:
tcpdump -i eth0 src or dst 208.72.157.55
in order to see how communication differs.
Regards
Anders Fugmann
More information about the fiaif
mailing list