Date: Fri, 15 Feb 2002 18:43:35 -0700 From: "Aaron D. Gifford" <agifford@infowest.com> To: freebsd-net@freebsd.org Subject: Re: Bug in stateful code? Message-ID: <20020216014335.AE41B213CA@ns1.infowest.com> References: <20020215225647.DBAB521CE8@ns1.infowest.com> <3C6DA100.3080108@tenebras.com>
index | next in thread | previous in thread | raw e-mail
On Friday 15 February 2002 06:15 pm, I was heard to blurt out without
thinking:
> default:
> if (q->state == TH_SYN | TH_ACK)
> /*
> * Both forward SYN and SYN+ACK packets have been seen,
> * without a reverse SYN+ACK packet in between, due to a
> * buggy rule set, or bogus traffic from the originating host.
> */
> if (fw_verbose) {
> log(LOG_SECURITY | LOG_NOTICE,
> "ipfw: Invalid stateful TCP rule (from %d): Middle packet "
> "missing from three-way TCP handshake.",
> q->parent->fw_number);
> return NULL; /* Drop the packet as if not matched */
> }
Heh, I MEANT to say:
default:
if (q->state == (TH_SYN | TH_ACK)) {
/*
* Both forward SYN and ACK packets have been seen, without
* a reverse SYN+ACK packet in between, likely due to either
* a buggy rule set, or bogus traffic.
*/
if (fw_verbose) {
log(LOG_SECURITY | LOG_NOTICE,
"ipfw: Invalid stateful TCP rule (from %d): Middle "
"packet missing from three-way TCP handshake.",
q->rule->fw_number);
return NULL; /* Drop it as if not matched */
}
}
There. I don't know why I was calling the third packet a SYN+ACK in the
comments. The original also was missing some parenthesis, and used an
incorrect field name (q->parent->fw_number instead of q-.rule->fw_number).
Sorry. Comes from leaping before looking, I supppose.
Aaron out.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020216014335.AE41B213CA>