From owner-freebsd-net  Fri Feb 15 17:43:43 2002
Delivered-To: freebsd-net@freebsd.org
Received: from ns1.infowest.com (ns1.infowest.com [204.17.177.10])
	by hub.freebsd.org (Postfix) with ESMTP id 1F46F37B402
	for <freebsd-net@freebsd.org>; Fri, 15 Feb 2002 17:43:36 -0800 (PST)
Received: from there (eq.net [208.186.104.163])
	by ns1.infowest.com (Postfix) with SMTP id AE41B213CA
	for <freebsd-net@freebsd.org>; Fri, 15 Feb 2002 18:43:35 -0700 (MST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: "Aaron D. Gifford" <agifford@infowest.com>
To: freebsd-net@freebsd.org
Subject: Re: Bug in stateful code?
Date: Fri, 15 Feb 2002 18:43:35 -0700
X-Mailer: KMail [version 1.3.2]
References: <20020215225647.DBAB521CE8@ns1.infowest.com> <3C6DA100.3080108@tenebras.com> 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20020216014335.AE41B213CA@ns1.infowest.com>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Friday 15 February 2002 06:15 pm, I was heard to blurt out without 
thinking:
> default:
>   if (q->state == TH_SYN | TH_ACK)
>     /*
>      * Both forward SYN and SYN+ACK packets have been seen,
>      * without a reverse SYN+ACK packet in between, due to a
>      * buggy rule set, or bogus traffic from the originating host.
>      */
>     if (fw_verbose) {
>       log(LOG_SECURITY | LOG_NOTICE,
>         "ipfw: Invalid stateful TCP rule (from %d): Middle packet "
>         "missing from three-way TCP handshake.",
>         q->parent->fw_number);
>       return NULL;	/* Drop the packet as if not matched */
>     }

Heh, I MEANT to say:

 default:
            if (q->state == (TH_SYN | TH_ACK)) {
                /*
                 * Both forward SYN and ACK packets have been seen, without
                 * a reverse SYN+ACK packet in between, likely due to either
                 * a buggy rule set, or bogus traffic.
                 */
                if (fw_verbose) {
                    log(LOG_SECURITY | LOG_NOTICE,
                        "ipfw: Invalid stateful TCP rule (from %d): Middle "
                        "packet missing from three-way TCP handshake.",
                        q->rule->fw_number);
                    return NULL;        /* Drop it as if not matched */
                }
            }

There.  I don't know why I was calling the third packet a SYN+ACK in the 
comments.  The original also was missing some parenthesis, and used an 
incorrect field name (q->parent->fw_number instead of q-.rule->fw_number).

Sorry.  Comes from leaping before looking, I supppose.

Aaron out.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message