Date: Tue, 02 Apr 1996 23:29:57 +0200 From: sthaug@nethelp.no To: franky@pinewood.nl Cc: current@FreeBSD.ORG Subject: Re: [Q] Semantics of 'established' in ipfw tcp Message-ID: <199604022129.WAA09553@trane.uninett.no> In-Reply-To: Your message of "Mon, 1 Apr 1996 10:20:05 %2B0100" References: <9604011020.ZM20909@pwood1.pinewood.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
> I would like to know other people's reactions to the current semantics of > the 'established' keyword for TCP connections in the 2.2-960323-SNAPSHOT > implementation of the ipfw in the kernel. > > Currently 'established' means (according to the manpage *and* some > experimentation): > > established Matches packets that do not have the SYN bit set. > TCP packets only. > > Should this not be: > > established Matches packets that do have the ACK bit set. > TCP packets only. > > (To my knowledge this is the way conventional packet filters interpret > 'established'.) I believe it was Cisco that started using the 'established' keyword, and at least according to Cisco documentation, for instance http://cio.cisco.com/univercd/data/doc/software/11_0/rpcr/rip.htm#REF24774 it should be ACK *or* RST: "A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection." Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604022129.WAA09553>