Date: Tue, 19 Jul 2005 19:45:37 -0700 (PDT) From: Muk Dunkin <mukden@yahoo.com> To: freebsd-ipfw@freebsd.org Subject: ipfw established option Message-ID: <20050720024538.53894.qmail@web30607.mail.mud.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi all,
According to the man page, setting the ipfw
established option matches TCP packets that have the
RST or ACK bits set. But from looking at the source
ip_fw2.c, it only rejects packets with SYN only, but
allows packets with NO flag bits set and packets with
URG/PSH/FIN.
/* reject packets
which have SYN only */
/* XXX should i also
check for TH_ACK ? */
match = (proto ==
IPPROTO_TCP && offset == 0 &&
(L3HDR(struct
tcphdr,ip)->th_flags &
(TH_RST | TH_ACK
| TH_SYN)) != TH_SYN);
Is this a bug or that's part of the design?
thx
Mukden
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050720024538.53894.qmail>