On Friday 15 February 2002 06:15 pm, I was heard to blurt out without
thinking:
> default:
> if (q->state == TH_SYN | TH_ACK)
> /*
> * Both forward SYN and SYN+ACK packets have been seen,
> * without a reverse SYN+ACK packet in between, due to a
> * buggy rule set, or bogus traffic from the originating host.
> */
> if (fw_verbose) {
> log(LOG_SECURITY | LOG_NOTICE,
> "ipfw: Invalid stateful TCP rule (from %d): Middle packet "
> "missing from three-way TCP handshake.",
> q->parent->fw_number);
> return NULL; /* Drop the packet as if not matched */
> }
Heh, I MEANT to say:
default:
if (q->state == (TH_SYN | TH_ACK)) {
/*
* Both forward SYN and ACK packets have been seen, without
* a reverse SYN+ACK packet in between, likely due to either
* a buggy rule set, or bogus traffic.
*/
if (fw_verbose) {
log(LOG_SECURITY | LOG_NOTICE,
"ipfw: Invalid stateful TCP rule (from %d): Middle "
"packet missing from three-way TCP handshake.",
q->rule->fw_number);
return NULL; /* Drop it as if not matched */
}
}
There. I don't know why I was calling the third packet a SYN+ACK in the
comments. The original also was missing some parenthesis, and used an
incorrect field name (q->parent->fw_number instead of q-.rule->fw_number).
Sorry. Comes from leaping before looking, I supppose.
Aaron out.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
