Date: Sat, 11 Nov 2006 23:38:53 +0000 From: "Kimi Ostro" <kimimeister@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: Having a couple of issues Message-ID: <42b497160611111538g6e07d972r5d0d6a577e43efc4@mail.gmail.com> In-Reply-To: <20061111232425.GO6819@insomnia.benzedrine.cx> References: <42b497160611111207t2e168afdnba91607fd66371d2@mail.gmail.com> <200611112329.43326.max@love2party.net> <42b497160611111504q3a287bf9qa439e62deac62c36@mail.gmail.com> <20061111232425.GO6819@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On 11/11/06, Daniel Hartmeier <daniel@benzedrine.cx> wrote: > > These are caused by on off-by-one in pf's state tracking for one special > case: when an RST is sent during the handshake (i.e. SYN, SYN+ACK, RST), > pf compares the sequence number in the RST exactly, and is off by one, > blocking the RST. > > This is recognizable by the strange "State failure on:" line with no > digits (the digit(s) indicate the reason why the state match failed, in > this specific case, and this case only, there is no digit printed). > > It was recently fixed in OpenBSD, IIRC post-4.0. The fix is easy to > port. But I have to wonder why this shows up repeatedly just now. > > Who are those clients aborting their handshake with RST, and why are > they doing it? If the RST is properly passed, it's not like you end up > with a working connection, it's aborted. And if they don't intend to > complete the handshake, why start it? Some silly form of port scanning? > WTF? :) > > Daniel > The clients are users of FreeBSD, KDE and Mozilla Firefox. So I guess it is harmless? am I the only one to have this issue?? I did not find much about it. Think I should have started two threads, another one for the FTP/pftpx problem, silly me. Thank you both! -- Kimi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42b497160611111538g6e07d972r5d0d6a577e43efc4>