Date: Tue, 17 Jul 2001 14:26:52 -0400 From: User & Ian Patrick Thomas <ipthomas_77@yahoo.com> To: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> Cc: freebsd-questions@freebsd.org Subject: Re: how could this PACKET get through?! Message-ID: <20010717142652.A1048@localhost> In-Reply-To: <20010717151034.C96585-100000@cactus.fi.uba.ar>; from fgleiser@cactus.fi.uba.ar on Tue, Jul 17, 2001 at 03:18:35PM -0300 References: <200107171815.OAA19997@mail.ottawa.com> <20010717151034.C96585-100000@cactus.fi.uba.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
How do you keep state on UDP packets, when UDP is a stateless protocol? Ian As it was put forth by Fernando Gleiser on Tue, Jul 17, 2001 at 03:18:35PM -0300... > On Tue, 17 Jul 2001, Mark Livingstone wrote: > [snip] > > > > > pass in log quick on ed0 proto icmp from any to any icmp-type 0 > > pass in log quick on ed0 proto icmp from any to any icmp-type unreach code 3 > > pass in log quick on ed0 proto icmp from any to any icmp-type unreach code 4 > > pass in log quick on ed0 proto icmp from any to any icmp-type timex > ^^^^^^^^ > Here is: you allow incomming icmp time exeeded, and log it. The packet you > received was a time exeeded in transit (11/0). > > Those seem the rules to make traceroute work. If you keep state on > outgoing udp packets you won't need them, the state code can tell > icmp packets which are responses to outgoing packets from icmp packets > which aren't (because an icmp error has the first bytes of the packet which > caused it). > > > > Fer > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010717142652.A1048>