Re: Connections with SYN aren't NEW

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Loïc Minier" <lool+netfilter@via.ecp.fr>
To: Netfilter <netfilter@lists.netfilter.org>
Subject: Re: Connections with SYN aren't NEW
Date: Sun, 14 Dec 2003 17:59:43 +0100	[thread overview]
Message-ID: <20031214165943.GB897@via.ecp.fr> (raw)
In-Reply-To: <200312141634.54552.Antony@Soft-Solutions.co.uk>

Antony Stone <Antony@Soft-Solutions.co.uk> - Sun, Dec 14, 2003:

> So, if your HTTP client is just dropping a connection without closing it 
> nicely (using FIN, or even RST) then netfilter will think it is still 
> ESTABLISHED.

 I should have written that the connection is closed nicely, with a FIN
 packet (I just re-checked). Please note that the conntrack keeps closed
 connection for a while exactly like a normal connection, and with the
 [ASSURED] flag but it adds a TIME_WAIT flag to closed connections.

> I don't know if this explains the problem you are seeing, but it's a reason 
> why netfilter may think the connection is in a different state than the 
> client does.

 Yes, it could have been a good explanation.

-- 
Loïc Minier <lool@dooz.org>

next prev parent reply	other threads:[~2003-12-14 16:59 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-14 16:23 Connections with SYN aren't NEW Loïc Minier
2003-12-14 16:34 ` Antony Stone
2003-12-14 16:59   ` Loïc Minier [this message]
2003-12-14 16:54 ` Antony Stone
2003-12-14 17:24   ` Loïc Minier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20031214165943.GB897@via.ecp.fr \
    --to=lool+netfilter@via.ecp.fr \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.