From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: netfilter-devel@lists.netfilter.org
Subject: Re: [PATCH 28/43] Unifies libip[6]t_tcp.c into libxt_tcp.c.
Date: Mon, 16 Jul 2007 00:45:16 +0200 [thread overview]
Message-ID: <469AA37C.5080904@plouf.fr.eu.org> (raw)
In-Reply-To: <Pine.LNX.4.64.0707142043430.25352@fbirervta.pbzchgretzou.qr>
Hello,
Jan Engelhardt a écrit :
>
> On Jul 15 2007 03:11, Yasuyuki KOZAKAI wrote:
>
>>Note: libipt_tcp handled '--syn' as '--flags SYN,RST,ACK,FIN SYN', but
>> libip6t_tcp handled it as '--flags SYN,RST,ACK SYN'. I keep this
>> difference for now.
>
> Since SYN+FIN does not make much sense (unless the ipv6-tcp protocol _really_
> allowed that), libipt_tcp's definition should be used.
I just asked about this difference - and the reason why the FIN check
was not originally present in libiptc_tcp but added later, in 1.3.2 - in
the netfilter user list a few days ago. No reply yet. IMHO it does not
matter whether SYN+FIN makes sense or not but whether it is a valid
combination or not per the RFCs. I have always believed that there is
some precedence among TCP flags, e.g. :
- RST has precedence over SYN and FIN ; if RST set, ignore SYN and FIN
- SYN has precedence over FIN ; if SYN set, ignore FIN
Have I been wrong all this time ?
next prev parent reply other threads:[~2007-07-15 22:45 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-14 18:11 [PATCH 28/43] Unifies libip[6]t_tcp.c into libxt_tcp.c Yasuyuki KOZAKAI
2007-07-14 18:44 ` Jan Engelhardt
2007-07-15 14:36 ` Patrick McHardy
2007-07-16 8:31 ` Yasuyuki KOZAKAI
[not found] ` <200707160831.l6G8VG8l014920@toshiba.co.jp>
2007-07-17 3:44 ` Yasuyuki KOZAKAI
2007-07-20 11:10 ` [SUBPATCH IPTABLES 0/43]: Unification of ip[6]tables matches/targets #3 Yasuyuki KOZAKAI
2007-07-24 6:57 ` [PATCH IPTABLES 0/13]: Unifies rest of ip[6]tables matches/targets Yasuyuki KOZAKAI
2007-07-24 7:47 ` Unifying ip[6]tables matches/targets: using AF_UNSPEC for l3-independent Jan Engelhardt
2007-07-24 8:54 ` [PATCH IPTABLES 0/13]: Unifies rest of ip[6]tables matches/targets Jan Engelhardt
2007-07-24 9:08 ` Yasuyuki KOZAKAI
[not found] ` <200707240908.l6O98uBA008051@toshiba.co.jp>
2007-07-24 9:12 ` Jan Engelhardt
2007-07-24 9:49 ` Yasuyuki KOZAKAI
[not found] ` <200707240949.l6O9n1Oi008901@toshiba.co.jp>
2007-07-24 10:14 ` [PATCH 01/**] libxt_*.so lookup (Re: [PATCH IPTABLES 0/13]: Unifies rest of ip[6]tables matches/targets) Jan Engelhardt
2007-07-31 0:25 ` [PATCH 01/**] libxt_*.so lookup Yasuyuki KOZAKAI
[not found] ` <200707310025.l6V0PDOP029552@toshiba.co.jp>
2007-07-31 7:59 ` Jan Engelhardt
2007-08-01 14:40 ` Yasuyuki KOZAKAI
[not found] ` <200708011440.l71EeFXl010903@toshiba.co.jp>
2007-08-01 15:02 ` Jan Engelhardt
2007-08-04 3:38 ` Yasuyuki KOZAKAI
[not found] ` <200708040338.l743cY1U010811@toshiba.co.jp>
2007-08-04 8:25 ` Jan Engelhardt
2007-07-25 1:02 ` [PATCH IPTABLES 0/13]: Unifies rest of ip[6]tables matches/targets Patrick McHardy
2007-07-25 8:31 ` Jan Engelhardt
2007-07-25 13:56 ` Patrick McHardy
2007-07-15 22:45 ` Pascal Hambourg [this message]
2007-07-17 4:21 ` [PATCH 28/43] Unifies libip[6]t_tcp.c into libxt_tcp.c Yasuyuki KOZAKAI
2007-07-17 6:45 ` Pascal Hambourg
2007-07-17 7:48 ` Yasuyuki KOZAKAI
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=469AA37C.5080904@plouf.fr.eu.org \
--to=pascal.mail@plouf.fr.eu.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.