Re: Help with invalid packets.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Gáspár Lajos" <swifty@freemail.hu>
To: Micheal Wolfskill <tdgh2323@hotmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Help with invalid packets.
Date: Mon, 19 Mar 2012 16:58:49 +0100	[thread overview]
Message-ID: <4F6757B9.2060103@freemail.hu> (raw)
In-Reply-To: <BLU144-W3712D3E518F5611A6BD840D0420@phx.gbl>

Hi,

202-03-19 16:39 keltezéssel, Micheal Wolfskill írta:
> Its not affecting the normal viewing of my site.. but I wish to know
> why it is matching these packets as Iam sure it should not.
Don't be so sure! :D

AFAIK iptables/netfilter uses a different state machine than the TCP 
stack in the kernel...

http://userpages.umbc.edu/~jeehye/cmsc491b/lectures/tcpstate/sld001.htm
http://www.lug.or.kr/docs/iptables-tutorial/chunkyhtml/c4219.htm

On this page: 
http://www.lug.or.kr/docs/iptables-tutorial/chunkyhtml/x4436.htm

"If the connection is reset by a RST packet, the state is changed to 
CLOSE. This means that the connection per default has 10 seconds before 
the whole connection is definitely closed down. RST packets are not 
acknowledged in any sense, and will break the connection directly."

Maybe that is the source of your problem. Or there may be some timing 
issues (lifetime of a connection, etc.)

Swifty

next prev parent reply	other threads:[~2012-03-19 15:58 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-19 15:39 Help with invalid packets Micheal Wolfskill
2012-03-19 15:58 ` Gáspár Lajos [this message]
2012-03-19 17:01 ` Maarten Vanraes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F6757B9.2060103@freemail.hu \
    --to=swifty@freemail.hu \
    --cc=netfilter@vger.kernel.org \
    --cc=tdgh2323@hotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.