[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Connection dies on resent tcp packet
From:       Guido van Rooij <guido () gvr ! org>
Date:       2002-03-25 18:24:33
[Download RAW message or body]

On Sat, Mar 23, 2002 at 02:15:27PM +0100, Casper Dik wrote:
> I believe the data send was old data, i.e., before the window; such data
> should not elicit a RST but rather an ACK.

If it was old data, and the packet does not match the state entry, normal
processing will e done instead. If you happen to have a return-rst rule,
then you're toast.

What should be done is to have the possibility to silently ignore or
fake an ack, strip the data out of the packet and pass it or perhaps
another solution.

-Guido
[prev in list] [next in list] [prev in thread] [next in thread]