[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: State NEW but no SYN bit set - newbie question
From:       Simon Edwards <simon () simonzone ! com>
Date:       2001-11-18 7:58:03
[Download RAW message or body]

Hi,

On Saturday 17 November 2001 16:20, Sneppe Filip wrote:
> From:	Simon Edwards
> >In what way is this "perfectly normal"? Is it normal to have a TCP packet
> >come in without SYN and be the beginning of a NEW (stateful) connection.
> >Anyone care to explain. (I'm curious, but I'm no TCP/IP expert)
>
> Hi Simon,
> Check out the section on TCP in this document, and things will
> likely become clearer:

Thanks, I've read this in the past, but a refresher is good too.

So from what I understand, the only real reason you might see a "perfectly 
normal" packet come in without a SYN and create a new state connection is in 
the a idle connection being dropped from the state table and then becoming 
active again (and then being added to the state table again). Is that right?

Now, doesn't TCP have a mechanisim where a packets are periodicly sent across 
idle connections to say "Hey! I still want this open"? (Specificly I'm 
referring to tcp_keepalive_probes and tcp_keepalive_time in /proc) How does 
this fit in with the state tracking? (If TCP actively keeps idle connections 
open, shouldn't an idle connection never get prematurely dropped from the 
state table?)

Thanks for any help. I'm developing a firewall app based on iptables and 
ipchains, so I kind of want to make sure I know the all details.

-- 
Simon Edwards
simon@simonzone.com
http://www.simonzone.com/
Nijmegen, The Netherlands       "ZooTV? You made the right choice."

[prev in list] [next in list] [prev in thread] [next in thread]