Having a couple of issues
Kimi Ostro
kimimeister at gmail.com
Sat Nov 11 23:39:23 UTC 2006
Hello,
On 11/11/06, Daniel Hartmeier <daniel at benzedrine.cx> wrote:
>
> These are caused by on off-by-one in pf's state tracking for one special
> case: when an RST is sent during the handshake (i.e. SYN, SYN+ACK, RST),
> pf compares the sequence number in the RST exactly, and is off by one,
> blocking the RST.
>
> This is recognizable by the strange "State failure on:" line with no
> digits (the digit(s) indicate the reason why the state match failed, in
> this specific case, and this case only, there is no digit printed).
>
> It was recently fixed in OpenBSD, IIRC post-4.0. The fix is easy to
> port. But I have to wonder why this shows up repeatedly just now.
>
> Who are those clients aborting their handshake with RST, and why are
> they doing it? If the RST is properly passed, it's not like you end up
> with a working connection, it's aborted. And if they don't intend to
> complete the handshake, why start it? Some silly form of port scanning?
> WTF? :)
>
> Daniel
>
The clients are users of FreeBSD, KDE and Mozilla Firefox.
So I guess it is harmless? am I the only one to have this issue?? I
did not find much about it.
Think I should have started two threads, another one for the FTP/pftpx
problem, silly me.
Thank you both!
--
Kimi
More information about the freebsd-pf
mailing list