[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: flags S/SA vs flags S

To: Chris Kuethe <ckuethe@ualberta.ca>
Subject: Re: flags S/SA vs flags S
From: Otto Moerbeek <otto@drijf.net>
Date: Tue, 23 Jul 2002 22:26:44 +0200
Cc: misc@OpenBSD.org

On Tuesday, July 23, 2002, at 10:10  PM, Chris Kuethe wrote:

> On Tue, 23 Jul 2002, Otto Moerbeek wrote:
>
>> So the Best flag for the state creating rule would be S/SAFR, like kj
>> suggested? Ignoring P, U, E and W and any future flags that may pop up?
>
> where would these extra flags come from? the tcp flags are the 13th
> byte of the header. end of story. maybe in future someone will have a
> Great Plan(tm) for tcp *options* and maybe one day, packet filters
> will look at tcp options. but not right now.

ftp://ftp.isi.edu/in-notes/rfc3168.txt figure 3 and 4 show that there is 
reserved space between the header length field and the flags. This space 
could some day be used for new flags, I suppose. Since I already made 
the mistake of ignoring new (for me, at least) flags once, I am cautious 
not to make that mistake again.

> if you don't feel like learning to read packet dumps, you can go look
> at ports/net/tcpshow - it does a decent job of dumping the packet
> header, but does not yet seem to grok ecn bits.

Thanks for the tip.

Otto

References:
- Re: flags S/SA vs flags S
  - From: Chris Kuethe <ckuethe@ualberta.ca>

Prev by Date: Re: boot cdrom for sparc
Next by Date: Re: The first appearance of the 7 dwarfs! WAS Re: Patches in releases
Prev by thread: Re: flags S/SA vs flags S
Next by thread: Re: flags S/SA vs flags S
Index(es):
- Date
- Thread