[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: flags S/SA vs flags S

To: ckuethe@ualberta.ca (Chris Kuethe)
Subject: Re: flags S/SA vs flags S
From: Darren Reed <avalon@coombs.anu.edu.au>
Date: Wed, 24 Jul 2002 12:07:10 +1000 (Australia/ACT)
Cc: misc@openbsd.org

In some mail from Chris Kuethe, sie said:
> 
> On Tue, 23 Jul 2002, Otto Moerbeek wrote:
> 
> > So the Best flag for the state creating rule would be S/SAFR, like kj
> > suggested? Ignoring P, U, E and W and any future flags that may pop up?
> 
> where would these extra flags come from? the tcp flags are the 13th
> byte of the header. end of story. maybe in future someone will have a
> Great Plan(tm) for tcp *options* and maybe one day, packet filters
> will look at tcp options. but not right now.

That's not completely necessary.  There are still 4 unused bits in the TCP
header (prior to ECN, there were 6.)

[...]
> so yes, you could allow S/UAPRSF (that's the real order) but there may
> be things that you want to talk to that use the ECN bits and U and P.
> S/SAFR will do what you want.

For URG or PUSH to be set with SYN, there would need to be data present
for it to make sense.  TCP does not work like that.  Nor can I see anyone
overloading the use of URG/PUSH bits to mean something else when used with
SYN.

References:
- Re: flags S/SA vs flags S
  - From: Chris Kuethe <ckuethe@ualberta.ca>

Prev by Date: Re: IDE Zip Drive
Next by Date: non-exec stack
Prev by thread: Re: flags S/SA vs flags S
Next by thread: Re: flags S/SA vs flags S
Index(es):
- Date
- Thread