guillaume at morinfr
Aug 1, 2001, 8:31 PM
Post #1 of 1
(125 views)
Permalink
|
|
[PATCH?] Re: UNCLEAN match weirdness with 2.4.7
|
|
Dans un message du 02 aoû à 2:24, Guillaume Morin écrivait :
> Aug 2 02:10:29 pantera kernel: ipt_unclean: TCP flags bad: 4
> Aug 2 02:10:29 pantera kernel: UNCLEAN: IN=ppp0 OUT=eth1 SRC=198.186.203.85
> DST=62.4.22.234 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=58343 PROTO=TCP SPT=80
> DPT=34187 WINDOW=0 RES=0x00 RST URGP=0
Ok, I've read the source, so a RST packet is considered as unclean.
(#define TH_RST 0x04)
The related part in ipt_unclean.c is
if (tcpflags != TH_SYN
&& tcpflags != (TH_SYN|TH_ACK)
&& tcpflags != (TH_RST|TH_ACK)
&& tcpflags != (TH_RST|TH_ACK|TH_PUSH)
&& tcpflags != (TH_FIN|TH_ACK)
&& tcpflags != TH_ACK
&& tcpflags != (TH_ACK|TH_PUSH)
&& tcpflags != (TH_ACK|TH_URG)
&& tcpflags != (TH_ACK|TH_URG|TH_PUSH)
&& tcpflags != (TH_FIN|TH_ACK|TH_PUSH)
&& tcpflags != (TH_FIN|TH_ACK|TH_URG)
&& tcpflags != (TH_FIN|TH_ACK|TH_URG|TH_PUSH)) {
I do not see why neither RST nor FIN packets are not listed. This part
has not changed since 2.4.4, so this it was not called for at least
FIN and RST packets in 2.4.4. I've diffed all netfilter c files, but I
still cannot figure out why this behavior has changed.
This naive trivial patch would fix the problem, but I am pretty sure it
is not the root of problem.
--- linux-old/net/ipv4/netfilter/ipt_unclean.c Thu Aug 2 04:18:13 2001
+++ linux/net/ipv4/netfilter/ipt_unclean.c Thu Aug 2 04:19:16 2001
@@ -331,6 +331,8 @@
tcpflags = ((u_int8_t *)tcph)[13];
if (tcpflags != TH_SYN
&& tcpflags != (TH_SYN|TH_ACK)
+ && tcpflags != TH_RST
&& tcpflags != (TH_RST|TH_ACK)
&& tcpflags != (TH_RST|TH_ACK|TH_PUSH)
+ && tcpflags != TH_FIN /* why not? */
&& tcpflags != (TH_FIN|TH_ACK)
Any help,comments on this are welcome.
5.30am, time to go to bed.
TIA. Regards,
--
Guillaume Morin <guillaume [at] morinfr>
Last night I saw the face of god, but waking I'd forgotten who she was (Addict)
|
