[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf state issue

> i was just curious, from pftop i saw these states:
> udp  Out          2:1  32   0   2   186
> and w/ pfctl -s state | grep udp, u see the same kind of stuff:
> udp ->       MULTIPLE:SINGLE
> question is very simple:  why?  i assume the left/right sides of the ':'
> ought to be identical between the reflexive rules of the stateful
> connection...  am i missing something?  thanks :)
The state indication is client:server.  Connection state is kept on each
side of the connection semi independantly.  For instance with TCP if
someone sends a SYN and then a RESET, we'll start up in SYN_SET:CLOSED
end up in TIME_WAIT:CLOSED after the RESET.  Since the server never sent
any traffic, it's side of the state never reflects an opened connection
so we can treat the time the connection out appropriatly.
back to my hangover