[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf state issue



> i was just curious, from pftop i saw these states:
> udp  Out 127.0.0.1:14770      127.0.0.1:53          2:1  32   0   2   186
> and w/ pfctl -s state | grep udp, u see the same kind of stuff:
> udp 127.0.0.1:30551 -> 127.0.0.1:53       MULTIPLE:SINGLE
> question is very simple:  why?  i assume the left/right sides of the ':'
> ought to be identical between the reflexive rules of the stateful
> connection...  am i missing something?  thanks :)
The state indication is client:server.  Connection state is kept on each
side of the connection semi independantly.  For instance with TCP if
someone sends a SYN and then a RESET, we'll start up in SYN_SET:CLOSED
end up in TIME_WAIT:CLOSED after the RESET.  Since the server never sent
any traffic, it's side of the state never reflects an opened connection
so we can treat the time the connection out appropriatly.
back to my hangover
.mike