On 24 Oct 2002, Cedric Blancher wrote:
> Le jeu 24/10/2002 =E0 15:29, Robert P. J. Day a =E9crit :
> > On 24 Oct 2002, Cedric Blancher wrote:
> > > One very packet can have one state, and one. =
> > so every syntactically correct ("well-formed"??) packet is one
> > of NEW, ESTABLISHED or RELATED, while all others are just
> > INVALID? ok, i can accept that, thanks.
> =
> Yes and no, it is a bit more complicated...
> =
> INVALID applies to all packets for which ip_conntrack is not able to
> give a state. As common examples :
> =
> . TCP packets that does not complies to RFC 793
> . ICMP errors non related to existing flows
> . lack of memory or conntrack table full
> =
> So, well formed packets can sometimes fall into INVALID state, but it i=
s
> safe to DROP them.
ok, gotcha. but none of that changes the assertion that each and
every packet will fall into one, and only one, of these four
states. thanks.
rday
