Hi Antony, I think you made a better description .. thx.. And .. How to implement it in side the rule ? well ... How to let's say MARK any http-ACK coming via an interface ? Sincerely -bino- ----- Original Message ----- From: "Antony Stone" <Antony@xxxxxxxxxxxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Wednesday, March 03, 2004 8:02 AM Subject: Re: request and reply/respon packets > On Wednesday 03 March 2004 12:35 am, bino-psn wrote: > > > Dear All. > > Is there any way to know whter a packet is a "request" or "reply/respon" > > packets ? > > I'm not sure if I understand you correctly, but let me make a few definitions > of my own, and see if they match yours... > > "Requests" come from a client to a server. "Responses" and the reply from > the server to the client. > > Requests start with a SYN packet (I'm assuming we're talking about TCP > connections here?), and responses start with a SYN/ACK packet. Thereafter, > all packets have ACK set. > > So, you can detect the first packet of a request from the fact that SYN (only) > is set, and you can detect the first packet of a response from that fact that > SYN and ACK are set. > > Does that help answer your question? > > Antony. > > -- > Perfection in design is achieved not when there is nothing left to add, but > rather when there is nothing left to take away. > > - Antoine de Saint-Exupery > > Please reply to the list; > please don't CC me. > > >
