* Understanding --tcp-flags option
@ 2013-07-04 12:09 Aaron Lewis
2013-07-04 12:58 ` Pascal Hambourg
0 siblings, 1 reply; 3+ messages in thread
From: Aaron Lewis @ 2013-07-04 12:09 UTC (permalink / raw)
To: netfilter mailing list
Hi,
How should I understand --tcp-flags option?
1) There's two parameters, why need two of them?
e.g I might just need to match a packet with SYN and RST bit set,
why do I need to place it for twice (--tcp-flags SYN RST, SYN RST
2) What does this mean? I don't really get what "mask" and "comp" do here
--tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN
Thanks!
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Understanding --tcp-flags option
2013-07-04 12:09 Understanding --tcp-flags option Aaron Lewis
@ 2013-07-04 12:58 ` Pascal Hambourg
2013-07-05 1:01 ` Aaron Lewis
0 siblings, 1 reply; 3+ messages in thread
From: Pascal Hambourg @ 2013-07-04 12:58 UTC (permalink / raw)
To: netfilter mailing list
Hello,
Aaron Lewis a écrit :
>
> How should I understand --tcp-flags option?
>
> 1) There's two parameters, why need two of them?
It allows to match packets with some flags cleared.
> e.g I might just need to match a packet with SYN and RST bit set,
> why do I need to place it for twice (--tcp-flags SYN RST, SYN RST
Wrong syntax.
> 2) What does this mean? I don't really get what "mask" and "comp" do here
The mask specifies which flags must be examined, and the comp which
flags must be set. Therefore flags in the mask but not in the comp must
be cleared. Flags not in the mask may have any value.
> --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN
This means match if FIN,SYN set and RST,PSH,ACK,URG cleared.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Understanding --tcp-flags option
2013-07-04 12:58 ` Pascal Hambourg
@ 2013-07-05 1:01 ` Aaron Lewis
0 siblings, 0 replies; 3+ messages in thread
From: Aaron Lewis @ 2013-07-05 1:01 UTC (permalink / raw)
To: Pascal Hambourg; +Cc: netfilter mailing list
Merci beaucoup Pascal, I get it now.
On Thu, Jul 4, 2013 at 8:58 PM, Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
> Hello,
>
> Aaron Lewis a écrit :
>>
>> How should I understand --tcp-flags option?
>>
>> 1) There's two parameters, why need two of them?
>
> It allows to match packets with some flags cleared.
>
>> e.g I might just need to match a packet with SYN and RST bit set,
>> why do I need to place it for twice (--tcp-flags SYN RST, SYN RST
>
> Wrong syntax.
>
>> 2) What does this mean? I don't really get what "mask" and "comp" do here
>
> The mask specifies which flags must be examined, and the comp which
> flags must be set. Therefore flags in the mask but not in the comp must
> be cleared. Flags not in the mask may have any value.
>
>> --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN
>
> This means match if FIN,SYN set and RST,PSH,ACK,URG cleared.
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-07-05 1:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-04 12:09 Understanding --tcp-flags option Aaron Lewis
2013-07-04 12:58 ` Pascal Hambourg
2013-07-05 1:01 ` Aaron Lewis
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.