Re: Why all these unclean packets?
Dans un message du 30 Nov à 12:58, mdevin@ozemail.com.au écrivait :
> Here is some example ones from my syslog:
> Nov 30 12:32:00 beast kernel: ipt_unclean: TCP flags bad: 4
> Nov 30 12:32:00 beast kernel: unclean_::IN=ppp0 OUT= MAC=
> SRC=212.43.237.66 DST=144.134.71.208 LEN=40 TOS=0x00 PREC=0x00 TTL=238
> ID=40412 PROTO=TCP SPT=80 DPT=33041 WINDOW=0 RES=0x00 RST URGP=0
It is just an unclean bug that has been there forever. You can safely
ignore those warnings. Applying this patch will fix that problem and fix
another unclean problem :
diff -uNr linux-2.4.14-pre8/net/ipv4/netfilter/ipt_unclean.c linux-tcprb-fixed/net/ipv4/netfilter/ipt_unclean.c
--- linux-2.4.14-pre8/net/ipv4/netfilter/ipt_unclean.c Wed Oct 31 14:38:23 2001
+++ linux-tcprb-fixed/net/ipv4/netfilter/ipt_unclean.c Sun Nov 4 08:30:58 2001
@@ -257,6 +257,8 @@
#define TH_PUSH 0x08
#define TH_ACK 0x10
#define TH_URG 0x20
+#define TH_ECE 0x40
+#define TH_CWR 0x80
/* TCP-specific checks. */
static int
@@ -328,9 +330,10 @@
}
/* CHECK: TCP flags. */
- tcpflags = ((u_int8_t *)tcph)[13];
+ tcpflags = (((u_int8_t *)tcph)[13] & ~(TH_ECE|TH_CWR));
if (tcpflags != TH_SYN
&& tcpflags != (TH_SYN|TH_ACK)
+ && tcpflags != TH_RST
&& tcpflags != (TH_RST|TH_ACK)
&& tcpflags != (TH_RST|TH_ACK|TH_PUSH)
&& tcpflags != (TH_FIN|TH_ACK)
--
Guillaume Morin <guillaume@morinfr.org>
If it doesn't work, force it. If it breaks, it needed replacing anyway.
Reply to: