What is SINGLE:NO_TRAFFIC, and the rest?

JackTripper

Trying to figure out a problem with PPTP, i'm looking at the undocumented states table:

tcp 192.168.1.98:56953 -> 216.8.131.235:63455 -> 216.8.139.6:1723 ESTABLISHED:ESTABLISHED   
tcp 216.8.139.6:1723 <- 192.168.1.98:56953 ESTABLISHED:ESTABLISHED   
gre 192.168.1.98 -> 216.8.139.6 SINGLE:NO_TRAFFIC   
gre 216.8.139.6 <- 192.168.1.98 NO_TRAFFIC:SINGLE 

What does the value1:value2 syntax represent? Is value1 the condition of the state going left to right, and value2 is the condition of the state going right to left? i.e.

value1 -> value2
value1 <- value2

Or is value1 the condition of the state of from "from" side of the arrow, and value2 is the condition of the state on the "to" side of the arrow? i.e.

value1 -> value2
value2 <- value1

When referring to TCP traffic, i know what the ESTABLISHED state means. It's part of the TCP connection buildup/teardown process (e.g. SYN_SEND, TIME_WAIT, ESTABLISHED, FIN_WAIT2, etc).

But GRE packets (protocol 47) are not TCP packets, so i do not know what their "states" are. What is SINGLE and NO_TRAFFIC? Are these terms related to the Point-to-Point Tunneling Protocol, or are they are generic term used in BSD/pfSense? i don't think they are part of the PPTP spec, because they're not in the RFC (http://www.faqs.org/rfcs/rfc2637.html).

What does SINGLE mean? What does NO_TRAFFIC mean?

What are other possible values? If it is TCP traffic do all the standard TCP connection build-up and teardown states apply?

Valid State Table States

Valid TCP protocol traffic states

• SINGLE

• MULTIPLE

• LISTEN

• SYN_SENT

• SYN_RECEIVED

• ESTABLISHED

• CLOSE_WAIT

• LAST_ACK

• FIN_WAIT_1

• CLOSING

• FIN_WAIT_2

• TIME_WAIT

• the pfSense state table don't actually use LISTEN, or probably most others. LISTEN appers as SINGLE:MULTIPLE

Valid UDP protocol traffic states

• ?

• ?

Valid GRP protocol traffic states

• SINGLE

• NO_TRAFFIC

• ESTABLISHED

i'm hoping that if i can find the information i can turn this into a Wiki article. Google has no idea what NO_TRAFFIC is, neither does the Monowall docs.

And if i do get this answered, the followup question will be why my PPTP client connection to a remote server breaks after some time - and i have to re-establish the PPTP session for it to work again, and the GRE state goes from
  SINGLE:NO_TRAFFIC
to
  ESTABLISHED:ESTABLISHED

sullrich

The blog has a post that goes over all of this.

JackTripper

@sullrich:

The blog has a post that goes over all of this.

The blog entry
http://blog.pfsense.org/?p=137
says that the states come from the various TCP states.

Unfortunatly, there are no TCP states called SINGLE, MULTIPLE or NO_TRAFFIC. Also GRE traffic is not TCP traffic; GRE traffic doesn't have TCP states.

So the original question still stands: SINGLE, NO_TRAFFIC.

Or, is this being done by the kernel, it's nothing to do with pfSense per se, and i have to go hound the BCD guys to tell me what "SINGLE:NO_TRAFFIC" means?

Oddly enough, if you Google for "NO_TRAFFIC" you get this very post!

sullrich

http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+6.3-RELEASE&format=html explains it a bit.