Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TCP Flags set bug?

    Scheduled Pinned Locked Moved Traffic Shaping
    2 Posts 2 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hshh
      last edited by

      I am about to set SYN packet high priority,detail is in TCP Flags, SYN set, ACK cleared, others don't care.
      After apply settings, I found the rules added by webui is,
      pass in on rl0 proto tcp all flags S/FSRPAU keep state tag qLANacks tagged unshaped
      pass out on vr0 proto tcp all flags S/FSRPAU keep state tag qWANacks tagged qLANacks

      S/FSRPAU, why not S/SA ? Is it a bug?

      1 Reply Last reply Reply Quote 0
      • B
        billm
        last edited by

        @hshh:

        I am about to set SYN packet high priority,detail is in TCP Flags, SYN set, ACK cleared, others don't care.
        After apply settings, I found the rules added by webui is,
        pass in on rl0 proto tcp all flags S/FSRPAU keep state tag qLANacks tagged unshaped
        pass out on vr0 proto tcp all flags S/FSRPAU keep state tag qWANacks tagged qLANacks

        S/FSRPAU, why not S/SA ? Is it a bug?

        flags <a>/ | / This rule only applies to TCP packets that have the flags</a> ****<a>set
                  out of set **.  Flags not specified in **are ignored.  The flags
                  are: (F)IN, (S)YN, (R)ST, (P)USH, (A)CK, (U)RG, (E)CE, and C(W)R.

        flags S/S  Flag SYN is set.  The other flags are ignored.

        flags S/SA  Out of SYN and ACK, exactly SYN may be set.  SYN,
                              SYN+PSH and SYN+RST match, but SYN+ACK, ACK and ACK+RST
                              do not.  This is more restrictive than the previous ex-
                              ample.

        flags /SFRA
                              If the first set is not specified, it defaults to none.
                              All of SYN, FIN, RST and ACK must be unset.</a>

        <a>–Bill</a>

        pfSense core developer
        blog - http://www.ucsecurity.com/
        twitter - billmarquette

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.