Re: IPF and ECN

[Darren Reed <darrenr () reed wattle id au>]

In some email I received from Patrick Oonk, sie wrote:
> Hi,
>
> My IPF firewall is barfing about packets containing
> ECN information (Explicit Congestion Notification,
> http://www.aciri.org/floyd/ecn.html). 
> The strange thing is, that it does not log WHY, just
> that it blocked the packet. I have been reading the
> ipf docs and I see no way to pass packets containing that 
> extra information. I think that IPF just expects the
> position in the packet to be zero and blocks it.
>
> I have also looked into newer versions of IPF, and found
> no info about the processing of ECN info.
>       
> Any clues ?

The log output should tell you which filter rule is causing
them to be blocked & logged.  What you will find is that
because TCP ECN is relatively new, IP Filter doesn't support
filtering on it and thus if you say "flags S" (for example)
then that means *JUST* the SYN flag.  I've been looking for a
canonical source of information on ECN for a while now, so
thanks for the URL.  I'd appreciate it if you could follow
this up with me offline as I don't have any systems which
support ECN at my disposal.

Cheers,
Darren

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards