-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When execution Bi-directional Reachability questions using TCP flags, data may not be obtained. #8904
Comments
Yep, this looks right to me. We're likely not updating the TCP flags on the return flow for ip protocol == TCP. I think this needs to be done somewhere around here: Line 207 in 4027c9f
|
Thank you for confirming. I interpreted that the source IP and port are swapped with the destination IP and port.(and vice versa) I don't know how to deal with BDD, so could you please give me some advice on how to fix it. |
Describe the bug and expected behavior
Current behavior:
No response when running a Bi-directional Reachability question with the TCP flag set to SYN.
Expected behavior:
If TCP flow occurs from server 3 to server 1, the flow is allowed because dev2's ACL is set to "established."
The expectation is that can get response data.
Consideration
I got the correct response with the TCP flags below.
・MatchTcpFlags.match_synack()
・MatchTcpFlags.match_ack()
I think that this problem, the TCP flag (ACK bit) of the return flow is not converted.
(it is thought that the above working pattern was that forward flow already set up a ACK flag, so the return flow was also working fine.)
Config
Runnable example
Sample Config.zip
The text was updated successfully, but these errors were encountered: