> i was just curious, from pftop i saw these states: > udp Out 127.0.0.1:14770 127.0.0.1:53 2:1 32 0 2 186 > and w/ pfctl -s state | grep udp, u see the same kind of stuff: > udp 127.0.0.1:30551 -> 127.0.0.1:53 MULTIPLE:SINGLE > question is very simple: why? i assume the left/right sides of the ':' > ought to be identical between the reflexive rules of the stateful > connection... am i missing something? thanks :)
The state indication is client:server. Connection state is kept on each side of the connection semi independantly. For instance with TCP if someone sends a SYN and then a RESET, we'll start up in SYN_SET:CLOSED end up in TIME_WAIT:CLOSED after the RESET. Since the server never sent any traffic, it's side of the state never reflects an opened connection so we can treat the time the connection out appropriatly. back to my hangover .mike
