README.md aktualisiert

2025-05-29 23:53:55 +00:00 · 2025-05-29 23:53:55 +00:00 · 5300f22b31
commit 5300f22b31
parent 6866d54747
1 changed files with 16 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # TCP lengths and flags

-| Flag Combination | Flags Set (Hex) | Purpose | IP+TCP Payload Size | Ethernet Frame Size (what XDP will see) | XDP Filtering Logic |
+| Flag Combination | Flags Set (Hex) | Purpose | IP+TCP Payload Size | Ethernet Frame Size | XDP Filtering Logic |
 |------------------|-----------------|---------|---------------------|---------------------|---------------------|
 | SYN | 0x02 | Initiates connection | 40–59 bytes | 64–77 bytes | Rate limit SYN packets per source IP to prevent floods. Drop if rate exceeds threshold. SynProxy |
 | SYN-ACK | 0x12 | Acknowledges SYN | 40–59 bytes | 64–77 bytes | Validate against recent SYN requests using eBPF maps. Drop if no matching SYN. |
@ -13,4 +13,18 @@
 | SYN-FIN | 0x03 | Invalid combination | 40 bytes | 64 bytes | Drop immediately as invalid. |
 | URG-ACK | 0x30 | Urgent data (rare) | 40 bytes | 64 bytes | Allow if rare, but monitor for anomalies. |
 | ACK-PSH-URG | 0x38 | Data with urgent flag | 40–1500 bytes | 64–1518 bytes | Allow for specific use cases, but rate limit to prevent abuse. |
-| SYN-RST | 0x06 | Invalid combination | 40 bytes | 64 bytes | Drop immediately as invalid. |
+| SYN-RST | 0x06 | Invalid combination | 40 bytes | 64 bytes | Drop immediately as invalid. |
+
+# TCP 3-Way Handshake
+
+```sequenceDiagram
+    participant Client
+    participant Server
+
+    Client->>Server: SYN
+    Note right of Server: Server receives SYN
+    Server-->>Client: SYN-ACK
+    Note left of Client: Client receives SYN-ACK
+    Client->>Server: ACK
+    Note right of Server: Connection established
+```