From 5300f22b31cb4c247d80031f0b2f5a8d61cf6d8f Mon Sep 17 00:00:00 2001 From: Tizian Maxime Weigt Date: Thu, 29 May 2025 23:53:55 +0000 Subject: [PATCH] README.md aktualisiert --- README.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f785391..01ca1bd 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # TCP lengths and flags -| Flag Combination | Flags Set (Hex) | Purpose | IP+TCP Payload Size | Ethernet Frame Size (what XDP will see) | XDP Filtering Logic | +| Flag Combination | Flags Set (Hex) | Purpose | IP+TCP Payload Size | Ethernet Frame Size | XDP Filtering Logic | |------------------|-----------------|---------|---------------------|---------------------|---------------------| | SYN | 0x02 | Initiates connection | 40–59 bytes | 64–77 bytes | Rate limit SYN packets per source IP to prevent floods. Drop if rate exceeds threshold. SynProxy | | SYN-ACK | 0x12 | Acknowledges SYN | 40–59 bytes | 64–77 bytes | Validate against recent SYN requests using eBPF maps. Drop if no matching SYN. | @@ -13,4 +13,18 @@ | SYN-FIN | 0x03 | Invalid combination | 40 bytes | 64 bytes | Drop immediately as invalid. | | URG-ACK | 0x30 | Urgent data (rare) | 40 bytes | 64 bytes | Allow if rare, but monitor for anomalies. | | ACK-PSH-URG | 0x38 | Data with urgent flag | 40–1500 bytes | 64–1518 bytes | Allow for specific use cases, but rate limit to prevent abuse. | -| SYN-RST | 0x06 | Invalid combination | 40 bytes | 64 bytes | Drop immediately as invalid. | \ No newline at end of file +| SYN-RST | 0x06 | Invalid combination | 40 bytes | 64 bytes | Drop immediately as invalid. | + +# TCP 3-Way Handshake + +```sequenceDiagram + participant Client + participant Server + + Client->>Server: SYN + Note right of Server: Server receives SYN + Server-->>Client: SYN-ACK + Note left of Client: Client receives SYN-ACK + Client->>Server: ACK + Note right of Server: Connection established +``` \ No newline at end of file