Troubleshooting guide
Appendix A: State Tables for VPN-1/FireWall-1 4.0 General tables
Advanced Technical Reference Guide 4.1 • June 2000 144
Value of ‘l’ Description
0 Match by protocol (the most common value)
1 Match by offset (never used)
2 Match by RPC (for RPC connections)
3 Match by getport (for RPC connections)
4 Match by callit (for RPC connections)
5 Match by seq/ack change (for encrypted/NATed connections where the SEQ/ACK numbers
may be changed
Digit ‘k’ is interpreted as four binary digits of the form 0xyz. If a bit in any position is set to 1, the
corresponding value in the table below is assumed.
Bit of digit ‘k’ Description
0 First bit is always 0
x Established TCP connection
y FIN sent in reverse connection (by the destination)
z FIN sent in forward connection (by the source)
r_cflags
The r_cflags field contains eight hexadecimal digits that should be interpreted as four bytes of the form ghij.
The values of g, h, i and j are interpreted using the tables below.
Byte j is interpreted as eight binary digits of the form PQRSTUVW. If a bit in any position is set to 1, the
corresponding value in the table below is assumed.
Bit of byte ‘j’ Description
P Accounting flag (0 if the connection has no accounting)
Q Accounting flag (0 if the connection has no accounting)
R Accounting flag (0 if the connection has no accounting)
S More inspection needed for this connection (has prologue)
T Reverse connection accepted without going through Rule Base
U Connection accepted without going through Rule Base
V One way connection (only the destination sends data)
W One way connection (only the source sends data)
Byte i may have the following values:
Hexadecimal value Description
0x66, 0x67 IIOP connections
0x82 clear FTP PORT command
0x83 encrypted FTP PORT command
0x84 FTP PASV command
0x86 RSH stderr connection
0x88 H.245 connection