2.23. FRAG

Home Prev	cOS Core 15.00.01 Log Reference Guide	Next

2.23.1. individual_frag_timeout (ID: 02000001)

Default Severity: WARNING
Log Message: Individual fragment timed out.
Explanation: A fragment of an IP packet timed out and is dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.2. fragact_contains_frags (ID: 02000002)

Default Severity: WARNING
Log Message: Internal Error: A failed active fragment contained fragments. Dropping
Explanation: An Internal Error occured when freeing an active fragment. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 2
Context Parameters: Dropped Fragments
Rule Name

2.23.3. fail_suspect_out_of_resources (ID: 02000003)

Default Severity: CRITICAL
Log Message: Out of reassembly resources for suspect. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact>
Explanation: Out of fragmentation-reassembly resources when processing the IP packet, which may contain illegal fragments. Dropping packet and freeing resources.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: srcip
destip
ipproto
fragid
fragact
frags
Context Parameters: Dropped Fragments
Rule Name

2.23.4. fail_out_of_resources (ID: 02000004)

Default Severity: CRITICAL
Log Message: Out of reassembly resources. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact>
Explanation: Out of fragmentation-reassembly resources when processing the IP packet. Dropping packet and freeing resources.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: srcip
destip
ipproto
fragid
fragact
frags
Context Parameters: Dropped Fragments
Rule Name

2.23.5. fail_suspect_timeout (ID: 02000005)

Default Severity: WARNING
Log Message: Time out reassembling suspect. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact>
Explanation: Timed out when reassembling a fragmented IP packet, which may contain illegal fragments. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: srcip
destip
ipproto
fragid
fragact
frags
Context Parameters: Dropped Fragments
Rule Name

2.23.6. fail_timeout (ID: 02000006)

Default Severity: WARNING
Log Message: Time out reassembling. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact>
Explanation: Timed out when reassembling a fragmented IP packet. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: srcip
destip
ipproto
fragid
fragact
frags
Context Parameters: Dropped Fragments
Rule Name

2.23.7. disallowed_suspect (ID: 02000007)

Default Severity: WARNING
Log Message: Dropping stored fragments of disallowed suspect packet. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact>
Explanation: The fragments of a disallowed IP packet, which may contain illegal fragments, were dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: srcip
destip
ipproto
fragid
fragact
frags
Context Parameters: Dropped Fragments
Rule Name

2.23.8. drop_frags_of_disallowed_packet (ID: 02000008)

Default Severity: WARNING
Log Message: Dropping stored fragments of disallowed packet. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact>
Explanation: The fragments of a disallowed IP packet were dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: srcip
destip
ipproto
fragid
fragact
frags
Context Parameters: Dropped Fragments
Rule Name

2.23.9. drop_frags_of_illegal_packet (ID: 02000009)

Default Severity: WARNING
Log Message: Dropping fragments of illegal packet. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact>
Explanation: The fragments of an illegal IP packet were dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: srcip
destip
ipproto
fragid
fragact
frags
Context Parameters: Dropped Fragments
Rule Name

2.23.10. drop_extraneous_frags_of_completed_packet (ID: 02000010)

Default Severity: WARNING
Log Message: Dropping extraneous fragments of completed packet. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact>
Explanation: A completed reassembled IP packet contains extraneous fragments, which are dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: srcip
destip
ipproto
fragid
fragact
frags
Context Parameters: Dropped Fragments
Rule Name

2.23.11. learn_state (ID: 02000011)

Default Severity: ERROR
Log Message: Internal Error: Invalid state <state>
Explanation: Internal Error, the fragmented IP packet has an invalid state.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: state
Context Parameters: Dropped Fragments
Rule Name

2.23.12. drop_duplicate_frag_suspect_packet (ID: 02000012)

Default Severity: WARNING
Log Message: Dropping duplicate fragment of suspect packet
Explanation: A duplicate fragment of an IP packet, which may contain illegal fragments, was received. Dropping the duplicate fragment.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.13. drop_duplicate_frag (ID: 02000013)

Default Severity: WARNING
Log Message: Dropping duplicate fragment
Explanation: A duplicate fragment of an IP packet was received. Dropping the duplicate fragment.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.14. frag_offset_plus_length_not_in_range (ID: 02000014)

Default Severity: ERROR
Log Message: Fragment offset+length not in range <minipdatalen>-<maxipdatalen>
Explanation: The fragment offset and length would be outside of the allowed IP size range. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: minipdatalen
maxipdatalen
Context Parameters: Rule Name
Packet Buffer

2.23.15. no_available_fragacts (ID: 02000015)

Default Severity: WARNING
Log Message: Internal Error: No available resources (out of memory?).
Explanation: An Internal Error occured. Failed to create necessary fragmentation reassembly resources. This could be a result of the unit being out of memory.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.16. bad_ipdatalen (ID: 02000016)

Default Severity: ERROR
Log Message: Bad IPDataLen=<ipdatalen>
Explanation: The partly reassembled IP packet has an invalid IP data length. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: ipdatalen
Context Parameters: Rule Name
Packet Buffer

2.23.17. bad_ipdatalen (ID: 02000017)

Default Severity: ERROR
Log Message: Fragment offset+length is greater than the configured maximum <maxipdatalen>
Explanation: The fragment offset plus length would result in a greater length than the configured maximum length of an IP packet. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: maxipdatalen
Context Parameters: Rule Name
Packet Buffer

2.23.18. overlapping_frag (ID: 02000018)

Default Severity: ERROR
Log Message: Overlapping fragment
Explanation: This fragment would overlap the next fragment offset. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.19. bad_offs (ID: 02000019)

Default Severity: ERROR
Log Message: Bad fragment offset
Explanation: The fragment has an invalid offset. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.20. duplicate_frag_with_different_length (ID: 02000020)

Default Severity: ERROR
Log Message: Duplicate fragment with different length received
Explanation: The fragment is a duplicate of an already received fragment, but the fragment lengths differ. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.21. duplicate_frag_with_different_data (ID: 02000021)

Default Severity: ERROR
Log Message: Duplicate fragment with different data received
Explanation: The fragment is a duplicate of an already received fragment, but the fragment data differs. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.22. partial_overlap (ID: 02000022)

Default Severity: ERROR
Log Message: Fragments partially overlap
Explanation: Two fragments partially overlap. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.23. drop_frag_disallowed_suspect_packet (ID: 02000023)

Default Severity: WARNING
Log Message: Dropping fragment of disallowed suspect packet
Explanation: A fragment of a disallowed IP packet, which may contain illegal fragments, is dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.24. drop_frag_disallowed_packet (ID: 02000024)

Default Severity: WARNING
Log Message: Dropping fragment of disallowed packet
Explanation: A fragment of a disallowed IP packet is dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.25. already_completed (ID: 02000025)

Default Severity: ERROR
Log Message: Dropping extraneous fragment of completed packet
Explanation: A completed reassembled IP packet contains a extraneous fragment, which is dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.26. drop_frag_failed_suspect_packet (ID: 02000026)

Default Severity: WARNING
Log Message: Dropping fragment of failed suspect packet
Explanation: A fragment of a failed IP packet, which may contain illegal fragments, is dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.27. drop_frag_failed_packet (ID: 02000027)

Default Severity: WARNING
Log Message: Dropping fragment of failed packet
Explanation: A fragment of a failed IP packet is dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.28. drop_frag_illegal_packet (ID: 02000028)

Default Severity: WARNING
Log Message: Dropping fragment of illegal packet
Explanation: A fragment of an illegal IP packet is dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.29. fragments_available_freeing (ID: 02000100)

Default Severity: WARNING
Log Message: Internal Error: Contains fragments even when freeing. Dropping
Explanation: An Internal Error occured when freeing an active fragment. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 2
Context Parameters: Dropped Fragments
Rule Name

2.23.30. bad_ipdatalen (ID: 02000116)

Default Severity: ERROR
Log Message: Bad IPDataLen=<ipdatalen>
Explanation: The partly reassembled IP packet has an invalid IP data length. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: ipdatalen
Context Parameters: Rule Name
Packet Buffer

2.23.31. single_frag (ID: 02000117)

Default Severity: ERROR
Log Message: Illegal fragment, last fragment with zero offset. Dropping packet.
Explanation: A fragment with More Fragments flag cleared and an Offset of zero is not a legal fragment. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.23.32. bad_offs (ID: 02000119)

Default Severity: ERROR
Log Message: Bad fragment offset
Explanation: The fragment has an invalid offset. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer