2.71. TCP

Home Prev	cOS Core 15.00.01 Log Reference Guide	Next

2.71.1. tcp_mss_too_low (ID: 03400001)

Default Severity: NOTICE
Log Message: TCP MSS <mss> too low. TCPMSSMin=<minmss>
Explanation: The TCP MSS is too low. Ignoring.
Firewall Action: ignore
Recommended Action: None
Revision: 1
Parameters: tcpopt
mss
minmss
Context Parameters: Rule Name
Packet Buffer

2.71.2. tcp_mss_too_low (ID: 03400002)

Default Severity: NOTICE
Log Message: TCP MSS <mss> too low. TCPMSSMin=<minmss>. Adjusting
Explanation: The TCP MSS is too low. Adjusting to use the configured minimum MSS.
Firewall Action: adjust
Recommended Action: None
Revision: 1
Parameters: tcpopt
mss
minmss
Context Parameters: Rule Name
Packet Buffer

2.71.3. tcp_mss_too_high (ID: 03400003)

Default Severity: NOTICE
Log Message: TCP MSS <mss> too high. TCPMSSMax=<maxmss>
Explanation: The TCP MSS is too high. Ignoring.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: tcpopt
mss
maxmss
Context Parameters: Rule Name
Packet Buffer

2.71.4. tcp_mss_too_high (ID: 03400004)

Default Severity: NOTICE
Log Message: TCP MSS <mss> too high. TCPMSSMax=<maxmss>. Adjusting
Explanation: The TCP MSS is too high. Adjusting to use the configured maximum MSS.
Firewall Action: adjust
Recommended Action: None
Revision: 1
Parameters: tcpopt
mss
maxmss
Context Parameters: Rule Name
Packet Buffer

2.71.5. tcp_mss_above_log_level (ID: 03400005)

Default Severity: NOTICE
Log Message: TCP MSS <mss> higher than log level. TCPMSSLogLevel=<mssloglevel>
Explanation: The TCP MSS is higher than the log level.
Firewall Action: log
Recommended Action: None
Revision: 1
Parameters: tcpopt
mss
mssloglevel
Context Parameters: Rule Name
Packet Buffer

2.71.6. tcp_option (ID: 03400006)

Default Severity: NOTICE
Log Message: Packet has a type <tcpopt> TCP option
Explanation: The packet has a TCP Option of the specified type. Ignoring.
Firewall Action: ignore
Recommended Action: None
Revision: 1
Parameters: tcpopt
Context Parameters: Rule Name
Packet Buffer

2.71.7. tcp_option_strip (ID: 03400007)

Default Severity: NOTICE
Log Message: Packet has a type <tcpopt> TCP option. Stripping it
Explanation: The packet has a TCP Option of the specified type. Removing it.
Firewall Action: strip
Recommended Action: None
Revision: 1
Parameters: tcpopt
Context Parameters: Rule Name
Packet Buffer

2.71.8. bad_tcpopt_length (ID: 03400010)

Default Severity: WARNING
Log Message: Type <tcpopt> is multibyte, available=<avail>. Dropping
Explanation: The TCP Option type is multi byte which requires two bytes and there is less than two bytes available. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: tcpopt
minoptlen
avail
Context Parameters: Rule Name
Packet Buffer

2.71.9. bad_tcpopt_length (ID: 03400011)

Default Severity: WARNING
Log Message: Type <tcpopt> claims length=<len> bytes, avail=<avail> bytes. Dropping
Explanation: The TCP Option type does not fit in the option space. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: tcpopt
len
avail
Context Parameters: Rule Name
Packet Buffer

2.71.10. bad_tcpopt_length (ID: 03400012)

Default Severity: WARNING
Log Message: Type <tcpopt>: bad length <optlen>. Expected <expectlen> bytes. Dropping
Explanation: The TCP Option type has an invalid length. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: tcpopt
optlen
expectlen
Context Parameters: Rule Name
Packet Buffer

2.71.11. tcp_mss_too_low (ID: 03400013)

Default Severity: WARNING
Log Message: TCP MSS <mss> too low. TCPMSSMin=<minmss>. Dropping
Explanation: The TCP MSS is too low. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: tcpopt
mss
minmss
Context Parameters: Rule Name
Packet Buffer

2.71.12. tcp_mss_too_high (ID: 03400014)

Default Severity: WARNING
Log Message: TCP MSS <mss> too high. TCPMSSMax=<maxmss>. Dropping
Explanation: The TCP MSS is too high. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: tcpopt
mss
maxmss
Context Parameters: Rule Name
Packet Buffer

2.71.13. tcp_option_disallowed (ID: 03400015)

Default Severity: WARNING
Log Message: Packet has a <tcpopt> TCP option, which is disallowed. Dropping
Explanation: The packet has a TCP Option of the specified type. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: tcpopt
Context Parameters: Rule Name
Packet Buffer

2.71.14. multiple_tcp_ws_options (ID: 03400017)

Default Severity: WARNING
Log Message: Multiple window scale options present in a single TCP segment
Explanation: Multiple TCP window scale options present in a single TCP segment.
Firewall Action: strip
Recommended Action: None
Revision: 1
Context Parameters: Connection
Packet Buffer

2.71.15. too_large_tcp_window_scale (ID: 03400018)

Default Severity: WARNING
Log Message: TCP window scale option with shift count <shift_cnt> was received. The shift count will be lowered to 14.
Explanation: A TCP segment with a window scale option specifying a shift count that is larger than 14 was received. The shift count will be lowered to 14.
Firewall Action: adjust
Recommended Action: None
Revision: 1
Parameters: shift_cnt
Context Parameters: Connection
Packet Buffer

2.71.16. mismatching_tcp_window_scale (ID: 03400019)

Default Severity: WARNING
Log Message: Mismatching TCP window scale shift count. Expected <old> got <new> will use <effective>
Explanation: TCP segment with a window scale option specifying a different shift count than previous segments was received. The lower of the two values will be used.
Firewall Action: adjust
Recommended Action: None
Revision: 1
Parameters: old
new
effective
Context Parameters: Connection
Packet Buffer

2.71. TCP_OPT

2.71.1. tcp_mss_too_low (ID: 03400001)

2.71.2. tcp_mss_too_low (ID: 03400002)

2.71.3. tcp_mss_too_high (ID: 03400003)

2.71.4. tcp_mss_too_high (ID: 03400004)

2.71.5. tcp_mss_above_log_level (ID: 03400005)

2.71.6. tcp_option (ID: 03400006)

2.71.7. tcp_option_strip (ID: 03400007)

2.71.8. bad_tcpopt_length (ID: 03400010)

2.71.9. bad_tcpopt_length (ID: 03400011)

2.71.10. bad_tcpopt_length (ID: 03400012)

2.71.11. tcp_mss_too_low (ID: 03400013)

2.71.12. tcp_mss_too_high (ID: 03400014)

2.71.13. tcp_option_disallowed (ID: 03400015)

2.71.14. multiple_tcp_ws_options (ID: 03400017)

2.71.15. too_large_tcp_window_scale (ID: 03400018)

2.71.16. mismatching_tcp_window_scale (ID: 03400019)