Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem

[Darren Reed <darrenr@reed.wattle.id.au>]

Pekka Savola wrote:
> On Thu, 21 Dec 2006, Darren Reed wrote:
>> ok, please apply the attach patch so I can collect some information from
>> the kernel.
>
> The output is like follows (there are no such messages if FTP proxy is
> disabled):
>
> fdata:maxend 1129616061 end 1129616337
> fdata:end 1129672809 seq 1129614889
> fdata:winflags 4 winscale 0
> tdata:winflags 0 winscale 0
> ack 2182360656 ackskew 0 win 65160 << 0 maxwin 8192

Ah, I think I've read the RFC incorrectly and interpreted it to
mean that if either end is not doing window scaling then it is
not enabled.

The attached diffs should undo that madness.

Darren


Index: ip_state.c
===================================================================
RCS file: /devel/CVS/IP-Filter/ip_state.c,v
retrieving revision 2.186.2.50
diff -c -r2.186.2.50 ip_state.c
*** ip_state.c  18 Dec 2006 15:53:40 -0000      2.186.2.50
--- ip_state.c  19 Dec 2006 17:35:57 -0000
***************
*** 1429,1438 ****
                            (tdata->td_winflags & TCP_WSCALE_SEEN)) {
                                if (fr_tcpoptions(fin, tcp, fdata) == -1)
                                        fin->fin_flx |= FI_BAD;
-                               if (!(fdata->td_winflags & TCP_WSCALE_SEEN)) {
-                                       fdata->td_winscale = 0;
-                                       tdata->td_winscale = 0;
-                               }
                        }
                        if ((fin->fin_out != 0) && (is->is_pass & FR_NEWISN))
                                fr_checknewisn(fin, is);
--- 1429,1434 ----
***************
*** 1549,1562 ****
                if (tdata->td_winflags & TCP_WSCALE_SEEN) {
                        fdata->td_winflags &= ~TCP_WSCALE_FIRST;
                        fdata->td_maxwin = win;
!               } else {
!                       fdata->td_winscale = 0;
!                       fdata->td_winflags &= ~(TCP_WSCALE_FIRST|
!                                               TCP_WSCALE_SEEN);
!                       tdata->td_winscale = 0;
!                       tdata->td_winflags &= ~(TCP_WSCALE_FIRST|
!                                               TCP_WSCALE_SEEN);
!                 }
        }
  
        end = seq + dsize;
--- 1545,1551 ----
                if (tdata->td_winflags & TCP_WSCALE_SEEN) {
                        fdata->td_winflags &= ~TCP_WSCALE_FIRST;
                        fdata->td_maxwin = win;
!               }
        }
  
        end = seq + dsize;
***************
*** 1592,1597 ****
--- 1581,1588 ----
                }
        }
  
+       /* TRACE(fdata, tdata, seq, end, ack, ackskew, win, maxwin) */
+ 
  #define       SEQ_GE(a,b)     ((int)((a) - (b)) >= 0)
  #define       SEQ_GT(a,b)     ((int)((a) - (b)) > 0)
        inseq = 0;
***************
*** 1672,1677 ****
--- 1663,1679 ----
                        tdata->td_maxend = ack + win;
                return 1;
        }
+ 
+ printf("fdata:maxend %u end %u\n",
+ fdata->td_maxend, end);
+ printf("fdata:end %u seq %u\n",
+ fdata->td_end, seq);
+ printf("fdata:winflags %x winscale %d\n",
+ fdata->td_winflags, fdata->td_winscale);
+ printf("tdata:winflags %x winscale %d\n",
+ tdata->td_winflags, tdata->td_winscale);
+ printf("ack %u ackskew %d win %d << %d maxwin %d\n",
+ ack, ackskew, win, fdata->td_winscale, maxwin);
        return 0;
  }