Pekka Savola wrote:
> Hello!
>
> On Sun, 24 Dec 2006, Darren Reed wrote:
>> ok, I think I've found the smoking gun here.
>>
>> The TCP options for SYN packets were being put in the wrong
>> TCP option state structure, so only one side was ever being set
>> correctly.
>>
>> I've attached two different patches here. The first is just a fix.
>>
>> The second tries to change the way td_maxend is used to be
>> a little better.
>>
>> Hopefully this will be much better for you!
>
> Thanks -- the first patch indeed fixes this. I couldn't test the
> second because compilation fails on 4.1.13 in this particular
> environment:
>
> /usr/src/sys/contrib/ipfilter/netinet/ip_state.c: In function
> `fr_delstate':
> /usr/src/sys/contrib/ipfilter/netinet/ip_state.c:2780: warning: nested
> extern declaration of `printstate'
>
> Just for the record -- which parts of the code did this problem
> affect? Something else rather than just the FTP proxy module? I'm
> hoping this will be fixed in FreeBSD mainstream soon, and the bigger
> the problem, the better the chances of a fix going in :-)
I've committed this fix into both FreeBSD-current and NetBSD-current.
I need to do follow up MFCs for FreeBSD and request pullups for NetBSD.
Darren
|