IPfilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Updating ipfilter on FreeBSD 6.x

from [Peter Jeremy] [Permanent Link][Original]
To: "Peter J. Cherny" <peterc@luddite.com.au>
Subject: Re: Updating ipfilter on FreeBSD 6.x
From: Peter Jeremy <peterjeremy@optushome.com.au>
Date: Fri, 23 Feb 2007 21:52:12 +1100
Cc: ipfilter@coombs.anu.edu.au
Delivered-to: sp-com-lists@consult.net
Delivered-to: ipfilter-list@securepoint.com
In-reply-to: <7.0.1.0.2.20070222102536.022e5618@luddite.com.au>
References: <E118913B-182B-4808-B635-E857DB3A0521@martinshouse.com> <45DCC8D3.9070104@passagen.se> <7.0.1.0.2.20070222102536.022e5618@luddite.com.au>
Sender: owner-ipfilter@coombs.anu.edu.au
User-agent: Mutt/1.5.13 (2006-08-11) 
On 2007-Feb-22 10:41:32 +1100, "Peter J. Cherny" <peterc@luddite.com.au> wrote:
>My Q&D solution to OOW issues in 6.2+4.1.13 was to edit two lines
>in ip_state.c and rebuild the kernel (with the IPFILTER options)
>
> #define MAXACKWINDOW 66000
>-           (-ackskew <= (MAXACKWINDOW << tdata->td_wscale)) &&
>-           ( ackskew <= (MAXACKWINDOW << tdata->td_wscale))) {
>+           (-ackskew <= (MAXACKWINDOW)) &&
>+           ( ackskew <= (MAXACKWINDOW << fdata->td_wscale))) {

Even with this patch, I still get OOW errors.  I'm even getting OOW
errors on incoming SYN packets - which is definitely wrong.  The
4.1.19 change notes refer to window scaling fixes in 4.1.17 - possibly
it needs more of the ip_state.c changes.

I suspect that at least some of the ENETUNREACH errors that I reported
are related to this bug.

-- 
Peter Jeremy

Attachment: pgppE9xcvaR69.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IPFilter 4.1.19, pfil 2.1.12, Robin Breathe
Next by Date:  User/kernel version check failed FreeBSD6.2, Roger Olofsson
Previous by Thread:  Re: Updating ipfilter on FreeBSD 6.x, Roger Olofsson
Next by Thread:  question about h323 nat proxy, forge
Indexes:  [Date] [Thread] [Top] [All Lists]