| To: | ipfilter@coombs.anu.edu.au |
|---|---|
| Subject: | Re: Problems with stateful filtering in 4.1.22 |
| From: | Martti Kuparinen <martti.kuparinen@iki.fi> |
| Date: | Fri, 25 May 2007 09:56:27 +0300 (EEST) |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | ipfilter-list@securepoint.com |
| In-reply-to: | <4653DE36.2020908@iki.fi> |
| References: | <4642F80E.5060902@iki.fi> <46459B06.5000803@reed.wattle.id.au> <4653DE36.2020908@iki.fi> |
| Sender: | owner-ipfilter@coombs.anu.edu.au |
These problems can be solved with the following patch (which is already
commited to NetBSD 4.99.x and pullup request for netbsd-4 already sent).
Martti
Index: ip_state.c
===================================================================
RCS file: /cvsroot/src/sys/dist/ipf/netinet/ip_state.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- ip_state.c 15 May 2007 22:52:51 -0000 1.24
+++ ip_state.c 25 May 2007 06:44:20 -0000 1.25
@@ -3510,6 +3510,7 @@
if ((tcpflags & (TH_FIN|TH_ACK)) == TH_ACK) {
nstate = IPF_TCPS_TIME_WAIT;
}
+ rval = 1;
break;
case IPF_TCPS_LAST_ACK: /* 8 */
@@ -3547,13 +3548,14 @@
case IPF_TCPS_TIME_WAIT: /* 10 */
/* we're in 2MSL timeout now */
+ rval = 2;
if (ostate == IPF_TCPS_LAST_ACK) {
nstate = IPF_TCPS_CLOSED;
}
- rval = 1;
break;
case IPF_TCPS_CLOSED: /* 11 */
+ rval = 2;
break;
default :
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RE: A question about frpr_routing6 function in IPF4.1.22, Yenting Chen -陳彥廷 |
|---|---|
| Next by Date: | Cache hit stats, Darren Reed |
| Previous by Thread: | Re: Problems with stateful filtering in 4.1.22, Martti Kuparinen |
| Next by Thread: | IPFilter 4.1.21, Darren Reed |
| Indexes: | [Date] [Thread] [Top] [All Lists] |