In some email I received from James R Grinter, sie wrote: > (Yes! I really am still running a SunOS4.1.4 system.) > > I've been running 3.4.19 for some time, but have made a couple of > recent aborted attempts to get the latest version (3.4.31) running. > > The symptoms are that connections present in the state table aren't > matched by returning packets for those connections. As an experiment, I > removed all my 'flags S...' sections from TCP 'keep state' rules, and > observed that multiple state entries are created for an outgoing > connection's traffic, and returning packets are mostly permitted (the > closing FIN seems not to be). NAT'd connections don't function (the > returning packet doesn't match the NAT state and get mapped.) > > I've done a bit of regression, with a simple set of test rules just to > avoid any unnecessary complexity/errors in my usual set, and this > breakage seems to have appeared with 3.4.23 - unfortunately a version > that came with a large number of changes.
Can you compose a regression test similar to those in the tests directory which highlights the problem ? Use tcpdump (-s 1500 -x) to capture packets and generate the hex input required. Darren
