There are a couple of significant changes between 4.1.9 and 4.1.10. Firstly, after spending some time with gcov, I've taken steps to expand the number of lines of code that the test suite covers. I'll continue to work on expanding the coverage here until I'm satisfied that as much of the code can be tested with ipftest as possible.
Next, there have been some problems on Solaris with sending TCP RST and ICMP packets back, causing panics due to bad use of locks. These problems have been licked. Lastly, I've spent some time closely analysing packet traces from situations where TCP out of window (OOW) packets have been resulting in RSTs being sent and the connections closed. As noted in an earlier email, there have been two contributors to this: window scaling being incorrectly turned off and bugs in Microsoft Windows XP/2000's TCP, especially SACK. My advice is that if you're having problems with "keep state" and TCP data transfers with Windows, disable SACK. To reduce the problem, RST packets are no longer sent if a packet is OOW, the offender will just be dropped. Of course there are other changes and bug fixes, including those posted to this list - see below for a bigger summary. http://coombs.anu.edu.au/~avalon/ip_fil4.1.10.tar.gz MD5 (ip_fil4.1.10.tar.gz) = 6d00cb091ba047738d2c14a23b3020ed MD5 (patch-4.1.10.gz) = b0bf95ffdbae2a3d877aadb214f68a97 Darren 4.1.10 - Released 6 December 2005 Expand regression testing to cover more features Add "coverage" build target for BSD Fix building 64bit sparc target for Solaris Add IPv6 mobility header to list of accepted keywords for V6 headers Resolve locking problems on Solaris when sending RST/icmp packets #ifdef's for IPFILTER_BPF need to check if words are defined before using them in comparisons Add checking for SACK permitted option in TCP SYN packets Fix loading anonymous pools from inline rule configuration groups Add -C command line option to ipftest Include extra "const" from NetBSD Don't require SIOCKSTLCK for SIOCSTPUT Fix some use of "sticky" on NAT rules Fix statistical counting of deleting state for TCP connections Fix compile problems caused by changes to is_opt/is_optmsk in ip_sync.c Fix TCP out-of-window (OOW) problems: - window scaling turned off if one chose for its scale factor - Microsoft Windows TCP sends the "next packet" to the right of the window when using SACK and filling in a hole 4.1.9 - Released 13 August 2005
