On Tue, Apr 18, 2006 at 11:17:30AM +0100, John Line wrote:
> We've been using IP Filter V3.4.31 on Solaris 9 (SPARC, 64-bit; compiled
> with Sun's C compiler) for a year or two on some of our servers, and it was
> working fine except for an obscure problem [1] that came to light fairly
> recently, which prompted me to try a current version to see if that would
> cure the problem.
>
3.4.3x gets TCP window scaling wrong, FTP servers and clients tend
to set large socket buffers, when these exceed 64k, window scaling is
typically negotiated. The patch below is for 3.4.35. If you are
willing to try 3.4.3x, it may as well be the most up-to-date version
(3.4.35 + this patch).
--- ip_state.c 2006/03/07 20:47:08 1.1
+++ ip_state.c 2006/03/07 20:48:22
@@ -956,8 +956,8 @@
(SEQ_GE(seq, fdata->td_end - maxwin)) &&
/* XXX what about big packets */
#define MAXACKWINDOW 66000
- (-ackskew <= (MAXACKWINDOW << tdata->td_wscale)) &&
- ( ackskew <= (MAXACKWINDOW << tdata->td_wscale))) {
+ (-ackskew <= (MAXACKWINDOW)) &&
+ ( ackskew <= (MAXACKWINDOW << fdata->td_wscale))) {
/* if ackskew < 0 then this should be due to fragmented
* packets. There is no way to know the length of the
--
Viktor.
