Hello!
On Sun, 24 Dec 2006, Darren Reed wrote:
ok, I think I've found the smoking gun here.
The TCP options for SYN packets were being put in the wrong
TCP option state structure, so only one side was ever being set
correctly.
I've attached two different patches here. The first is just a fix.
The second tries to change the way td_maxend is used to be
a little better.
Hopefully this will be much better for you!
Thanks -- the first patch indeed fixes this. I couldn't test the
second because compilation fails on 4.1.13 in this particular
environment:
/usr/src/sys/contrib/ipfilter/netinet/ip_state.c: In function `fr_delstate':
/usr/src/sys/contrib/ipfilter/netinet/ip_state.c:2780: warning: nested extern
declaration of `printstate'
Just for the record -- which parts of the code did this problem
affect? Something else rather than just the FTP proxy module? I'm
hoping this will be fixed in FreeBSD mainstream soon, and the bigger
the problem, the better the chances of a fix going in :-)
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
