Pekka Savola wrote: > Hello! > > On Sun, 24 Dec 2006, Darren Reed wrote: >> ok, I think I've found the smoking gun here. >> >> The TCP options for SYN packets were being put in the wrong >> TCP option state structure, so only one side was ever being set >> correctly. >> >> I've attached two different patches here. The first is just a fix. >> >> The second tries to change the way td_maxend is used to be >> a little better. >> >> Hopefully this will be much better for you! > > Thanks -- the first patch indeed fixes this. I couldn't test the > second because compilation fails on 4.1.13 in this particular > environment: > > /usr/src/sys/contrib/ipfilter/netinet/ip_state.c: In function > `fr_delstate': > /usr/src/sys/contrib/ipfilter/netinet/ip_state.c:2780: warning: nested > extern declaration of `printstate' > > Just for the record -- which parts of the code did this problem > affect? Something else rather than just the FTP proxy module? I'm > hoping this will be fixed in FreeBSD mainstream soon, and the bigger > the problem, the better the chances of a fix going in :-)
I've committed this fix into both FreeBSD-current and NetBSD-current. I need to do follow up MFCs for FreeBSD and request pullups for NetBSD. Darren
