Hi Darren,
I found that this function of 4.1.24 has more code than 4.1.17 below. Is this
also needed for OOW issue?
/*
* If a SYN packet is received for a connection that is on the way out
* but hasn't yet departed then advance this session along the way.
*/
if ((tcp->th_flags & TH_OPENING) == TH_SYN) {
if ((is->is_state[0] > IPF_TCPS_ESTABLISHED) &&
(is->is_state[1] > IPF_TCPS_ESTABLISHED)) {
is->is_state[!source] = IPF_TCPS_CLOSED;
fr_movequeue(&is->is_sti, is->is_sti.tqe_ifq, &ips_deletetq);
MUTEX_EXIT(&is->is_lock);
return 0;
}
}
Thanks,
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Xu, Chun Gang
(Titan)
Sent: 2007年9月12日 15:54
To: [EMAIL PROTECTED]
Cc: ipfilter
Subject: RE: any patch for the OOW issue?
Great!
So can I just replace fr_tcpstate() of 4.1.10 with one of the higher version
like 4.1.17, then rebuild ipfilter, because I can't replace the whole ipfilter
software?
Below is the comparison between 4.1.17 and 4.1.10
45c45,46
< if ((TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2))) {
---
> if ((TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2)) &&
> (tdata->td_winflags & TCP_WSCALE_SEEN)) {
47a49,52
> if (!(fdata->td_winflags & TCP_WSCALE_SEEN)) {
> fdata->td_winscale = 0;
> tdata->td_winscale = 0;
> }
54c59
< if (fr_tcpoptions(fin, tcp, fdata) == -1)
---
> if (fr_tcpoptions(fin, tcp, tdata) == -1)
Thanks,
-----Original Message-----
From: Darren Reed [mailto:[EMAIL PROTECTED]
Sent: 2007年9月11日 21:04
To: Xu, Chun Gang (Titan)
Cc: ipfilter
Subject: Re: any patch for the OOW issue?
Xu, Chun Gang (Titan) wrote:
> Hi,
>
> Is there any patch for the OOW issue below? I looked through the list
> and found several topics related to this issue, but seems no any fix,
> right?
>
> PS, I am using ipfilter 4.1.10 on Solaris 9.
>
I believe that this has been fixed.
Look at the start of fr_tcpstate().
Darren
