From owner-freebsd-questions@FreeBSD.ORG Thu Jul 26 00:07:56 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4AAF216A418 for ; Thu, 26 Jul 2007 00:07:56 +0000 (UTC) (envelope-from drew@mykitchentable.net) Received: from qsmtp2.mc.surewest.net (qsmtp.mc.surewest.net [66.60.130.145]) by mx1.freebsd.org (Postfix) with SMTP id 4347A13C478 for ; Thu, 26 Jul 2007 00:07:06 +0000 (UTC) (envelope-from drew@mykitchentable.net) Received: (qmail 15125 invoked from network); 25 Jul 2007 16:40:17 -0700 Received: by simscan 1.1.0 ppid: 15117, pid: 15120, t: 1.3787s scanners: regex: 1.1.0 attach: 1.1.0 clamav: 0.90.1/m: spam: 3.1.7-deb X-Spam-Checker-Version: SpamAssassin 3.1.7-deb (2006-10-05) on qsmtp2.surewest.net X-Spam-Level: X-Spam-Status: No, score=0.5 required=5.0 tests=AWL,BAYES_05, RCVD_IN_SORBS_DUL autolearn=no version=3.1.7-deb Received: from unknown (HELO blacklamb.mykitchentable.net) (66.205.146.210) by qsmtp2 with SMTP; 25 Jul 2007 16:40:16 -0700 Received: from [192.168.35.6] (unknown [192.168.35.6]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by blacklamb.mykitchentable.net (Postfix) with ESMTP id 58F44164B4B; Wed, 25 Jul 2007 16:40:14 -0700 (PDT) Message-ID: <46A7DF5C.4020200@mykitchentable.net> Date: Wed, 25 Jul 2007 16:40:12 -0700 From: Drew Tomlinson User-Agent: Thunderbird 2.0.0.5 (Windows/20070716) MIME-Version: 1.0 To: JD Bronson References: <200702252202.l1PM2r46003312@cheyenne.sixcompanies.com> <200702261159.l1QBx46X006755@cheyenne.sixcompanies.com> <46A1EA91.5000306@dir.bg> <200707252055.50780.max@love2party.net> <200707251950.l6PJoRxk029389@smtp.sixcompanies.com> In-Reply-To: <200707251950.l6PJoRxk029389@smtp.sixcompanies.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Jordan Gordeev , mlaier@freebsd.org, freebsd-questions@freebsd.org Subject: Re: pf and keep/modulate state on 6.2 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2007 00:07:56 -0000 On 7/25/2007 12:50 PM JD Bronson wrote: > At 08:55 PM 7/25/2007 +0200, Max Laier wrote: >> On Saturday 21 July 2007, Jordan Gordeev wrote: >> >> > I'm replying to an old and long-forgotten thread to report my recent >> > findings. >> > There's a bug in PF with modulate/synproxy state. Modulate/synproxy >> > state modulate sequence numbers, but don't modulate sequence >> numbers in >> > TCP SACK options. Some firewalls block TCP segments with sequence >> > numbers in the SACK option pointing outside the window, which causes >> > connection stalls. The bug was fixed in OpenBSD with revision 1.509 of >> > src/sys/net/pf.c about an year and a half ago. The bug is present in >> > FreeBSD-STABLE. A fix for the bug was imported in FreeBSD-CURRENT with >> > the big import of PF from OpenBSD 4.1. >> > I'm CC-ing Max to notify him of the bug present in -STABLE and to ask >> > him to deal with the issue by either porting the fix from OpenBSD, or >> > by documenting that modulate/synproxy state is broken. >> >> Good catch - sorry for the delay. Here is the diff (almost verbatim >> from >> OPENBSD_3_8). Please test and report back. I plan to commit this to >> RELENG_6 in a bit. >> >> -- >> /"\ Best regards, | mlaier@freebsd.org >> \ / Max Laier | ICQ #67774661 > > > Max - 3.8? Cant we get a bit closer and more up-to-date as far as > staying with pf and openbsd? > > I know pf changed - especially for OBSD 4.1 and it would be nice to be > CLOSER than 3.8 ? > Excuse me for butting in. This has been discussed on the pf list. A search of the archives will find you the details but basically 4.1 and FBSD 6 won't work together as I understand it. Major changes are required. However work has been done in CURRENT and is undergoing testing now but will not be back ported to STABLE because of the major changes. HTH, Drew -- Be a Great Magician! Visit The Alchemist's Warehouse http://www.alchemistswarehouse.com