On 08.03.2005 11:55 -0800, Fred Wright wrote:
> That's exactly the symptom I was having due to the window scaling
> bug in IPFilter, which I fixed a while back. Apparently there was
> a problem merging the fix into the new kernel.
Well, I decided to use the ipfilter 3.4.35 that comes with FreeBSD
5.3, and wasn't sure whether the window scaling bug had already been
fixed in 3.4.35, or if your patch against 3.4.33 needed modification.
Could you please take a look at ipfilter 3.4.35 and let me know if
your patch still applies?
> Although the announcement didn't specifically mention it, the fix
> for the IPFilter bug where NAT was screwing up checksums of ICMP
> errors may have been lost as well. The most obvious symptom is
> traceroute not working, but it could break PMTU discovery as well.
AFAIK that has been fixed in ipfilter 3.4.35.
> I don't know why 802.11a/g support was so important that it
> justified rushing into 5.3 with known broken basic firewall
Ask the people who requested Atheros support... Maybe it's time to
submit the window scaling patch to Darren Reed so it can be included
in ipfilter 3.4.36 (or at least to the FreeBSD project, given that
ipfilter 3.4.35 is the version that comes with 5.3).