[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 1.2b6 QT trailers stalling after a certain amount of download
 Date:  Tue, 15 Mar 2005 02:57:23 -0800 (PST) 
On Sun, 13 Mar 2005, Manuel Kasper wrote:
> 
> On 08.03.2005 11:55 -0800, Fred Wright wrote:
> 
> > That's exactly the symptom I was having due to the window scaling
> > bug in IPFilter, which I fixed a while back.  Apparently there was
> > a problem merging the fix into the new kernel.
> 
> Well, I decided to use the ipfilter 3.4.35 that comes with FreeBSD
> 5.3, and wasn't sure whether the window scaling bug had already been
> fixed in 3.4.35, or if your patch against 3.4.33 needed modification.
> Could you please take a look at ipfilter 3.4.35 and let me know if
> your patch still applies?

Yes, that code didn't change from 3.4.33 to 3.4.35, including failing to
incorporate the fix.  So the same two-character edit still applies.

> > Although the announcement didn't specifically mention it, the fix
> > for the IPFilter bug where NAT was screwing up checksums of ICMP
> > errors may have been lost as well.  The most obvious symptom is
> > traceroute not working, but it could break PMTU discovery as well.
> 
> AFAIK that has been fixed in ipfilter 3.4.35.

Not exactly.  I've confirmed that traceroute is broken again when NATting
through 1.2b6, although some other cases seem to work.  Unfortunately
which cases work and which ones don't disagrees with what I'd expect by
looking at the code, so it looks like fully investigating it will have to
wait until I have a 5.3 build setup (including all the current m0n0wall
patches for 5.3, which don't seem to have been published yet).  It doesn't
help that the code to handle NATting ICMP errors is *way* more complicated
than it needs to be.

> > I don't know why 802.11a/g support was so important that it
> > justified rushing into 5.3 with known broken basic firewall
> > functionality.
> 
> Ask the people who requested Atheros support... Maybe it's time to

Well, as the Hippocratic oath says, "First, do no harm." :-)

> submit the window scaling patch to Darren Reed so it can be included
> in ipfilter 3.4.36 (or at least to the FreeBSD project, given that
> ipfilter 3.4.35 is the version that comes with 5.3).

I sent both the patch and the explanation to both Darren Reed and Guido
van Rooij at the same time I sent it to you (last June).  Darren only
works on 4.x these days, while Guido maintains 3.x.  I had a response from
Guido inidicating that he agreed with my fix, but it still didn't get into
the official source.

					Fred Wright