[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OBSD/NAT problem solved

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: OBSD/NAT problem solved
From: d neal wise <nwise_(_at_)_spy_(_dot_)_net>
Date: Mon, 11 Sep 2000 00:56:38 +1100 (EST)
Cc: scott_(_at_)_mit_(_dot_)_edu, ian_(_at_)_darwinsys_(_dot_)_com

On Sun, 10 Sep 2000, Ian Darwin wrote:

> $ ident /bsd | grep -i ipf
>      $IPFilter: ip_fil.c,v 2.4.2.21 2000/05/22 06:57:47 darrenr Exp $
>      $IPFilter: fil.c,v 2.3.2.20 2000/05/22 06:57:42 darrenr Exp $
>      $IPFilter: ip_nat.c,v 2.2.2.18 2000/05/19 15:52:29 darrenr Exp $
>      $IPFilter: ip_frag.c,v 2.4.2.4 1999/11/28 04:52:10 darrenr Exp $
>      $IPFilter: ip_state.c,v 2.3.2.25 2000/05/22 06:57:53 darrenr Exp $
>      $IPFilter: ip_proxy.c,v 2.2.2.4 2000/03/15 13:57:53 darrenr Exp $
>      $IPFilter: ip_auth.c,v 2.1.2.4 2000/05/22 06:57:45 darrenr Exp $
> $ 
> 
> Looks like OpenBSD sync'd with Darren's code after late May. If you need more
> details, look in one of the CVS archives. Most of the relevant files are in
> src/sys/netinet/. In particular the ip_proxy module is from March 2000.

yes I can see that. Scott said his was a 2.6 machine. This is a 2.6
machine with dist kernel:
-----------------
nwise:2$ uname -a
OpenBSD XXXXXXXX 2.6 GENERIC#696 i386
nwise:3$ ident /bsd.GENERIC 
/bsd.GENERIC:
     $Id: ip_fil.c,v 1.24 1999/06/07 22:00:32 deraadt Exp $
     $Id: fil.c,v 1.15 1999/02/19 20:52:22 kjell Exp $
     $Id: ip_nat.c,v 1.22 1999/08/08 00:43:00 niklas Exp $
     $Id: ip_frag.c,v 1.11 1999/02/05 05:58:51 deraadt Exp $
     $Id: ip_state.c,v 1.13 1999/02/05 05:58:54 deraadt Exp $
     $Id: ip_proxy.c,v 1.4 1999/02/05 05:58:53 deraadt Exp $
     $Id: ip_auth.c,v 1.5 1999/02/05 05:58:49 deraadt Exp $
     $OpenBSD: if_wi.c,v 1.3 1999/08/13 20:36:38 fgsch Exp $
-----------------

And this is a 2.5 machine:

-----------------
OpenBSD XXXXXXXX 2.5 GENERIC#243 i386
nwise:2$ ident /bsd
/bsd:
     $Id: ip_fil.c,v 1.21 1999/04/16 13:44:25 deraadt Exp $
     $Id: fil.c,v 1.15 1999/02/19 20:52:22 kjell Exp $
     $Id: ip_nat.c,v 1.20 1999/02/05 05:58:52 deraadt Exp $
     $Id: ip_frag.c,v 1.11 1999/02/05 05:58:51 deraadt Exp $
     $Id: ip_state.c,v 1.13 1999/02/05 05:58:54 deraadt Exp $
     $Id: ip_proxy.c,v 1.4 1999/02/05 05:58:53 deraadt Exp $
     $Id: ip_auth.c,v 1.5 1999/02/05 05:58:49 deraadt Exp $
-----------------

I'm not sure if those two tell us anything. Anyways. I've pulled an entry
out of gnats. 

http://cvs.openbsd.org/cgi-bin/wwwgnats.pl/full/1011

Which contains an email from Chris Cappuccio saying:
"This is a known bug with high loads on ip filter 3.2.10 (which comes with 
2.5)
 
OpenBSD 2.6 comes with the same version of IP Filter, and thus the same
bugs, but OpenBSD-current has IP Filter 3.3.4 (soon it will have 3.3.5)
which fixes various proxy bugs and adds more proxy options (for real audio
at least)"

I was going to upgrade ipfilter but instead trialed and deployed a 2.7
snapshot that had the fixes in it which I later upgraded to release. I
still left the proxy off. None of my users complained. screw it.

regards,

neal
___________
d neal wise - nwise_(_at_)_spy_(_dot_)_net
SPY internetworking  -  will network for food
http://www.spy.net

Prev by Date: Gateway working but FTP still broken
Next by Date: Re: Compiler not included?
Previous by thread: OBSD/NAT problem solved
Next by thread: Strange last login line with OpenSSH 2.2.0
Index(es):
- Date
- Thread

Visit your host, monkey.org