Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem

This is a multi-part message in MIME format.
--------------010003020506050703050804
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hmm...

Can you please use tcpdump to capture the contents of the data session
up to the
point where this problem occurs. I'd like the actual packet data, so:

tcpdump -w state-window -s 1536 -ni nic0 host bar and host foo

There's also a new diff attached that brings back the printfs.
I'm quite interested to see what they show.

Thanks
Darren


--------------010003020506050703050804
Content-Type: text/plain;
name="newstate.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="newstate.diff"

Index: ip_state.c
================================================== =================
RCS file: /devel/CVS/IP-Filter/ip_state.c,v
retrieving revision 2.186.2.50
diff -c -r2.186.2.50 ip_state.c
*** ip_state.c 18 Dec 2006 15:53:40 -0000 2.186.2.50
--- ip_state.c 20 Dec 2006 19:35:54 -0000
***************
*** 1425,1438 ****
if (flags == (TH_SYN|TH_ACK)) {
is->is_s0[source] = ntohl(tcp->th_ack);
is->is_s0[!source] = ntohl(tcp->th_seq) + 1;
! if ((TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2)) &&
! (tdata->td_winflags & TCP_WSCALE_SEEN)) {
if (fr_tcpoptions(fin, tcp, fdata) == -1)
fin->fin_flx |= FI_BAD;
- if (!(fdata->td_winflags & TCP_WSCALE_SEEN)) {
- fdata->td_winscale = 0;
- tdata->td_winscale = 0;
- }
}
if ((fin->fin_out != 0) && (is->is_pass & FR_NEWISN))
fr_checknewisn(fin, is);
--- 1425,1433 ----
if (flags == (TH_SYN|TH_ACK)) {
is->is_s0[source] = ntohl(tcp->th_ack);
is->is_s0[!source] = ntohl(tcp->th_seq) + 1;
! if ((TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2))) {
if (fr_tcpoptions(fin, tcp, fdata) == -1)
fin->fin_flx |= FI_BAD;
}
if ((fin->fin_out != 0) && (is->is_pass & FR_NEWISN))
fr_checknewisn(fin, is);
***************
*** 1546,1562 ****
* the receiver also does window scaling)
*/
if (!(tcpflags & TH_SYN) && (fdata->td_winflags & TCP_WSCALE_FIRST)) {
! if (tdata->td_winflags & TCP_WSCALE_SEEN) {
! fdata->td_winflags &= ~TCP_WSCALE_FIRST;
! fdata->td_maxwin = win;
! } else {
! fdata->td_winscale = 0;
! fdata->td_winflags &= ~(TCP_WSCALE_FIRST|
! TCP_WSCALE_SEEN);
! tdata->td_winscale = 0;
! tdata->td_winflags &= ~(TCP_WSCALE_FIRST|
! TCP_WSCALE_SEEN);
! }
}

end = seq + dsize;
--- 1541,1549 ----
* the receiver also does window scaling)
*/
if (!(tcpflags & TH_SYN) && (fdata->td_winflags & TCP_WSCALE_FIRST)) {
! fdata->td_winflags &= ~TCP_WSCALE_FIRST;
! fdata->td_maxend += win - fdata->td_maxend;
! fdata->td_maxwin = win;
}

end = seq + dsize;
***************
*** 1592,1597 ****
--- 1579,1586 ----
}
}

+ /* TRACE(fdata, tdata, seq, end, ack, ackskew, win, maxwin) */
+
#define SEQ_GE(a,b) ((int)((a) - (b)) >= 0)
#define SEQ_GT(a,b) ((int)((a) - (b)) > 0)
inseq = 0;
***************
*** 1599,1605 ****
(SEQ_GE(seq, fdata->td_end - maxwin)) &&
/* XXX what about big packets */
#define MAXACKWINDOW 66000
! (-ackskew <= (MAXACKWINDOW << fdata->td_winscale)) &&
( ackskew <= (MAXACKWINDOW << fdata->td_winscale))) {
inseq = 1;
/*
--- 1588,1594 ----
(SEQ_GE(seq, fdata->td_end - maxwin)) &&
/* XXX what about big packets */
#define MAXACKWINDOW 66000
! (-ackskew <= (MAXACKWINDOW)) &&
( ackskew <= (MAXACKWINDOW << fdata->td_winscale))) {
inseq = 1;
/*
***************
*** 1672,1677 ****
--- 1661,1673 ----
tdata->td_maxend = ack + win;
return 1;
}
+
+ printf("fdata:maxend %u end %u winflags %x winscale %d\n",
+ fdata->td_maxend, fdata->td_end, fdata->td_winflags, fdata->td_winscale);
+ printf("tdata:maxend %u end %u winflags %x winscale %d\n",
+ tdata->td_maxend, tdata->td_end, tdata->td_winflags, tdata->td_winscale);
+ printf("win %u end %u seq %u ack %u ackskew %d maxwin %d dsize %d flags %x\n",
+ ntohs(tcp->th_win), end, seq, ack, ackskew, maxwin, dsize, tcpflags);
return 0;
}


--------------010003020506050703050804--