Date: Sun, 13 Dec 1998 14:20:45 +0100 From: Eivind Eklund <eivind@yes.no> To: Brian Somers <brian@Awfulhak.org>, Enoch Ceshkovsky <shadey@home.com> Cc: Gary Palmer <gpalmer@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: NATD/Libalias leaks Message-ID: <19981213142045.H5444@follo.net> In-Reply-To: <199812130008.AAA16396@keep.lan.Awfulhak.org>; from Brian Somers on Sun, Dec 13, 1998 at 12:08:39AM %2B0000 References: <000e01be2605$9f11fa00$0201a8c0@shadey.oow.com> <199812130008.AAA16396@keep.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 13, 1998 at 12:08:39AM +0000, Brian Somers wrote: > > Version 2.5: December, 1997 (ee) > > - Added PKT_ALIAS_PUNCH_FW mode for firewall > > bypass of FTP/IRC DCC data connections. Also added > > improved TCP connection monitoring. > > > > Version 2.6: May, 1998 (amurai) > > - Added supporting routine for NetBios over TCP/IP. > > I added alias_cuseeme.c > > It looks like Matt's going to have a crack at alias_nbt according to > his followup to bin/8962. > > Can you try building the -current version of libalias with > -DNO_FW_PUNCH and see if that makes a difference ? If it does, we > can point the finger at Eivind (cc'd, hi;) I'd be surprised - I'm running those changes in active production at _many_ boxes (I can't say any exact numbers, so lets leave it at being significantly more than 100). Also, the firewall changes do _nothing_ unless PKT_ALIAS_PUNCH_FW is set. There might be an issue with the improvements to the connection monitoring. I'm pretty certain it is NOT buggy, but it may cause something that looks like a leak if the boxes being aliased are doing TCP incorrectly. This will reach a steady state, however, as there is a timeout of 24 hours. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981213142045.H5444>