From owner-freebsd-current  Sun Dec 13 05:20:59 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA28690
          for freebsd-current-outgoing; Sun, 13 Dec 1998 05:20:59 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA28683;
          Sun, 13 Dec 1998 05:20:54 -0800 (PST)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id OAA12375;
	Sun, 13 Dec 1998 14:20:51 +0100 (CET)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id OAA29891;
	Sun, 13 Dec 1998 14:20:45 +0100 (MET)
Message-ID: <19981213142045.H5444@follo.net>
Date: Sun, 13 Dec 1998 14:20:45 +0100
From: Eivind Eklund <eivind@yes.no>
To: Brian Somers <brian@Awfulhak.org>, Enoch Ceshkovsky <shadey@home.com>
Cc: Gary Palmer <gpalmer@FreeBSD.ORG>, current@FreeBSD.ORG
Subject: Re: NATD/Libalias leaks
References: <000e01be2605$9f11fa00$0201a8c0@shadey.oow.com> <199812130008.AAA16396@keep.lan.Awfulhak.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <199812130008.AAA16396@keep.lan.Awfulhak.org>; from Brian Somers on Sun, Dec 13, 1998 at 12:08:39AM +0000
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Dec 13, 1998 at 12:08:39AM +0000, Brian Somers wrote:
> > Version 2.5: December, 1997 (ee)
> >     - Added PKT_ALIAS_PUNCH_FW mode for firewall
> >       bypass of FTP/IRC DCC data connections.  Also added
> >       improved TCP connection monitoring.
> > 
> > Version 2.6: May, 1998 (amurai)
> >     - Added supporting routine for NetBios over TCP/IP.
> 
> I added alias_cuseeme.c
> 
> It looks like Matt's going to have a crack at alias_nbt according to 
> his followup to bin/8962.
> 
> Can you try building the -current version of libalias with 
> -DNO_FW_PUNCH and see if that makes a difference ?  If it does, we 
> can point the finger at Eivind (cc'd, hi;)

I'd be surprised - I'm running those changes in active production at
_many_ boxes (I can't say any exact numbers, so lets leave it at being
significantly more than 100).

Also, the firewall changes do _nothing_ unless PKT_ALIAS_PUNCH_FW is
set.

There might be an issue with the improvements to the connection
monitoring.  I'm pretty certain it is NOT buggy, but it may cause
something that looks like a leak if the boxes being aliased are doing
TCP incorrectly.  This will reach a steady state, however, as there is
a timeout of 24 hours.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message