'Re: ipfilter and FreeBSD 6.1 release #1'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: ipfilter and FreeBSD 6.1 release #1
From:       Nick Evans <nevans () talkpoint ! com>
Date:       2006-06-08 17:23:15
Message-ID: 20060608132315.04eb1854 () pleiades ! nextvenue ! com
[Download RAW message or body]

On Thu, 8 Jun 2006 15:51:47 +0200
"Nicholas von Waltsleben" <nicv@korbitec.com> wrote:

> > Nicholas von Waltsleben wrote: 
> >> i have read a number of posts in the lists regarding IPFilter
> dropping
> >> OOW packets and I am having the same issue on FreeBSD 6.1 running
> >> IPFilter v4.1.8.  I was wondering whether this issue had been
> >> resolved > in 4.1.13 and if so whether there was a patch I could
> apply to
> >> get it to compile on my version of FreeBSD?
> >
> >
> Herve wrote:
> > Just to confirm the problem : I have 2 pop3/imap front ends serving
> 30k
> > mailboxes and I get 2 or 3 SYNs dropped every minute since I upgraded
> > them to FreeBSD 6.0-STABLE (ipf 4.1.8). Temporary workaround was to
> remove
> > keep state for those services but it would be nice to know if this
> problem
> > is fixed in newer versions.
> >
> > I can provide tcpdumps if necessary.
> >
> > Jun  8 12:03:04 arthas ipmon[356]: 12:03:03.844718 bge0 @50:6 b
> x.x.242.32,18 -> 62.4.16.78,110 PR tcp len 20 44 -S IN OOW
> > Jun  8 12:03:05 arthas ipmon[356]: 12:03:05.069569 bge0 @50:6 b
> x.x.242.32,18 -> 62.4.16.78,110 PR tcp len 20 44 -S IN OOW
> > Jun  8 12:03:06 arthas ipmon[356]: 12:03:05.578373 2x bge0 @50:6 b
> x.x.242.32,18 -> 62.4.16.78,110 PR tcp len 20 44 -S IN OOW
> > Jun  8 12:03:07 arthas ipmon[356]: 12:03:06.579266 bge0 @50:6 b
> x.x.242.32,18 -> 62.4.16.78,110 PR tcp len 20 44 -S IN OOW
> >....
> >....
> 
> I have managed to prevent the problem by disabling Selective
> Acknowledgments (SACKS - RFC 2018) on the Windows 2003 servers behind my
> firewall.  This is a temporary *fix (I hesitate to actually refer to
> this as a fix) and I am still looking for a way to upgrade to 4.1.13 in
> order to see whether this continues to be a problem.  Any input from
> non-FreeBSD users would be greatly appreciated at this point.
> 
> Regards,
> Nicholas  

ign-long-strings -mpreferred-stack-boundary=2  -mno-mmx -mno-3dnow -mno-sse
-mno-sse2 -ffreestanding
-Werror  ../../../contrib/ipfilter/netinet/mlfk_ipl.c ../../../contrib/ipfilter/netinet/mlfk_ipl.c:33:
warning: redundant redeclaration of
'ipfselwait' ../../../contrib/ipfilter/netinet/ip_compat.h:1541: warning:
previous declaration of 'ipfselwait' was here *** Error code 1

Stop in /usr/src/sys/i386/compile/FIREWALL.


This is the error code I'm receiving when compiling 4.1.13 on 6.1 i386.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic