[ On Friday, April 16, 1999 at 14:28:14 (+0200), Olaf Seibert wrote: ]
> Subject: Re: kern/7368: ipnat not rewriting PORT command 100% of time
> 
> I propose that the fix below (properly cleaned up) be added to the
> NetBSD-1.3.3/source/patches directory.

I don't think the following part of the proposed change should be
included in the patch.

I've been successfully using IP-Filter 3.2.11-beta5 on a FreeBSD-3.0
machine for a NAT and FTP proxy with several different Macintosh and
Windows FTP clients, including some rather dumb and old ones, and it
works flawlessly with this check still enabled.  Blindly hacking this
check out seems like a very wrong thing to do in any case.  Is there any
proof (tcpdump trace, etc.) that this change is really necessary?

In fact I'd rather see a patch that upgraded to 3.2.11-{latest} because
it's got a lot more than just these bugs fixed.  I've been toying with
the idea of doing this upgrade in my own local NetBSD-1.3.3 source tree
too, though I don't have any really pressing need for it (at least not
until one of my clients using IP Filter's NAT decides they need to use
a real FTP client instead of proxying through the Squid server).

Indeed if Darren would/could declare 3.2.11 fit for release I'd like to
see it pulled into 1.4 ASAP too!  ;-)

> *** /home/users/rhialto/cpp/netbsd/src/sys/netinet/ip_ftp_pxy.c	Mon Nov 23 13:15:09 1998
> --- ip_ftp_pxy.c	Fri Apr 16 11:40:17 1999
> ***************
> --- 160,173 ----
>   	/*
>   	 * check for CR-LF at the end.
>   	 */
> + #if 0
>   	if (((*s == '\r') && (*(s + 1) == '\n')) ||
>   	    ((*(s - 1) == '\r') && (*s == '\n')))
>   		a6 = a5 & 0xff;
>   	else
>   		return 0;
> + #else
> + 		a6 = a5 & 0xff;
> + #endif
>   	a5 >>= 8;
>   	/*
>   	 * Calculate new address parts for PORT command

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>