On Thu, Oct 28, 2004 at 03:47:29PM -0400, Sean Davis wrote:
> How many times do I have to say that I wasn't suggesting going back to
> IPF3? what I was saying was that if Darren knew how to do it in ipf3,
> he knows how to do it in ipf4.

Of course he knows. The problem is that, as for most bugs, the author
knows how to do it, and think he has done it right at all the places where
it needs to be done. But he missed one, or worse, at one place he did a
typo which cause the code to not work as intended.

> The basic logic of how the ftp proxy
> works can't be *THAT* different. There are only so many ways to skin
> this particular cat.

You assume the problem is in the ftp proxy. But it may be a bug somewhere
else in ipf, triggered by the ftp proxy. This has been tracked down to
some packets of the TCP flow being routed without having the addresses
rewritten, *sometimes*. It looks like the problem isn't in the proxy, but
in ipf itself.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--