New driver lnsfw for TCP SPI and more...

Discussion in 'LnS English Forum' started by Frederic, Feb 27, 2005.

Thread Status:
Not open for further replies.
  1. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    It depends what the problem is.

    If the problem is simply related to the number of connections (with no other issue behind), then we will see if we extend the number of connections from 256 to x or if we will implement something more dynamic.

    If there is another issue about the TCP SPI engine itself, then this needs to be investigated first and then a fix will be introduced.

    Frederic
     
  2. ernstblaauw

    ernstblaauw Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    21
    I think it is related to the number of connections. I have the following entry in my console:

    FW:
    CFull:3785 80
    CFull:3718 80
    CFull:4662 59275

    Is it possible for you to add a doalog where every user can specify the number of connections?
     
  3. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Unfortunately this is not possible with the current design.

    Frederic
     
  4. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,004
    As soon as I put IPFragActive=dword:00000001 in the registry my whole Internet doesn't work anymore... No email, no surfing, no time-updates, etc.

    What can be wrong?
     
  5. RetupmocSoft

    RetupmocSoft Registered Member

    Joined:
    May 8, 2005
    Posts:
    29
    Sorry for my poor english.

    WinXP SP2 + TCPIP.sys (5.1.2600.2631)

    EVID4226 modified 2.23d (www.lvllord.de)
    modified orginal TCPIP.sys half-open limit from 10 to 1000.

    When I running emule 0.46a (and setting half-open to 1000)
    I activated TCP SPI, got many times with NCF and CFull.
    In Log page, it full of SPI items inside......

    Maybe TCP SPI change to 256 entries is not enough,
    Could increase from 256 to 1024+ ?? (In future)

    Thanks.
     
  6. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    Sorry for the late answer.
    Is this problem still there, no other report like this so far.
    Does the log show something ?

    Frederic
     
  7. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Did you try this (coming from a post in this thread):
    To decrease the number of alerts with P2P, you can specify the following registry key:
    [HKEY_CURRENT_USER\SOFTWARE\Soft4Ever\looknstop\options]
    "SPIInOnly"=dword:00000001
    or
    [HKEY_LOCAL_MACHINE\SOFTWARE\Soft4Ever\looknstop\options]
    "SPIInOnly"=dword:00000001
    (depending if the registry option is set to "per user" or "system").
    The change has to be done when Look 'n' Stop is not running.


    Frederic
     
  8. RetupmocSoft

    RetupmocSoft Registered Member

    Joined:
    May 8, 2005
    Posts:
    29
    YES! I have already using "the setting" before my problem post on this forum.
    Here is my registry setting:
    --------------------------------------------------------------
    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\SOFTWARE\Soft4Ever\looknstop\options]
    "SPIInOnly"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Soft4Ever\looknstop\options]
    "SPIInOnly"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lnsfw1]
    "IPFragActive"=dword:00000001
    "CheckDNSQ"=dword:00000001
    "CheckHSRE"=dword:00000001
    "CheckVAEUDTF"=dword:00000001
    "ActivatedSoon"=dword:00000001
    --------------------------------------------------------------

    .....It seems a strange problem between my 3 PCs on running eMule 0.46a (and previous versions)
    In my 3 PCs, it's only 1 PC occur "huge" report for TCP SPI, but other 2 PCs running normally!
    3 PCs are using "the same" setting (i.e. eMule, LnS, Network, O/S)

    Thank you for reply.
     
  9. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Are you 3 PC sharing the same internet connection with on IP only from you ISP ?

    Frederic
     
  10. RetupmocSoft

    RetupmocSoft Registered Member

    Joined:
    May 8, 2005
    Posts:
    29
    Mmm....
    One ISP account, but accept 4 dynamic IPs at the same time.
    But when I found "huge" TCP SPIs, it's only one connect with that ISP account.

    Well...I thought fully reinstall XP, and watch the TCP SPI one more time.
     
  11. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Do you really mean 4 true IPs provided by your ISP ?

    (My point is: if you have only one IP from your provider and 4 dynamics IP with a DHCP router, it is normal to not be possible to emule working correctly on 2 computers)

    Frederic
     
  12. RetupmocSoft

    RetupmocSoft Registered Member

    Joined:
    May 8, 2005
    Posts:
    29
    Yes. 4 "real" IPs in one account and not needed any DHCP router.

    It's mean user only using one account could be get 4 real IPs (4 computers) on internet at the same time.

    Here is my ADSL connection example:

    ISP <--> ADSL-modem (built-in Router is DISABLED by me) <--> 5-port HUB <--> Computers (DHCP/ICS services are DISABLED by me)

    BTW, I'm not test 2+ network cards in 1 computer and get on internet using 2+ IPs at the same time.....maybe next time I wish try.... :D
     
    Last edited: May 22, 2005
  13. Pete99

    Pete99 Registered Member

    Joined:
    Apr 21, 2006
    Posts:
    47
    Location:
    U.S.
    What is the relationship between IPFragActive (in the Registry) and the two internet rules:

    "Block IP Packets with MF Flag set"
    "Block fragmented IP packets"

    If I enable IPFragActive, then do I always want to enable the two rules?

    Or are the two rules obsolete now?

    Thanks in advance.
     
  14. deisler

    deisler Registered Member

    Joined:
    Jun 27, 2005
    Posts:
    6
    Hi, link to driver download broken. or is it withdrawn? would appreciate if anyone could give me a valid link or attachment here thanks ;)
     
  15. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
  16. Pete99

    Pete99 Registered Member

    Joined:
    Apr 21, 2006
    Posts:
    47
    Location:
    U.S.
    Well, I've enabled IPFragActive and the two internet rules. Everything seems to be working, so I'm going to assume that this is correct.
     
  17. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    If there are some normal Fragmented IP packets on your network, I think you should disable the rule "Block IP Packets with MF Flag set", otherwise they will be blocked.

    The IPFragActive flag automatically allows IP fragments when the 1st packet has been allowed. So the rule "Block fragmented IP packets" can be let enabled (it will block Fragment packets not belonging to a first packet).

    Frederic
     
  18. FadeToBlack

    FadeToBlack Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    23
    Location:
    Romania
    Why not increase the number of Half Open connections to 16777214? It would be nice to change manually.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.