Hi,
I have committed a patch to -current which refactors the six ways that PF
finds TCP options into one new function.
I expect no side-effects, and the minor changes to finding MSS and WSCALE
options that this involved were immaterial to the large sample of live
traffic that I've examined.
However computer networks are good at confounding expectations.
If you do happen to notice problems related to MSS or WSCALE handling
(used mostly by the syn{proxy,cookie} modes) please let me know. PF will
now ignore these options when they fail to meet their mandatory length, as
it already does the others.
best,
Richard.
