Re: Synproxy broken on latest snapshots?

Patch fixed it.
Now another question, before patch synproxy worked, kinda, with a
bridge.  It would take 3-5 seconds to open the session, but it was
blocking a synflood with 20% CPU used by interrupts (P3 1Ghz).  It
only "worked" with a bridge though.  States were limited to 250,000
and it would use all of them given enough time.  Right now with the
same flood interrupts are eating 75-80% CPU and my state table is much
smaller, 20-25,000.
My early numbers are from a snapshot few weeks ago, newest figures are
from -current + the patch from a few hours ago.
I know synproxy was not working properly before, but why the huge
increase in interrupt processing?  Its about 30,000 packets/second
flood, originating locally on another router interface.
Another thing, I see some TCP connections being handed off to the
server behind the bridge.  Since its a spoofed syn-flood that I
started none of the "client" IPs should respond right?  Is it just
poorly configured devices on those IPs?
tcp        0      0      ESTABLISHED 
tcp        0      0     ESTABLISHED 
tcp        0      0    ESTABLISHED 
Oddly none of those IPs are shown with a pfctl -ss
> Daniel