From owner-freebsd-bugs@FreeBSD.ORG  Thu Jan 24 18:14:44 2013
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@FreeBSD.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id BD81EAA0;
 Thu, 24 Jan 2013 18:14:44 +0000 (UTC)
 (envelope-from melifaro@ipfw.ru)
Received: from mail.ipfw.ru (unknown [IPv6:2a01:4f8:120:6141::2])
 by mx1.freebsd.org (Postfix) with ESMTP id 666BDB7C;
 Thu, 24 Jan 2013 18:14:43 +0000 (UTC)
Received: from secured.by.ipfw.ru ([95.143.220.47] helo=yafree.ipfw.ru)
 by mail.ipfw.ru with esmtpsa (TLSv1:CAMELLIA256-SHA:256)
 (Exim 4.76 (FreeBSD)) (envelope-from <melifaro@ipfw.ru>)
 id 1TyRNN-000H7n-RH; Thu, 24 Jan 2013 22:18:13 +0400
Message-ID: <510179FB.1030408@ipfw.ru>
Date: Thu, 24 Jan 2013 22:14:19 +0400
From: "Alexander V. Chernikov" <melifaro@ipfw.ru>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:14.0) Gecko/20120824 Thunderbird/14.0
MIME-Version: 1.0
To: melifaro@FreeBSD.org
Subject: Re: kern/175530: lost dynamic IPFW rule for TCP session after 5 min
 inactivity
References: <201301241033.r0OAXiGD084287@freefall.freebsd.org>
In-Reply-To: <201301241033.r0OAXiGD084287@freefall.freebsd.org>
Content-Type: multipart/mixed; boundary="------------060302040504060307060008"
Cc: freebsd-bugs@FreeBSD.org
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2013 18:14:44 -0000

This is a multi-part message in MIME format.
--------------060302040504060307060008
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Can you please try an attached patch?

--------------060302040504060307060008
Content-Type: text/plain; charset=UTF-8;
 name="ipfw_dyn_fix.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="ipfw_dyn_fix.diff"

Index: sys/netpfil/ipfw/ip_fw_dynamic.c
===================================================================
--- sys/netpfil/ipfw/ip_fw_dynamic.c	(revision 245876)
+++ sys/netpfil/ipfw/ip_fw_dynamic.c	(working copy)
@@ -980,8 +980,8 @@ ipfw_dyn_tick(void * vnetx)
 
 	chain = &V_layer3_chain;
 
-	/* Run keepalive checks every keepalive_interval iff ka is enabled */
-	if ((V_dyn_keepalive_last + V_dyn_keepalive_interval >= time_uptime) &&
+	/* Run keepalive checks every keepalive_period iff ka is enabled */
+	if ((V_dyn_keepalive_last + V_dyn_keepalive_period <= time_uptime) &&
 	    (V_dyn_keepalive != 0)) {
 		V_dyn_keepalive_last = time_uptime;
 		check_ka = 1;
@@ -1320,7 +1320,7 @@ ipfw_dyn_init(struct ip_fw_chain *chain)
         V_dyn_keepalive_interval = 20;
         V_dyn_keepalive_period = 5;
         V_dyn_keepalive = 1;    /* do send keepalives */
-	V_dyn_keepalive = time_uptime;
+	V_dyn_keepalive_last = time_uptime;
         
         V_dyn_max = 4096;       /* max # of dynamic rules */
 

--------------060302040504060307060008--