Date: Thu, 12 Dec 2024 13:11:42 +0100 From: Ronald Klop <ronald@FreeBSD.org> To: "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: freebsd-current@freebsd.org Subject: Re: (ipfw) Re: HELP! fetch: stuck forever OR error: RPC failed: curl 56 recv failure: Operation timed out Message-ID: <33cbcbbd-bf36-4059-a012-842c7ff80568@FreeBSD.org> In-Reply-To: <dc452c86-4a39-4a75-9d56-ee69f16987ee@yandex.ru> References: <20241206034709.4dd32cc5@thor.intern.walstatt.dynvpn.de> <279848701.11738.1733510402875@localhost> <20241206210947.3ae835e4@thor.intern.walstatt.dynvpn.de> <f8952585-4b68-4cfd-a60f-1ebbd7f2545f@FreeBSD.org> <8E43EAA1-BA3E-4655-ACE1-2E4523E901DE@FreeBSD.org> <20241209214314.2443b590d774423a2b97f0a8@dec.sakura.ne.jp> <20241209174541.39c286f5@thor.intern.walstatt.dynvpn.de> <20241210022710.88c9087dd7cb09774507f232@dec.sakura.ne.jp> <20241209191947.39ac4843@thor.intern.walstatt.dynvpn.de> <6B720B82-09EF-4208-B814-B6BD75FC2F0E@FreeBSD.org> <f37a769d-99ea-4bd8-ba93-e7a7425c940b@FreeBSD.org> <dc452c86-4a39-4a75-9d56-ee69f16987ee@yandex.ru>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
Hi Andrey,
With your patch applied I don't have the symptoms of 'hanging' tcp connections anymore.
Thanks for looking into it.
Regards,
Ronald.
*Van:* "Andrey V. Elsukov" <bu7cher@yandex.ru>
*Datum:* donderdag, 12 december 2024 09:53
*Aan:* freebsd-current@freebsd.org
*Onderwerp:* Re: (ipfw) Re: HELP! fetch: stuck forever OR error: RPC failed: curl 56 recv failure: Operation timed out
On 11.12.2024 16:25, Ronald Klop wrote:
> I did a bisect of commits and my finding is that commit 347dd053 on > 2024-11-29 is the cause.
>
> "tcp: add TH_AE capabilities to ppp and pf"
> https://github.com/freebsd/freebsd-src/commit/347dd0539f3a75fdf2128dd4620ca99e96f311e9
>
> The commit before (0fc7bdc978) works fine.
>
> I cc'ed the author of the commit.
> (for context: start of the thread is here: > https://lists.freebsd.org/archives/freebsd-current/2024-December/006778.html, it looks like the commit breaks a statefull ipfw firewall)
Hi,
thanks for bisecting. I think this patch should fix problem with statefull ipfw:
--- a/sys/netpfil/ipfw/ip_fw_dynamic.c
+++ b/sys/netpfil/ipfw/ip_fw_dynamic.c
@@ -927,7 +927,7 @@ print_dyn_rule_flags(const struct ipfw_flow_id *id, int dyn_type,
#define _SEQ_GE(a,b) ((int)((a)-(b)) >= 0)
#define BOTH_SYN (TH_SYN | (TH_SYN << 8))
#define BOTH_FIN (TH_FIN | (TH_FIN << 8))
-#define TCP_FLAGS (TH_FLAGS | (TH_FLAGS << 8))
+#define TCP_FLAGS ((TH_FLAGS & 0xff) | ((TH_FLAGS & 0xff) << 8))
#define ACK_FWD 0x00010000 /* fwd ack seen */
#define ACK_REV 0x00020000 /* rev ack seen */
#define ACK_BOTH (ACK_FWD | ACK_REV)
--
WBR, Andrey V. Elsukov
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[-- Attachment #2 --]
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
Hi Andrey,<br>
<br>
With your patch applied I don't have the symptoms of 'hanging' tcp
connections anymore.<br>
Thanks for looking into it.<br>
<br>
Regards,<br>
Ronald.<br>
<br>
<p><strong>Van:</strong> "Andrey V. Elsukov"
<a class="moz-txt-link-rfc2396E" href="mailto:bu7cher@yandex.ru"><bu7cher@yandex.ru></a><br>
<strong>Datum:</strong> donderdag, 12 december 2024 09:53<br>
<strong>Aan:</strong> <a class="moz-txt-link-abbreviated" href="mailto:freebsd-current@freebsd.org">freebsd-current@freebsd.org</a><br>
<strong>Onderwerp:</strong> Re: (ipfw) Re: HELP! fetch: stuck
forever OR error: RPC failed: curl 56 recv failure: Operation
timed out</p>
<blockquote
style="padding-right: 0px; padding-left: 5px; margin-left: 5px; border-left: #000000 2px solid; margin-right: 0px">
<div class="MessageRFC822Viewer" id="P">
<div class="TextPlainViewer" id="P.P">On 11.12.2024 16:25,
Ronald Klop wrote:<br>
> I did a bisect of commits and my finding is that commit
347dd053 on > 2024-11-29 is the cause.<br>
><br>
> "tcp: add TH_AE capabilities to ppp and pf"<br>
> <a
href="https://github.com/freebsd/freebsd-src/commit/347dd0539f3a75fdf2128dd4620ca99e96f311e9"
class="moz-txt-link-freetext">https://github.com/freebsd/freebsd-src/commit/347dd0539f3a75fdf2128dd4620ca99e96f311e9</a><br>;
><br>
> The commit before (0fc7bdc978) works fine.<br>
><br>
> I cc'ed the author of the commit.<br>
> (for context: start of the thread is here: > <a
href="https://lists.freebsd.org/archives/freebsd-current/2024-December/006778.html"
class="moz-txt-link-freetext">https://lists.freebsd.org/archives/freebsd-current/2024-December/006778.html</a>,
it looks like the commit breaks a statefull ipfw firewall)<br>
<br>
Hi,<br>
<br>
thanks for bisecting. I think this patch should fix problem
with statefull ipfw:<br>
<br>
--- a/sys/netpfil/ipfw/ip_fw_dynamic.c<br>
+++ b/sys/netpfil/ipfw/ip_fw_dynamic.c<br>
@@ -927,7 +927,7 @@ print_dyn_rule_flags(const struct
ipfw_flow_id *id, int dyn_type,<br>
#define _SEQ_GE(a,b) ((int)((a)-(b)) >= 0)<br>
#define BOTH_SYN (TH_SYN | (TH_SYN <<
8))<br>
#define BOTH_FIN (TH_FIN | (TH_FIN <<
8))<br>
-#define TCP_FLAGS (TH_FLAGS | (TH_FLAGS <<
8))<br>
+#define TCP_FLAGS ((TH_FLAGS & 0xff) |
((TH_FLAGS & 0xff) << 8))<br>
#define ACK_FWD 0x00010000 /* fwd ack
seen */<br>
#define ACK_REV 0x00020000 /* rev ack
seen */<br>
#define ACK_BOTH (ACK_FWD | ACK_REV)<br>
<br>
-- <br>
WBR, Andrey V. Elsukov<br>
<br>
</div>
<hr></div>
</blockquote>
<br>
</body>
</html>
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33cbcbbd-bf36-4059-a012-842c7ff80568>