From owner-freebsd-stable@freebsd.org  Wed Feb 10 12:12:15 2021
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 53924545797
 for <freebsd-stable@mailman.nyi.freebsd.org>;
 Wed, 10 Feb 2021 12:12:15 +0000 (UTC)
 (envelope-from bu7cher@yandex.ru)
Received: from forward101j.mail.yandex.net (forward101j.mail.yandex.net
 [IPv6:2a02:6b8:0:801:2::101])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4DbJXt2rtLz3tmv
 for <freebsd-stable@freebsd.org>; Wed, 10 Feb 2021 12:12:14 +0000 (UTC)
 (envelope-from bu7cher@yandex.ru)
Received: from myt6-b09ee00227f3.qloud-c.yandex.net
 (myt6-b09ee00227f3.qloud-c.yandex.net
 [IPv6:2a02:6b8:c12:3713:0:640:b09e:e002])
 by forward101j.mail.yandex.net (Yandex) with ESMTP id F01641BE2EB6;
 Wed, 10 Feb 2021 15:12:10 +0300 (MSK)
Received: from myt3-5a0d70690205.qloud-c.yandex.net
 (myt3-5a0d70690205.qloud-c.yandex.net [2a02:6b8:c12:4f2b:0:640:5a0d:7069])
 by myt6-b09ee00227f3.qloud-c.yandex.net (mxback/Yandex) with ESMTP id
 QrRA5MEh5Y-CAIeF0nK; Wed, 10 Feb 2021 15:12:10 +0300
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
 t=1612959130; bh=aZNiSAPazkY6RaaaxiZ6ILY/DrDjA3Gv2qqFPD5HaAU=;
 h=In-Reply-To:Subject:From:Date:References:To:Message-ID;
 b=NRWCtgEF+XVDkmqvf0NTw5J3caZRPyJMhgSM53eNhW7Fdrf/fiDd5Xej7IrRo3dVR
 PGTzP5Oingq1wj9LFojBG1bNuZ6rd+sdJOYujB9xVWLEUf2M4nIcDQMjH+KIwlMFpI
 J4yg4veuJFP5fRJTexhGFc6MihbuaTYIUPUWyfQI=
Received: by myt3-5a0d70690205.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA
 id IhcElAy6Zc-C9nqgtnV; Wed, 10 Feb 2021 15:12:09 +0300
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (Client certificate not present)
To: Dewayne Geraghty <dewayne@heuristicsystems.com.au>,
 freebsd-stable@freebsd.org
References: <202102100646.11A6kQGS068916@nuc.oldach.net>
 <abb69160-9cd4-297b-ef97-e5cc9115f179@heuristicsystems.com.au>
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Subject: Re: 13.0-BETA1: ipfw regression?
Message-ID: <9e3643cd-7696-f612-9b58-94e08ccc92ef@yandex.ru>
Date: Wed, 10 Feb 2021 15:10:13 +0300
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101
 Thunderbird/78.6.1
MIME-Version: 1.0
In-Reply-To: <abb69160-9cd4-297b-ef97-e5cc9115f179@heuristicsystems.com.au>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4DbJXt2rtLz3tmv
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=yandex.ru header.s=mail header.b=NRWCtgEF;
 dmarc=pass (policy=none) header.from=yandex.ru;
 spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates
 2a02:6b8:0:801:2::101 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru
X-Spamd-Result: default: False [-2.95 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[yandex.ru];
 R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52];
 RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[yandex.ru:+];
 RCPT_COUNT_TWO(0.00)[2];
 DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none];
 NEURAL_HAM_SHORT(-0.95)[-0.946]; FROM_EQ_ENVFROM(0.00)[];
 RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+];
 FREEMAIL_ENVFROM(0.00)[yandex.ru];
 ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU];
 MID_RHS_MATCH_FROM(0.00)[];
 DWL_DNSWL_NONE(0.00)[yandex.ru:dkim];
 SUBJECT_ENDS_QUESTION(1.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2a02:6b8:0:801:2::101:from];
 R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; ARC_NA(0.00)[];
 FROM_HAS_DN(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain];
 SPAMHAUS_ZRD(0.00)[2a02:6b8:0:801:2::101:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 MAILMAN_DEST(0.00)[freebsd-stable]
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Feb 2021 12:12:15 -0000

On 10.02.2021 10:40, Dewayne Geraghty wrote:
> Stefan, Would you check that you have net.inet.tcp.always_keepalive=1,
> and perhaps that net.inet.tcp.keepidle and net.inet.tcp.keepintvl are
> reasonable to ensure that the expected keep alives are running.  I don't
> have a FreeBSD 13 to view the defaults, but Helge might be right that
> "it" is already fixed :)
> Regards, Dewayne.

ipfw does send its own keep-alive packets for TCP connections when
state's lifetime expires.
But if remote host doesn't reply this doesn't help.
To check what happened Stefan needs to capture packet dump and inspect it.

-- 
WBR, Andrey V. Elsukov