From owner-freebsd-net@FreeBSD.ORG  Thu Mar  5 11:30:54 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5BBA91065670
	for <freebsd-net@freebsd.org>; Thu,  5 Mar 2009 11:30:54 +0000 (UTC)
	(envelope-from freebsd-net@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.freebsd.org (Postfix) with ESMTP id 14A668FC19
	for <freebsd-net@freebsd.org>; Thu,  5 Mar 2009 11:30:53 +0000 (UTC)
	(envelope-from freebsd-net@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1LfBmu-0007Pa-OY
	for freebsd-net@freebsd.org; Thu, 05 Mar 2009 11:30:52 +0000
Received: from lara.cc.fer.hr ([161.53.72.113])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-net@freebsd.org>; Thu, 05 Mar 2009 11:30:52 +0000
Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-net@freebsd.org>; Thu, 05 Mar 2009 11:30:52 +0000
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-net@freebsd.org
From: Ivan Voras <ivoras@freebsd.org>
Date: Thu, 05 Mar 2009 12:30:30 +0100
Lines: 32
Message-ID: <good54$65u$1@ger.gmane.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enigCB8AA5F03180B3F3846100BB"
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
X-Enigmail-Version: 0.95.0
Sender: news <news@ger.gmane.org>
Subject: IPFW and IPv6 TCP timeout problem
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2009 11:30:54 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigCB8AA5F03180B3F3846100BB
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi,

It appears that IPFW drops dynamic (state-keeping) rules for idle IPv6
TCP connections after a short (60 seconds by default) timeout. This of
course creates problems for services like SSH and NFS. I've contacted
Luigi Rizzo about it but he cannot help with the IPv6 part of the ipfw.
His guess is that the part that should send keepalive ACK packets like
ipfw does for IPv4 is broken or nonexistent for IPv6.

Any takers? Should I file a PR?


--------------enigCB8AA5F03180B3F3846100BB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJr7fWldnAQVacBcgRArDOAJ9hD+4d2K0HlDqVZv6C1f6VSpmlvACg+GY9
pDlGJQYGSeGy781OezKmMsU=
=rKR+
-----END PGP SIGNATURE-----

--------------enigCB8AA5F03180B3F3846100BB--