From owner-freebsd-net@FreeBSD.ORG  Thu Mar  5 13:21:05 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5A4121065673;
	Thu,  5 Mar 2009 13:21:05 +0000 (UTC)
	(envelope-from joost@jodocus.org)
Received: from viefep28-int.chello.at (viefep28-int.chello.at [62.179.121.48])
	by mx1.freebsd.org (Postfix) with ESMTP id 7D3018FC12;
	Thu,  5 Mar 2009 13:21:04 +0000 (UTC)
	(envelope-from joost@jodocus.org)
Received: from edge02.upc.biz ([192.168.13.237]) by viefep14-int.chello.at
	(InterMail vM.7.09.01.00 201-2219-108-20080618) with ESMTP
	id <20090305130430.HVIT7428.viefep14-int.chello.at@edge02.upc.biz>;
	Thu, 5 Mar 2009 14:04:30 +0100
Received: from bps.jodocus.org ([77.248.200.61]) by edge02.upc.biz with edge
	id PR4V1b01X1Kyz9102R4Wqu; Thu, 05 Mar 2009 14:04:30 +0100
X-SourceIP: 77.248.200.61
Received: from jodocus.org (localhost [IPv6:::1])
	by bps.jodocus.org (8.14.2/8.14.2) with ESMTP id n25D4SJf059233;
	Thu, 5 Mar 2009 14:04:28 +0100 (CET)
	(envelope-from joost@jodocus.org)
Received: from 62.12.14.25 (SquirrelMail authenticated user joost)
	by jodocus.org with HTTP; Thu, 5 Mar 2009 14:04:29 +0100 (CET)
Message-ID: <29230.62.12.14.25.1236258269.squirrel@jodocus.org>
In-Reply-To: <good54$65u$1@ger.gmane.org>
References: <good54$65u$1@ger.gmane.org>
Date: Thu, 5 Mar 2009 14:04:29 +0100 (CET)
From: "Joost Bekkers" <joost@jodocus.org>
To: "Ivan Voras" <ivoras@freebsd.org>
User-Agent: SquirrelMail/1.4.13
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0
	(bps.jodocus.org [IPv6:::1]); Thu, 05 Mar 2009 14:04:29 +0100 (CET)
X-Virus-Scanned: ClamAV 0.94.2/9072/Thu Mar 5 11:45:26 2009 on bps.jodocus.org
X-Virus-Status: Clean
Cc: freebsd-net@freebsd.org
Subject: Re: IPFW and IPv6 TCP timeout problem
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2009 13:21:05 -0000

On Thu, March 5, 2009 12:30, Ivan Voras wrote:
> Hi,
>
> It appears that IPFW drops dynamic (state-keeping) rules for idle IPv6
> TCP connections after a short (60 seconds by default) timeout. This of
> course creates problems for services like SSH and NFS. I've contacted
> Luigi Rizzo about it but he cannot help with the IPv6 part of the ipfw.
> His guess is that the part that should send keepalive ACK packets like
> ipfw does for IPv4 is broken or nonexistent for IPv6.
>
> Any takers? Should I file a PR?
>
>

You might want to check if kern/117234 is relevant here. I've got a
feeling this is the problem you're seeing.

The PR includes a patch, it just needs somebody to commit it.

good luck.

Joost.