From owner-freebsd-net@FreeBSD.ORG  Mon Dec  7 01:40:04 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8B008106566B
	for <freebsd-net@hub.freebsd.org>; Mon,  7 Dec 2009 01:40:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 7A3328FC0A
	for <freebsd-net@hub.freebsd.org>; Mon,  7 Dec 2009 01:40:04 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nB71e48v039202
	for <freebsd-net@freefall.freebsd.org>; Mon, 7 Dec 2009 01:40:04 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nB71e4Kw039201;
	Mon, 7 Dec 2009 01:40:04 GMT (envelope-from gnats)
Date: Mon, 7 Dec 2009 01:40:04 GMT
Message-Id: <200912070140.nB71e4Kw039201@freefall.freebsd.org>
To: freebsd-net@FreeBSD.org
From: Mark Abene <phiber@phiber.com>
Cc: 
Subject: Re: kern/106438: [ipf] ipfilter: keep state does not seem to allow
 replies in on spar64 (and maybe others)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Mark Abene <phiber@phiber.com>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2009 01:40:04 -0000

The following reply was made to PR kern/106438; it has been noted by GNATS.

From: Mark Abene <phiber@phiber.com>
To: bug-followup@FreeBSD.org, mala@hinterbergen.de
Cc:  
Subject: Re: kern/106438: [ipf] ipfilter: keep state does not seem to allow
 replies in on spar64 (and maybe others)
Date: Sun, 06 Dec 2009 20:26:25 -0500

 It's been several years since this was first reported, and I can confirm
 that it's still a problem in FreeBSD 8.0-RELEASE on i386 with an fxp
 interface.  I just wasted nearly two days trying to figure out why our
 ipfilter rules which have been in use for years on our firewall suddenly
 locked the machine out when we upgraded from a rather old version of
 FreeBSD to 8.0-RELEASE.
 
 Same exact problem, same exact symptoms.  Disabling checksumming on the
 interface resolved the problem completely, otherwise ipfilter was rather
 broken.  I'm really glad I found this bug report, though not soon
 enough.  This is a rather serious problem.
 
 -Mark