From owner-freebsd-ipfw@freebsd.org  Mon Feb 15 21:49:42 2021
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D37F753BD89
 for <freebsd-ipfw@mailman.nyi.freebsd.org>;
 Mon, 15 Feb 2021 21:49:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 4Dfd6t5SzVz3hpP
 for <freebsd-ipfw@freebsd.org>; Mon, 15 Feb 2021 21:49:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.nyi.freebsd.org (Postfix)
 id BBB0853BA56; Mon, 15 Feb 2021 21:49:42 +0000 (UTC)
Delivered-To: ipfw@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id BB71153BB63
 for <ipfw@mailman.nyi.freebsd.org>; Mon, 15 Feb 2021 21:49:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Dfd6t4sfFz3hxf
 for <ipfw@FreeBSD.org>; Mon, 15 Feb 2021 21:49:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:1d])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 963A524F4A
 for <ipfw@FreeBSD.org>; Mon, 15 Feb 2021 21:49:42 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 11FLng6T052541
 for <ipfw@FreeBSD.org>; Mon, 15 Feb 2021 21:49:42 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 11FLnger052540
 for ipfw@FreeBSD.org; Mon, 15 Feb 2021 21:49:42 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: ipfw@FreeBSD.org
Subject: [Bug 253476] ipfw keepalive: tcp_do_segment: Timestamp missing,
 segment silently dropped
Date: Mon, 15 Feb 2021 21:49:42 +0000
X-Bugzilla-Reason: AssignedTo CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 13.0-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ae@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ipfw@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-253476-8303-UBVqif2RCc@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-253476-8303@https.bugs.freebsd.org/bugzilla/>
References: <bug-253476-8303@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2021 21:49:42 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253476

Andrey V. Elsukov <ae@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ae@FreeBSD.org

--- Comment #8 from Andrey V. Elsukov <ae@FreeBSD.org> ---
(In reply to Michael Tuexen from comment #7)

>OK. We agree that there this is a bug in ipfw. Why not use in ipfw a timeo=
ut=20
>which is in tune with standard keepalive timeout. Then there is no need fo=
r ipfw=20
>to send out packets pretending that a peer is still alive...

ipfw by default uses 300 seconds as TTL for TCP states. The default keepali=
ve
idle interval in TCP stack, AFAIR, is 2 hours. For 2 hours typical gateway =
with
ipfw for some network can create several tens millions of states. Small
interval is used to reduce memory requirements and CPU usage, since state
search can be done for every packet several times, depending from the rules=
et.
This keepalive implementation in ipfw was used and worked well at least las=
t 20
years.

--=20
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.=