Date: Mon, 15 Feb 2021 21:49:42 +0000 From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 253476] ipfw keepalive: tcp_do_segment: Timestamp missing, segment silently dropped Message-ID: <bug-253476-8303-UBVqif2RCc@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-253476-8303@https.bugs.freebsd.org/bugzilla/> References: <bug-253476-8303@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253476 Andrey V. Elsukov <ae@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org --- Comment #8 from Andrey V. Elsukov <ae@FreeBSD.org> --- (In reply to Michael Tuexen from comment #7) >OK. We agree that there this is a bug in ipfw. Why not use in ipfw a timeo= ut=20 >which is in tune with standard keepalive timeout. Then there is no need fo= r ipfw=20 >to send out packets pretending that a peer is still alive... ipfw by default uses 300 seconds as TTL for TCP states. The default keepali= ve idle interval in TCP stack, AFAIR, is 2 hours. For 2 hours typical gateway = with ipfw for some network can create several tens millions of states. Small interval is used to reduce memory requirements and CPU usage, since state search can be done for every packet several times, depending from the rules= et. This keepalive implementation in ipfw was used and worked well at least las= t 20 years. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253476-8303-UBVqif2RCc>