From owner-freebsd-bugs@FreeBSD.ORG  Sun Jun 11 16:30:17 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8DB0716A49A
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 11 Jun 2006 16:30:17 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 85FCF43D6D
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 11 Jun 2006 16:30:16 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k5BGUGOX025703
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 11 Jun 2006 16:30:16 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k5BGUGkK025702;
	Sun, 11 Jun 2006 16:30:16 GMT (envelope-from gnats)
Resent-Date: Sun, 11 Jun 2006 16:30:16 GMT
Resent-Message-Id: <200606111630.k5BGUGkK025702@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Harald Schmalzbauer <kaeptn@schmalzbauer.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 43C9016A418
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 11 Jun 2006 16:24:11 +0000 (UTC)
	(envelope-from kaeptn@schmalzbauer.de)
Received: from flb.schmalzbauer.de (flb.schmalzbauer.de [62.245.232.135])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6A53943D48
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 11 Jun 2006 16:24:09 +0000 (GMT)
	(envelope-from kaeptn@schmalzbauer.de)
Received: from sam.flintsbach.schmalzbauer.de (sam.flintsbach.schmalzbauer.de
	[172.21.2.4])
	by flb.schmalzbauer.de (8.13.4/8.13.4) with ESMTP id k5BGP77l006644
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 11 Jun 2006 18:25:07 +0200 (CEST)
	(envelope-from kaeptn@gune.flintsbach.schmalzbauer.de)
Received: from gune.flintsbach.schmalzbauer.de
	(gune.flintsbach.schmalzbauer.de [172.21.2.1])
	by sam.flintsbach.schmalzbauer.de (Postfix) with ESMTP id 5EB27B62D
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 11 Jun 2006 18:24:07 +0200 (CEST)
Received: from gune.flintsbach.schmalzbauer.de (localhost [127.0.0.1])
	by gune.flintsbach.schmalzbauer.de (8.13.6/8.13.6) with ESMTP id
	k5BGO7ED041362 for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 11 Jun 2006 18:24:07 +0200 (CEST)
	(envelope-from kaeptn@gune.flintsbach.schmalzbauer.de)
Received: (from kaeptn@localhost)
	by gune.flintsbach.schmalzbauer.de (8.13.6/8.13.6/Submit) id
	k5BGO63R041361; Sun, 11 Jun 2006 18:24:06 +0200 (CEST)
	(envelope-from kaeptn)
Message-Id: <200606111624.k5BGO63R041361@gune.flintsbach.schmalzbauer.de>
Date: Sun, 11 Jun 2006 18:24:06 +0200 (CEST)
From: Harald Schmalzbauer <kaeptn@schmalzbauer.de>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: kern/98831: ipfw has UDP hickups
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Harald Schmalzbauer <kaeptn@schmalzbauer.de>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jun 2006 16:30:17 -0000


>Number:         98831
>Category:       kern
>Synopsis:       ipfw has UDP hickups
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 11 16:30:15 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Harald Schmalzbauer
>Release:        FreeBSD 6.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD gune.flintsbach.schmalzbauer.de 6.1-STABLE FreeBSD 6.1-STABLE #1: Wed Jun 7 17:07:04 CEST 2006 compilator@cale.flintsbach.schmalzbauer.de:/usr/obj/FlashBSD/i686/usr/src/sys/i686.intern-gune i386

Relevant kernel options:
options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options         IPFIREWALL_VERBOSE_LIMIT=20    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
options         IPFIREWALL_FORWARD      #packet destination changes
options         IPFIREWALL_FORWARD_EXTENDED     #all packet dest changes	

NICs: em and re tested, all with GbE link

Intention: route jails on the same box through router of the two subnets.
Rule:
00100 fwd 10.0.0.1 ip4 from 10.2.0.0/16 to not 10.0.0.0/8 out
00200 fwd 172.21.0.1 ip4 from 172.21.2.2 to 10.0.0.0/8 out
65535 allow ip from any to anyo

>Description:
	When nfs mounting a remote file system and transferring some data after a short while the transfer hangs and on the machine with ipfw enabled I see the following lines on the console:
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed

nfsmounting with option -T (for TCP instead of UDP) is a workaround. I can't see the problem on TCP connections

>How-To-Repeat:
	Compile a kernel with the show IPFIREWALL options.
	mount_nfs somebox:/somefs anywhere
It doesn't matter if the machine with IPFW is nfs server or nfs client! With the default UDP mount the error occurs in both scenarios!
e.g 	make installworld DESTDIR=/anywhere (the NFS mountpoint)
After a short while (1 minute) you'll see the installworld hanging.
Simply setting sysctl net.inet.ip.fw.enable=0 on another console makes installworld (nfs) happy again and it's continueing.

>Fix:

	No idea 


>Release-Note:
>Audit-Trail:
>Unformatted: