Date: Thu, 12 Mar 2009 16:21:20 +0100 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-net@freebsd.org Subject: Re: IPFW and IPv6 TCP timeout problem Message-ID: <49B92870.1090600@freebsd.org> In-Reply-To: <29230.62.12.14.25.1236258269.squirrel@jodocus.org> References: <good54$65u$1@ger.gmane.org> <29230.62.12.14.25.1236258269.squirrel@jodocus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Joost Bekkers wrote: > On Thu, March 5, 2009 12:30, Ivan Voras wrote: >> Hi, >> >> It appears that IPFW drops dynamic (state-keeping) rules for idle IPv6 >> TCP connections after a short (60 seconds by default) timeout. This of >> course creates problems for services like SSH and NFS. I've contacted >> Luigi Rizzo about it but he cannot help with the IPv6 part of the ipfw. >> His guess is that the part that should send keepalive ACK packets like >> ipfw does for IPv4 is broken or nonexistent for IPv6. >> >> Any takers? Should I file a PR? >> >> > > You might want to check if kern/117234 is relevant here. I've got a > feeling this is the problem you're seeing. > > The PR includes a patch, it just needs somebody to commit it. I'm running a patched kernel now and it doesn't fix the issue - the dynamic rules continue to disappear after the timeout like before. Maybe the patch solves something else? [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJuShwldnAQVacBcgRAo+4AJ9cLy67zrfndc/JPAu9P8ec9uqMuwCff6aw /JqOzWGQ8xjwh/hdlQOobSI= =DuFV -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49B92870.1090600>