From owner-freebsd-net@FreeBSD.ORG Thu Mar 12 15:21:57 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D2A281065672 for ; Thu, 12 Mar 2009 15:21:57 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 568678FC14 for ; Thu, 12 Mar 2009 15:21:57 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1LhmjI-0004z8-6x for freebsd-net@freebsd.org; Thu, 12 Mar 2009 15:21:52 +0000 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 12 Mar 2009 15:21:52 +0000 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 12 Mar 2009 15:21:52 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org From: Ivan Voras Date: Thu, 12 Mar 2009 16:21:20 +0100 Lines: 50 Message-ID: <49B92870.1090600@freebsd.org> References: <29230.62.12.14.25.1236258269.squirrel@jodocus.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig2D8323821C29BF2149AE2D04" X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 2.0.0.19 (X11/20090105) In-Reply-To: <29230.62.12.14.25.1236258269.squirrel@jodocus.org> X-Enigmail-Version: 0.95.0 Sender: news Subject: Re: IPFW and IPv6 TCP timeout problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2009 15:21:58 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig2D8323821C29BF2149AE2D04 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Joost Bekkers wrote: > On Thu, March 5, 2009 12:30, Ivan Voras wrote: >> Hi, >> >> It appears that IPFW drops dynamic (state-keeping) rules for idle IPv6= >> TCP connections after a short (60 seconds by default) timeout. This of= >> course creates problems for services like SSH and NFS. I've contacted >> Luigi Rizzo about it but he cannot help with the IPv6 part of the ipfw= =2E >> His guess is that the part that should send keepalive ACK packets like= >> ipfw does for IPv4 is broken or nonexistent for IPv6. >> >> Any takers? Should I file a PR? >> >> >=20 > You might want to check if kern/117234 is relevant here. I've got a > feeling this is the problem you're seeing. >=20 > The PR includes a patch, it just needs somebody to commit it. I'm running a patched kernel now and it doesn't fix the issue - the dynamic rules continue to disappear after the timeout like before. Maybe the patch solves something else? --------------enig2D8323821C29BF2149AE2D04 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJuShwldnAQVacBcgRAo+4AJ9cLy67zrfndc/JPAu9P8ec9uqMuwCff6aw /JqOzWGQ8xjwh/hdlQOobSI= =DuFV -----END PGP SIGNATURE----- --------------enig2D8323821C29BF2149AE2D04--