From owner-freebsd-net@FreeBSD.ORG Tue Jan 13 10:49:24 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C17E1065672 for ; Tue, 13 Jan 2009 10:49:24 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 871A38FC0C for ; Tue, 13 Jan 2009 10:49:23 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1LMgpk-0005Z4-3S for freebsd-net@freebsd.org; Tue, 13 Jan 2009 10:49:20 +0000 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 13 Jan 2009 10:49:20 +0000 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 13 Jan 2009 10:49:20 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org From: Ivan Voras Date: Tue, 13 Jan 2009 11:49:01 +0100 Lines: 44 Message-ID: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigBD4346EF0EB31B6302AAC76C" X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 2.0.0.19 (X11/20090105) X-Enigmail-Version: 0.95.0 Sender: news Subject: IPv6, ssh and ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2009 10:49:24 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBD4346EF0EB31B6302AAC76C Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, I'm experimenting with IPv6 and so far all is well except one thing: my ssh sessions are dropped/stalled after a few minutes. I'm using ipfw and by monitoring its dynamic/state-keeping rules I see that it's timeouting the rules after 60 seconds (this time is configured in net.inet.ip.fw.dyn_ack_lifetime). The problem is, this is not happening with IPv4 ssh sessions. I see the timeout is counting down for my dynamic/stateful IPv4 ssh session but it's reset before it reaches 0, which is consistent with observed behaviour - on Windows, I can start putty, hybernate or sleep the OS (i.e. the machine practically turns off) and wake it up another day to see the ssh session still alive. Aside from obvious DOS opportunities on the server, I like this behaviour. This is *not* apparently created by using keepalive messages since they are obviously not sent while the machine is sleeping (and they are disabled in sshd_conf). Why is ssh over IPv6 behaving differently than on IPv4? Is there a special hack for ssh on IPv4? This is on 6-STABLE. --------------enigBD4346EF0EB31B6302AAC76C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJbHGdldnAQVacBcgRApp6AKCOz98vu8wXaDwibQOGDito3xaMMQCeMYF7 jDH9O8oUeLnwHdnYGVYYfCQ= =ptUV -----END PGP SIGNATURE----- --------------enigBD4346EF0EB31B6302AAC76C--