Date: Tue, 09 Feb 2021 23:23:32 +0100 From: Stefan Ehmann <shoesoft@gmx.net> To: freebsd-stable@freebsd.org Subject: 13.0-BETA1: ipfw regression? Message-ID: <5445450.XOh7uYVVfo@walrus.pepperland>
next in thread | raw e-mail | index | archive | help
I'm having issues with stale TCP connections after the upgrade from 12.2 t= o 13.0-BETA1. Symptoms: Outgoing TCP connections no longer receive data after being idle. I can do more testing later, but I think these ipfw rules trigger the prob= lem: - check-state - allow tcp from me to any setup keep-state - deny ip from any to any After establishing an outgoing connection (e.g, via netcat), I see a new dynamic rule and the 300s counter running down via # ipfw -Da list net.inet.ip.fw.dyn_keepalive is set to 1, so the timer should be refreshed= via keep-alive on idle connections. Don't know if it's deterministic, but from what I've seen so far: - When counter gets low the first time, it is reset to 300 as expected. - When the counter nears zero for the second time, the dynamic rule is del= eted and I get ipfw denies.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5445450.XOh7uYVVfo>