Date: Thu, 24 Jan 2013 22:14:19 +0400 From: "Alexander V. Chernikov" <melifaro@ipfw.ru> To: melifaro@FreeBSD.org Cc: freebsd-bugs@FreeBSD.org Subject: Re: kern/175530: lost dynamic IPFW rule for TCP session after 5 min inactivity Message-ID: <510179FB.1030408@ipfw.ru> In-Reply-To: <201301241033.r0OAXiGD084287@freefall.freebsd.org> References: <201301241033.r0OAXiGD084287@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------060302040504060307060008
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Can you please try an attached patch?
--------------060302040504060307060008
Content-Type: text/plain; charset=UTF-8;
name="ipfw_dyn_fix.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="ipfw_dyn_fix.diff"
Index: sys/netpfil/ipfw/ip_fw_dynamic.c
===================================================================
--- sys/netpfil/ipfw/ip_fw_dynamic.c (revision 245876)
+++ sys/netpfil/ipfw/ip_fw_dynamic.c (working copy)
@@ -980,8 +980,8 @@ ipfw_dyn_tick(void * vnetx)
chain = &V_layer3_chain;
- /* Run keepalive checks every keepalive_interval iff ka is enabled */
- if ((V_dyn_keepalive_last + V_dyn_keepalive_interval >= time_uptime) &&
+ /* Run keepalive checks every keepalive_period iff ka is enabled */
+ if ((V_dyn_keepalive_last + V_dyn_keepalive_period <= time_uptime) &&
(V_dyn_keepalive != 0)) {
V_dyn_keepalive_last = time_uptime;
check_ka = 1;
@@ -1320,7 +1320,7 @@ ipfw_dyn_init(struct ip_fw_chain *chain)
V_dyn_keepalive_interval = 20;
V_dyn_keepalive_period = 5;
V_dyn_keepalive = 1; /* do send keepalives */
- V_dyn_keepalive = time_uptime;
+ V_dyn_keepalive_last = time_uptime;
V_dyn_max = 4096; /* max # of dynamic rules */
--------------060302040504060307060008--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?510179FB.1030408>