Date: Thu, 12 Mar 2009 16:21:20 +0100 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-net@freebsd.org Subject: Re: IPFW and IPv6 TCP timeout problem Message-ID: <49B92870.1090600@freebsd.org> In-Reply-To: <29230.62.12.14.25.1236258269.squirrel@jodocus.org> References: <good54$65u$1@ger.gmane.org> <29230.62.12.14.25.1236258269.squirrel@jodocus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig2D8323821C29BF2149AE2D04 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Joost Bekkers wrote: > On Thu, March 5, 2009 12:30, Ivan Voras wrote: >> Hi, >> >> It appears that IPFW drops dynamic (state-keeping) rules for idle IPv6= >> TCP connections after a short (60 seconds by default) timeout. This of= >> course creates problems for services like SSH and NFS. I've contacted >> Luigi Rizzo about it but he cannot help with the IPv6 part of the ipfw= =2E >> His guess is that the part that should send keepalive ACK packets like= >> ipfw does for IPv4 is broken or nonexistent for IPv6. >> >> Any takers? Should I file a PR? >> >> >=20 > You might want to check if kern/117234 is relevant here. I've got a > feeling this is the problem you're seeing. >=20 > The PR includes a patch, it just needs somebody to commit it. I'm running a patched kernel now and it doesn't fix the issue - the dynamic rules continue to disappear after the timeout like before. Maybe the patch solves something else? --------------enig2D8323821C29BF2149AE2D04 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJuShwldnAQVacBcgRAo+4AJ9cLy67zrfndc/JPAu9P8ec9uqMuwCff6aw /JqOzWGQ8xjwh/hdlQOobSI= =DuFV -----END PGP SIGNATURE----- --------------enig2D8323821C29BF2149AE2D04--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49B92870.1090600>