From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jun 18 12:08:18 2009
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5D63410657B9
	for <freebsd-ipfw@freebsd.org>; Thu, 18 Jun 2009 12:08:18 +0000 (UTC)
	(envelope-from freebsd-ipfw@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.freebsd.org (Postfix) with ESMTP id D61B18FC14
	for <freebsd-ipfw@freebsd.org>; Thu, 18 Jun 2009 12:08:16 +0000 (UTC)
	(envelope-from freebsd-ipfw@m.gmane.org)
Received: from root by ciao.gmane.org with local (Exim 4.43)
	id 1MHFGp-00077q-8z
	for freebsd-ipfw@freebsd.org; Thu, 18 Jun 2009 10:55:03 +0000
Received: from lara.cc.fer.hr ([161.53.72.113])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-ipfw@freebsd.org>; Thu, 18 Jun 2009 10:55:03 +0000
Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-ipfw@freebsd.org>; Thu, 18 Jun 2009 10:55:03 +0000
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-ipfw@freebsd.org
From: Ivan Voras <ivoras@freebsd.org>
Date: Thu, 18 Jun 2009 12:54:02 +0200
Lines: 16
Message-ID: <h1d6c9$emi$1@ger.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr
User-Agent: Thunderbird 2.0.0.21 (X11/20090615)
Sender: news <news@ger.gmane.org>
Subject: PR kern/117234  - ipfw + ipv6 tcp acks
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2009 12:08:28 -0000

Hi,

Can someone please review and if possible commit this PR:

http://www.freebsd.org/cgi/query-pr.cgi?pr=117234

There are multiple versions of the patch in the PR, there is none for 
-CURRENT.

The problem is that, for ipv4, ipfw sends keepalives for TCP connections 
handled by dynamic rules, while on ipv6 the dynamic rules simply expire 
after a timeout, causing connections to be broken in a bad way 
(established TCP packets simply get dropped).

I don't know if the patch is the correct way to solve the problem, but 
it apparently works.