IPFW and IPv6 TCP timeout problem
Ivan Voras
ivoras at freebsd.org
Thu Mar 12 08:21:58 PDT 2009
Joost Bekkers wrote:
> On Thu, March 5, 2009 12:30, Ivan Voras wrote:
>> Hi,
>>
>> It appears that IPFW drops dynamic (state-keeping) rules for idle IPv6
>> TCP connections after a short (60 seconds by default) timeout. This of
>> course creates problems for services like SSH and NFS. I've contacted
>> Luigi Rizzo about it but he cannot help with the IPv6 part of the ipfw.
>> His guess is that the part that should send keepalive ACK packets like
>> ipfw does for IPv4 is broken or nonexistent for IPv6.
>>
>> Any takers? Should I file a PR?
>>
>>
>
> You might want to check if kern/117234 is relevant here. I've got a
> feeling this is the problem you're seeing.
>
> The PR includes a patch, it just needs somebody to commit it.
I'm running a patched kernel now and it doesn't fix the issue - the
dynamic rules continue to disappear after the timeout like before.
Maybe the patch solves something else?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20090312/af91aa65/signature.pgp
More information about the freebsd-net
mailing list