Re: (ipfw) Re: HELP! fetch: stuck forever OR error: RPC failed: curl 56 recv failure: Operation timed out

Ronald Klop Thu, 12 Dec 2024 04:12:19 -0800

Hi Andrey,

With your patch applied I don't have the symptoms of 'hanging' tcp connections 
anymore.
Thanks for looking into it.


Regards,
Ronald.

*Van:* "Andrey V. Elsukov" <bu7c...@yandex.ru>
*Datum:* donderdag, 12 december 2024 09:53
*Aan:* freebsd-current@freebsd.org
*Onderwerp:* Re: (ipfw) Re: HELP! fetch: stuck forever OR error: RPC failed: 
curl 56 recv failure: Operation timed out

   On 11.12.2024 16:25, Ronald Klop wrote:
    > I did a bisect of commits and my finding is that commit 347dd053 on > 
2024-11-29 is the cause.
    >
    > "tcp: add TH_AE capabilities to ppp and pf"
    > 
https://github.com/freebsd/freebsd-src/commit/347dd0539f3a75fdf2128dd4620ca99e96f311e9
    >
    > The commit before (0fc7bdc978) works fine.
    >
    > I cc'ed the author of the commit.
    > (for context: start of the thread is here: > 
https://lists.freebsd.org/archives/freebsd-current/2024-December/006778.html, it 
looks like the commit breaks a statefull ipfw firewall)

   Hi,

   thanks for bisecting. I think this patch should fix problem with statefull 
ipfw:

   --- a/sys/netpfil/ipfw/ip_fw_dynamic.c
   +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c
   @@ -927,7 +927,7 @@ print_dyn_rule_flags(const struct ipfw_flow_id *id, int 
dyn_type,
      #define        _SEQ_GE(a,b)    ((int)((a)-(b)) >= 0)
      #define        BOTH_SYN        (TH_SYN | (TH_SYN << 8))
      #define        BOTH_FIN        (TH_FIN | (TH_FIN << 8))
   -#define        TCP_FLAGS       (TH_FLAGS | (TH_FLAGS << 8))
   +#define        TCP_FLAGS       ((TH_FLAGS & 0xff) | ((TH_FLAGS & 0xff) << 
8))
      #define        ACK_FWD         0x00010000      /* fwd ack seen */
      #define        ACK_REV         0x00020000      /* rev ack seen */
      #define        ACK_BOTH        (ACK_FWD | ACK_REV)

--WBR, Andrey V. Elsukov


   
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Re: (ipfw) Re: HELP! fetch: stuck forever OR error: RPC failed: curl 56 recv failure: Operation timed out

Reply via email to