On Wednesday, February 10, 2021 7:46:25 AM CET Helge Oldach wrote: > Hi, > > Stefan Ehmann wrote on Tue, 09 Feb 2021 23:23:32 +0100 (CET): > > I'm having issues with stale TCP connections after the upgrade from 12.2 > > to > > 13.0-BETA1. > > > > Symptoms: > > Outgoing TCP connections no longer receive data after being idle. > > > > I can do more testing later, but I think these ipfw rules trigger the > > problem: - check-state > > - allow tcp from me to any setup keep-state > > - deny ip from any to any > > > > After establishing an outgoing connection (e.g, via netcat), I see a new > > dynamic rule and the 300s counter running down via > > # ipfw -Da list > > > > net.inet.ip.fw.dyn_keepalive is set to 1, so the timer should be refreshed > > via keep-alive on idle connections. > > > > Don't know if it's deterministic, but from what I've seen so far: > > - When counter gets low the first time, it is reset to 300 as expected. > > - When the counter nears zero for the second time, the dynamic rule is > > deleted and I get ipfw denies. > > I am afraid I can't reproduce. I have followed your test case however > I'm seeing that a TCP keepalive reliably triggers a timer refresh. For > example (sleep 1 loop over ipfw -Da list | grep):
Tested in VirtualBox with amd64.vmdk from: https://download.freebsd.org/ftp/releases/VM-IMAGES/13.0-BETA1/ Terminal 1: kldload ipfw ipfw add check-state ipfw allow tcp from me to any setup keep-state /bin/sh (I don't speek csh) while true; do sleep 1; ipfw -Da list; done Terminal 2: nc <remote> 12345 On <remote> nc -l 12345 is running Updated to 187492ef639f, but nothing changed. _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
