Re: (ipfw) Re: HELP! fetch: stuck forever OR error: RPC failed: curl 56 recv failure: Operation timed out
- Reply: Ronald Klop : "Re: (ipfw) Re: HELP! fetch: stuck forever OR error: RPC failed: curl 56 recv failure: Operation timed out"
- In reply to: Ronald Klop : "Re: (ipfw) Re: HELP! fetch: stuck forever OR error: RPC failed: curl 56 recv failure: Operation timed out"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 12 Dec 2024 08:53:25 UTC
On 11.12.2024 16:25, Ronald Klop wrote: > I did a bisect of commits and my finding is that commit 347dd053 on > 2024-11-29 is the cause. > > "tcp: add TH_AE capabilities to ppp and pf" > https://github.com/freebsd/freebsd-src/commit/347dd0539f3a75fdf2128dd4620ca99e96f311e9 > > The commit before (0fc7bdc978) works fine. > > I cc'ed the author of the commit. > (for context: start of the thread is here: > https://lists.freebsd.org/archives/freebsd-current/2024-December/006778.html, it looks like the commit breaks a statefull ipfw firewall) Hi, thanks for bisecting. I think this patch should fix problem with statefull ipfw: --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -927,7 +927,7 @@ print_dyn_rule_flags(const struct ipfw_flow_id *id, int dyn_type, #define _SEQ_GE(a,b) ((int)((a)-(b)) >= 0) #define BOTH_SYN (TH_SYN | (TH_SYN << 8)) #define BOTH_FIN (TH_FIN | (TH_FIN << 8)) -#define TCP_FLAGS (TH_FLAGS | (TH_FLAGS << 8)) +#define TCP_FLAGS ((TH_FLAGS & 0xff) | ((TH_FLAGS & 0xff) << 8)) #define ACK_FWD 0x00010000 /* fwd ack seen */ #define ACK_REV 0x00020000 /* rev ack seen */ #define ACK_BOTH (ACK_FWD | ACK_REV) -- WBR, Andrey V. Elsukov