kern/98831: ipfw has UDP hickups

Harald Schmalzbauer kaeptn at schmalzbauer.de
Sun Jun 11 16:30:17 UTC 2006 

>Number:         98831
>Category:       kern
>Synopsis:       ipfw has UDP hickups
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 11 16:30:15 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Harald Schmalzbauer
>Release:        FreeBSD 6.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD gune.flintsbach.schmalzbauer.de 6.1-STABLE FreeBSD 6.1-STABLE #1: Wed Jun 7 17:07:04 CEST 2006 compilator at cale.flintsbach.schmalzbauer.de:/usr/obj/FlashBSD/i686/usr/src/sys/i686.intern-gune i386

Relevant kernel options:
options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options         IPFIREWALL_VERBOSE_LIMIT=20    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
options         IPFIREWALL_FORWARD      #packet destination changes
options         IPFIREWALL_FORWARD_EXTENDED     #all packet dest changes	

NICs: em and re tested, all with GbE link

Intention: route jails on the same box through router of the two subnets.
Rule:
00100 fwd 10.0.0.1 ip4 from 10.2.0.0/16 to not 10.0.0.0/8 out
00200 fwd 172.21.0.1 ip4 from 172.21.2.2 to 10.0.0.0/8 out
65535 allow ip from any to anyo

>Description:
	When nfs mounting a remote file system and transferring some data after a short while the transfer hangs and on the machine with ipfw enabled I see the following lines on the console:
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed

nfsmounting with option -T (for TCP instead of UDP) is a workaround. I can't see the problem on TCP connections

>How-To-Repeat:
	Compile a kernel with the show IPFIREWALL options.
	mount_nfs somebox:/somefs anywhere
It doesn't matter if the machine with IPFW is nfs server or nfs client! With the default UDP mount the error occurs in both scenarios!
e.g 	make installworld DESTDIR=/anywhere (the NFS mountpoint)
After a short while (1 minute) you'll see the installworld hanging.
Simply setting sysctl net.inet.ip.fw.enable=0 on another console makes installworld (nfs) happy again and it's continueing.

>Fix:

	No idea 


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list