[Bug 253476] ipfw keepalive: tcp_do_segment: Timestamp missing, segment silently dropped
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Feb 14 17:45:55 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253476
--- Comment #7 from Michael Tuexen <tuexen at freebsd.org> ---
(In reply to Helge Oldach from comment #6)
> Indeed a proper fix would be in ipfw - but that is our code as well, and it
> looks like a major effort while tweaking TSopt slightly seems more straightforward.
OK. We agree that there this is a bug in ipfw. Why not use in ipfw a timeout
which is in tune with standard keepalive timeout. Then there is no need for
ipfw to send out packets pretending that a peer is still alive...
> The essence of this bug report is that D27148 broke working setups.
> Maybe tolerate_missing_ts=1 should be a sensible default?
D27148 breaks setups with broken peers or with middleboxes transforming
non-broken peers into broken peers. D27148 just uncovers bug in ipfw which has
been there for a longer time. In my personal view, having a sysctl you have to
tweak if you want to communicate with broken peers is fine. You seem to have a
different opinion.
I can bring this up at the next bi-weekly transport telco and see what others
think.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the freebsd-ipfw
mailing list