svn commit: r197687 - head/sys/net
Simon L. Nielsen
simon at FreeBSD.org
Fri Oct 2 10:38:27 UTC 2009
On 2009.10.02 06:22:58 +0000, Tom Judge wrote:
> Qing Li wrote:
> > Author: qingli
> > Date: Thu Oct 1 20:32:29 2009
> > New Revision: 197687
> > URL: http://svn.freebsd.org/changeset/base/197687
> >
> > Log:
> > The flow-table associates TCP/UDP flows and IP destinations with
> > specific routes. When the routing table changes, for example,
> > when a new route with a more specific prefix is inserted into the
> > routing table, the flow-table is not updated to reflect that change.
> > As such existing connections cannot take advantage of the new path.
> > In some cases the path is broken. This patch will update the affected
> > flow-table entries when a more specific route is added. The route
> > entry is properly marked when a route is deleted from the table.
> > In this case, when the flow-table performs a search, the stale
> > entry is updated automatically. Therefore this patch is not
> > necessary for route deletion.
>
> Hi,
>
> Will this fix the issue that I see visualising its self as packet loss
> over a VPN tunnel?
>
> The tunnel is an openvpn (tun mode) tunnel providing a route to
> 192.168.201.0/24 however when I ping an address in this network with
> flowtable enabled I see 2-3 out of every 5-6 packets end up being sent
> out of bge0 (IP 172.17.XX.XX/23 GW 172.17.XX.1) to the default gateway
> (which responds with destination host unreachable) rather than down tun0.
This sounds very similar to the problem I was seeing (also with
OpenVPN), which was fixed by qingli's patch.
The packet is most likely actually not lost, but routed to your
default gateway instead (or whatever it would be sent before the VPN
was created).
--
Simon L. Nielsen
More information about the svn-src-all
mailing list