On 20/05/16 15:51, Vladimir Zakharov wrote:
On Fri, May 20, 2016, Jan Bramkamp wrote:
On 20/05/16 14:54, Vladimir Zakharov wrote:

On Fri, May 20, 2016, O. Hartmann wrote:
I reported earlier about broken pipes in ssh sessions to remote hosts,
which occur on an erratic basis. i'm investigating this problem now and
it seems that it is also ipfw-related, but I'm not sure. This problem
is present since a couple of weeks now.

Maybe this could help...

I've also experienced problems with broken pipes in ssh sessions some
time ago. Setting in sysctl.conf


fixed problem for me. I didn't experiment with the value though. So,
possibly, changing default value (300s) to 1 hour is overkill :).

By default the OpenSSH SSH client is configured to use TCP keepalives.
Those should produce enough packets at a short enough interval to keep
the dynamic IPFW state established.

Does your traffic pass through libalias?
I guess not. How can I be sure?

Libalias is used by ipfw and the old userland natd to implement IPv4 NAT. It requires unmodified access to all packets including their headers. LRO and TSO coalesce packets to reduce save CPU time but the process is loses some of the information required by libalias. Unless your ruleset uses ipfw in-kernel NAT or diverts traffic to natd you don't have to worry about libalias.

Use `kldstat -v | grep libalias` to check for libalias in the running kernel and `pgrep natd` to search for running natd instances.
freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to