https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253476
Andrey V. Elsukov <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #8 from Andrey V. Elsukov <[email protected]> --- (In reply to Michael Tuexen from comment #7) >OK. We agree that there this is a bug in ipfw. Why not use in ipfw a timeout >which is in tune with standard keepalive timeout. Then there is no need for >ipfw >to send out packets pretending that a peer is still alive... ipfw by default uses 300 seconds as TTL for TCP states. The default keepalive idle interval in TCP stack, AFAIR, is 2 hours. For 2 hours typical gateway with ipfw for some network can create several tens millions of states. Small interval is used to reduce memory requirements and CPU usage, since state search can be done for every packet several times, depending from the ruleset. This keepalive implementation in ipfw was used and worked well at least last 20 years. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
