[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 Tom Jones changed: What|Removed |Added Resolution|--- |FIXED CC||t...@freebsd.org Status|New |Closed -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 Mark Linimon changed: What|Removed |Added Attachment #170568|text/sgml |text/plain mime type|| Attachment #170568|0 |1 is patch|| -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 Mateusz Piotrowski <0...@freebsd.org> changed: What|Removed |Added Severity|Affects Some People |Affects Many People Keywords||patch CC||0...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 --- Comment #16 from O. Hartmann--- ipfw has undergone changes in the meanwhile and while running 11.1-RELENG-p7 and CURRENT, I haven't seen the reported issue for a while now. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 --- Comment #15 from Charles Mercadal--- Has anyone else upgraded to 11.1-RELEASE? I rebuilt kernel & world about a week ago, and forgot to re-apply the changes in attachment 170568. I'm still running ipfw. Even without the changes in the patches, so far there have been no stalling issues/no connection drops. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 --- Comment #14 from Len White--- Yes thank you very much Fabian, it fixed my issues too. Is there any possible way this can get pushed upstream? I personally feel it's a rather serious bug and there is no doubt many other people running into the same issues. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 --- Comment #13 from merca...@diablonet.net --- Fabian: Thank you for the patch, attachment 170568 appears to have fixed my issues. I was having similar issues that others were describing here, in my case 11.0-RELEASE on arm: I would enable ipfw and begin adding some firewall rules, and I'd start to lose SIP registration on my IP phones, had unexpected delays and stalls in interactive ssh sessions, etc. Initially I thought it was an ipfw bug, but then tried pf, and found similar behavior. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 --- Comment #12 from Fabian Keil--- I'm still not using ipfw, but the patch from comment two seems to have fixed the issue for me. The patch from comment three should be safe to test. Running "vmstat -z" while the system is showing symptoms could help to decide whether or not the patches might be worth trying. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 Len Whitechanged: What|Removed |Added CC||lwh...@nrw.ca --- Comment #11 from Len White --- I've been having the same issue, it's very random. I've spent A LOT of time debugging it, adding extra print statements in ipfw... unfortunately I can't trigger the issue at will. It does seem to happen more often if I start up World of Warcraft from a system behind the ipfw machine. But it seems like whatever the issue is, it's causing the connections to "expire" prematurely. When it happens new connections will die in 5-15 seconds over and over. I can reboot the system and it will come back up, still doing the same thing, then 5-10 mins later it will be fine. Never any errors in logs or dmesg when it happens. Running 11.0-RELEASE-p5 -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 --- Comment #10 from Michael Osipov <1983-01...@gmx.net> --- This patch does not work for me. Same issue happens even with the patch and if I switch from graid3 to ZFS raidz, everything is fine. It must be the geom class in my case. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 --- Comment #9 from Fabian Keil--- That's correct, rebuilding the userland isn't necessary. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 --- Comment #7 from ohart...@zedat.fu-berlin.de --- Applying both patches seems to solve the problem of the "broken pipe" with ssh. So far, connections from one system under load to another server also under heavy load is now with three ssh sessions still active after two hours. This wasn't the case before, the connections died even under relaxed conditions rather quickly. It does not solve the problem with NAT/port forwarding. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 --- Comment #6 from ohart...@zedat.fu-berlin.de --- Today, I made another observation in this matter. On a server that has in-kernel NAT and LIBALIAS and attached to the net via ADSL SoHo connection, serving as a server accessible from the outside world isn't possible anymore. It worked a couple of weeks ago with the ipfw-rules I use, inclusive the proper forwarding rules, but since ~ two weeks, when these "broken pipe issues" started getting worse and worse, connecting to the provided www server or ssh wasn't possible anymore. I started then checking for mistakes in the ipwf ruleset. Today, I had the chance to access the box from the outside world simultanously with access to the server and its IPFW itself and after a clean reboot of FreeBSD 11.0-ALPHA2 #10 r301307: Sat Jun 4 11:03:17 CEST 2016 amd64 trying to connect to the server's Apache server or ssh failed. Then we restarted simply several times the local ipfw via "service ipfw restart" and voila - it worked! Sorry for the poor material I can provide at the moment, but time constraints are tight and my abilities of debugging are limited and seting up alternative serving systems circumventing the issue reporting here eat a lot of time. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 soere...@fastmail.net changed: What|Removed |Added CC||soere...@fastmail.net --- Comment #5 from soere...@fastmail.net --- I believe that I'm seeing the same issue when doing backup transfers via a SSH tunnel (Fssh_packet_write_wait: Connection to port 22: Broken pipe) However I'm using PF and not ipfw. This is happening using an up-to-date FreeBSD 10.3 (10.3-RELEASE-p4) with the default kernel. I can't say when the issue was introduced since it is a freshly installed machine, but I'm running the exact same SSH tunnel setup on a Linux machine without any issues. A workaround for me seems to be to limit the transfer speed to something way below the link speed. At least it's better than connections breaking. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 --- Comment #4 from gra...@menhennitt.com.au --- (In reply to graham from comment #1) Sorry, I'm an idiot. This isn't happening on my 11-current box - it's on my 10-stable box. However, the point still stands - it was reliable up until a few weeks ago and now it's not. I'll attempt to diagnose some more. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 --- Comment #3 from Fabian Keil--- Created attachment 170569 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=170569=edit ipfw: Prefill the dynamic rule zone and prevent uma from freeing unused items If the previous patch doesn't make a difference you could try adding this one which may work around the problem. If it does, this could help diagnosing the cause of the problem. As I don't use ipfw myself I only compile-tested the patch. It will increase the memory used by ipfw. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 Fabian Keilchanged: What|Removed |Added CC||f...@fabiankeil.de --- Comment #2 from Fabian Keil --- Created attachment 170568 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=170568=edit (Hopefully) make TCP/IP connections reliable under memory pressure again I don't use ipfw, but have occasionally seen similar issues recently and am currently testing the attached patch in an attempt to prevent them. While I haven't seen the problem since applying the patch, I'm not absolutely sure yet that the patch is responsible for this. Given that you seem to be able to reliably reproduce the issue I'd be interested to know if the patch makes a difference for your workloads. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 gra...@menhennitt.com.au changed: What|Removed |Added CC||gra...@menhennitt.com.au --- Comment #1 from gra...@menhennitt.com.au --- I suspect I'm having the same problem. I backup my system vi "s3cmd sync" each week. The backup file is about 2.5Gb in size and the s3 usually dies after a few hundred Mb. I've broken the backup file into 500Mb chunks and it eventually got through after a few tries. I have only seen this in the last few weeks. But I hadn't updated for a few weeks before then, so the problem could have started any time in the last 6 weeks or so. I'm running 11-current amd64 and using ipfw with kernel NAT. I'm happy to do any diagnosis or testing if required. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 209680] ipfw: when enabled, net connections time out/ssh results in "broken pipe"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209680 Mark Linimonchanged: What|Removed |Added Assignee|freebsd-b...@freebsd.org|freebsd-ipfw@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"