From kaeptn@schmalzbauer.de  Sun Jun 11 16:24:11 2006
Return-Path: <kaeptn@schmalzbauer.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 43C9016A418
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 11 Jun 2006 16:24:11 +0000 (UTC)
	(envelope-from kaeptn@schmalzbauer.de)
Received: from flb.schmalzbauer.de (flb.schmalzbauer.de [62.245.232.135])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6A53943D48
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 11 Jun 2006 16:24:09 +0000 (GMT)
	(envelope-from kaeptn@schmalzbauer.de)
Received: from sam.flintsbach.schmalzbauer.de (sam.flintsbach.schmalzbauer.de [172.21.2.4])
	by flb.schmalzbauer.de (8.13.4/8.13.4) with ESMTP id k5BGP77l006644
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 11 Jun 2006 18:25:07 +0200 (CEST)
	(envelope-from kaeptn@gune.flintsbach.schmalzbauer.de)
Received: from gune.flintsbach.schmalzbauer.de (gune.flintsbach.schmalzbauer.de [172.21.2.1])
	by sam.flintsbach.schmalzbauer.de (Postfix) with ESMTP id 5EB27B62D
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 11 Jun 2006 18:24:07 +0200 (CEST)
Received: from gune.flintsbach.schmalzbauer.de (localhost [127.0.0.1])
	by gune.flintsbach.schmalzbauer.de (8.13.6/8.13.6) with ESMTP id k5BGO7ED041362
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 11 Jun 2006 18:24:07 +0200 (CEST)
	(envelope-from kaeptn@gune.flintsbach.schmalzbauer.de)
Received: (from kaeptn@localhost)
	by gune.flintsbach.schmalzbauer.de (8.13.6/8.13.6/Submit) id k5BGO63R041361;
	Sun, 11 Jun 2006 18:24:06 +0200 (CEST)
	(envelope-from kaeptn)
Message-Id: <200606111624.k5BGO63R041361@gune.flintsbach.schmalzbauer.de>
Date: Sun, 11 Jun 2006 18:24:06 +0200 (CEST)
From: Harald Schmalzbauer <kaeptn@schmalzbauer.de>
Reply-To: Harald Schmalzbauer <kaeptn@schmalzbauer.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: ipfw has UDP hickups
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         98831
>Category:       kern
>Synopsis:       [ipfw] ipfw has UDP hickups
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 11 16:30:15 GMT 2006
>Closed-Date:    Mon Jun 27 04:48:53 UTC 2011
>Last-Modified:  Mon Jun 27 04:48:53 UTC 2011
>Originator:     Harald Schmalzbauer
>Release:        FreeBSD 6.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD gune.flintsbach.schmalzbauer.de 6.1-STABLE FreeBSD 6.1-STABLE #1: Wed Jun 7 17:07:04 CEST 2006 compilator@cale.flintsbach.schmalzbauer.de:/usr/obj/FlashBSD/i686/usr/src/sys/i686.intern-gune i386

Relevant kernel options:
options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options         IPFIREWALL_VERBOSE_LIMIT=20    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
options         IPFIREWALL_FORWARD      #packet destination changes
options         IPFIREWALL_FORWARD_EXTENDED     #all packet dest changes	

NICs: em and re tested, all with GbE link

Intention: route jails on the same box through router of the two subnets.
Rule:
00100 fwd 10.0.0.1 ip4 from 10.2.0.0/16 to not 10.0.0.0/8 out
00200 fwd 172.21.0.1 ip4 from 172.21.2.2 to 10.0.0.0/8 out
65535 allow ip from any to anyo

>Description:
	When nfs mounting a remote file system and transferring some data after a short while the transfer hangs and on the machine with ipfw enabled I see the following lines on the console:
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed

nfsmounting with option -T (for TCP instead of UDP) is a workaround. I
can't see the problem on TCP connections

>How-To-Repeat:
	Compile a kernel with the show IPFIREWALL options.
	mount_nfs somebox:/somefs anywhere
It doesn't matter if the machine with IPFW is nfs server or nfs client! With
the default UDP mount the error occurs in both scenarios!
e.g 	make installworld DESTDIR=/anywhere (the NFS mountpoint)
After a short while (1 minute) you'll see the installworld hanging.
Simply setting sysctl net.inet.ip.fw.enable=0 on another console makes
installworld (nfs) happy again and it's continueing.

>Fix:

	No idea 


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Jun 12 20:42:32 UTC 2006 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=98831 
State-Changed-From-To: open->feedback 
State-Changed-By: ae 
State-Changed-When: Mon Jun 6 06:42:34 UTC 2011 
State-Changed-Why:  
Can you still reproduce this on a supported release?  


http://www.freebsd.org/cgi/query-pr.cgi?pr=98831 
State-Changed-From-To: feedback->closed 
State-Changed-By: ae 
State-Changed-When: Mon Jun 27 04:48:31 UTC 2011 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=98831 
>Unformatted:
