Bug 194690 - options IPSEC disables TCP keepalives
Summary: options IPSEC disables TCP keepalives
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.1-STABLE
Hardware: Any Any
: --- Affects Some People
Assignee: George V. Neville-Neil
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-29 16:34 UTC by Michael Ross
Modified: 2015-07-20 01:40 UTC (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Ross 2014-10-29 16:34:06 UTC 
Compiling IPSEC into the kernel disables TCP keepalives even on connections not using IPSEC.

I stumbled over this because I had lots of stale sshd processes and sockets from days-long physically disconnected clients lingering, the connection never times out.
If I remove IPSEC from the kernel, these processes and sockets disappear after a while.
Comment 1 Bjoern A. Zeeb freebsd_committer freebsd_triage 2014-10-29 16:54:14 UTC 
Just to clarify, do you use any IPsec?  Have any policies or anything?
Comment 2 Bjoern A. Zeeb freebsd_committer freebsd_triage 2014-10-29 16:54:27 UTC 
Just to clarify, do you use any IPsec?  Have any policies or anything?
Comment 3 Michael Ross 2014-10-29 17:02:50 UTC 
(In reply to Bjoern A. Zeeb from comment #2)
> Just to clarify, do you use any IPsec?  Have any policies or anything?

No, nothing.
It is totally unused, just compiled in.
Comment 4 Marcus von Appen freebsd_committer freebsd_triage 2015-02-18 11:54:21 UTC 
Updated 10.1-BETA and 10.1-RC versioned bugs to 10.1-STABLE.
Comment 5 Glen Barber freebsd_committer freebsd_triage 2015-07-07 15:53:26 UTC 
George, you might want to be aware of this PR, since GENERIC now includes IPSEC by default in 11-CURRENT.
Comment 6 George V. Neville-Neil freebsd_committer freebsd_triage 2015-07-20 01:40:26 UTC 
Tested by Jim Thompson on both 10.1 and CURRENT (11) and this does not occur in either of them.  Closing this one.