Date: Mon, 05 Sep 2016 10:47:31 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-amd64@FreeBSD.org Subject: [Bug 212384] pfsync(4) bulk update fail Message-ID: <bug-212384-6@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212384 Bug ID: 212384 Summary: pfsync(4) bulk update fail Product: Base System Version: 10.3-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: patfbsd@davenulle.org CC: freebsd-amd64@FreeBSD.org CC: freebsd-amd64@FreeBSD.org Hello, I have a pair of firewalls with PF and pfsync(4) bulk update always fail he= re, but the live synchronization works fine. As far I can see with tcpdump, pfsync does not send anything on the syncdev interface when doing a "service pfsync start" or "service pfsync restart". Log: kernel: carp: demoted by 0 to 0 (pfsync bulk start) kernel: pfsync: requesting bulk update kernel: carp: demoted by 0 to 0 (pfsync bulk fail) kernel: pfsync: failed to receive bulk update But when doing *twice* the command "service pfsync start", the bulk update = is successful and the PF states are well transmitted from the pfsync peer. Log: kernel: carp: demoted by 0 to 0 (pfsync bulk start) kernel: pfsync: requesting bulk update kernel: pfsync: requesting bulk update kernel: pfsync: requesting bulk update kernel: pfsync: received bulk update start kernel: pfsync: received bulk update start kernel: carp: demoted by 0 to 0 (pfsync bulk done) kernel: pfsync: received valid bulk update end ---- Uname: FreeBSD fucop2.univ-rennes1.fr 10.3-STABLE FreeBSD 10.3-STABLE #3 r302560: = Mon Jul 11 09:51:42 CEST 2016=20=20=20=20 adminsys@vmfucop.univ-rennes1.fr:/usr/obj/usr/src/sys/FUCOP amd64 Config ------ Interface ix1 is skipped in pf.conf and I've tried without syncpeer but this does not change anything. On firewall 1 ------------- pfsync_enable=3D"YES" pfsync_syncdev=3D"ix1" pfsync_syncpeer=3D"192.168.255.254" # ix1 : pfsync ifconfig_ix1=3D"inet 192.168.255.253/30 -tso -lro -vlanhwtso description PF= _SYNC" On firewall 2 ------------- pfsync_enable=3D"YES" pfsync_syncdev=3D"ix1" pfsync_syncpeer=3D"192.168.255.253" # ix1 : pfsync ifconfig_ix1=3D"inet 192.168.255.254/30 -tso -lro -vlanhwtso description PF= _SYNC" Thanks, regards. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-212384-6>