Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Aug 2007 14:42:26 -0500
From:      "Bill Marquette" <bill.marquette@gmail.com>
To:        "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject:   pfsync errors
Message-ID:  <55e8a96c0708221242h2d5e7d15q847e6fac7cf60554@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
For the last two days I've been troubleshooting a wierd issue where my
secondary firewall in a pfsync/carp cluster isn't maintaining a state
table similar in size to the primary - it's slowly increasing to the
max size.  I think I've finally tracked it down to ip_output()
returning an error, but at this point I'm lost.  The interfaces show
no errors, this box happily ran OpenBSD for the last three years with
no similar errors and has only started exhibiting this behavior after
converting it.  I'm seeing this on multiple boxes, but am spending my
time troubleshooting just one.  Any advice/assistance would be greatly
appreciated, I'm at a loss and this is affecting my production
environment.

We're running RELENG_6_2, nics are Intel PRO/1000's (copper, but the
cat-5e cable is a direct run to the 6513 switch one cabinet over -
15ft cable).

This is a netstat from the primary machine, the secondary has been
failed over to a couple times and looks similar (although
interestingly the cluster seems to handle being on the secondary box
better)
# netstat -s -p pfsync
pfsync:
        409302985 packets received (IPv4)
        0 packets received (IPv6)
                0 packets discarded for bad interface
                0 packets discarded for bad ttl
                0 packets shorter than header
                0 packets discarded for bad version
                0 packets discarded for bad HMAC
                0 packets discarded for bad action
                0 packets discarded for short packet
                0 states discarded for bad values
                0 stale states
                16980281 failed state lookup/inserts
        1541416698 packets sent (IPv4)
        0 packets sent (IPv6)
                0 send failed due to mbuf memory error
                182754275 send error
# netstat -i -Iem2
Name    Mtu Network       Address              Ipkts Ierrs    Opkts Oerrs  Coll
em2    1500 <Link#3>      00:04:23:a6:b7:be 409328713    27 1359271127
    0     0
em2    1500 192.168.100.2 l4dupfw140-sync   409327567     - 1359270884
    -     -



Thanks

--Bill

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55e8a96c0708221242h2d5e7d15q847e6fac7cf60554>