[Bug 212384] pfsync(4) bulk update fail

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Sep 5 10:47:31 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212384

            Bug ID: 212384
           Summary: pfsync(4) bulk update fail
           Product: Base System
           Version: 10.3-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: patfbsd at davenulle.org
                CC: freebsd-amd64 at FreeBSD.org
                CC: freebsd-amd64 at FreeBSD.org

Hello,

I have a pair of firewalls with PF and pfsync(4) bulk update always fail here,
but the live synchronization works fine.
As far I can see with tcpdump, pfsync does not send anything on the syncdev
interface when doing a "service pfsync start" or "service pfsync restart".

Log:
kernel: carp: demoted by 0 to 0 (pfsync bulk start)
kernel: pfsync: requesting bulk update
kernel: carp: demoted by 0 to 0 (pfsync bulk fail)
kernel: pfsync: failed to receive bulk update

But when doing *twice* the command "service pfsync start", the bulk update is
successful and the PF states are well transmitted from the pfsync peer.

Log:
kernel: carp: demoted by 0 to 0 (pfsync bulk start)
kernel: pfsync: requesting bulk update
kernel: pfsync: requesting bulk update
kernel: pfsync: requesting bulk update
kernel: pfsync: received bulk update start
kernel: pfsync: received bulk update start
kernel: carp: demoted by 0 to 0 (pfsync bulk done)
kernel: pfsync: received valid bulk update end

----

Uname:

FreeBSD fucop2.univ-rennes1.fr 10.3-STABLE FreeBSD 10.3-STABLE #3 r302560: Mon
Jul 11 09:51:42 CEST 2016    
adminsys at vmfucop.univ-rennes1.fr:/usr/obj/usr/src/sys/FUCOP  amd64

Config
------

Interface ix1 is skipped in pf.conf and I've tried without syncpeer but this
does not change anything.

On firewall 1
-------------
pfsync_enable="YES"
pfsync_syncdev="ix1"
pfsync_syncpeer="192.168.255.254"
# ix1 : pfsync
ifconfig_ix1="inet 192.168.255.253/30 -tso -lro -vlanhwtso description PF_SYNC"

On firewall 2
-------------
pfsync_enable="YES"
pfsync_syncdev="ix1"
pfsync_syncpeer="192.168.255.253"
# ix1 : pfsync
ifconfig_ix1="inet 192.168.255.254/30 -tso -lro -vlanhwtso description PF_SYNC"


Thanks, regards.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-amd64 mailing list