pfsync errors
Max Laier
max at love2party.net
Mon Aug 27 17:23:31 PDT 2007
On Tuesday 28 August 2007, Bill Marquette wrote:
> On 8/22/07, Max Laier <max at love2party.net> wrote:
> > There are two reasons why we increase the send error counter. Either
> > the internal deferred work queue is full or ip_output fails. Could
> > you locate "pfsyncstats.pfsyncs_oerrors++" in your source code and
> > replace either occurrence with a printf(). Maybe use the attached.
> > This way we will know what exactly fails and if it is ip_output, why.
>
> Here's what we get with the patch:
> pfsync_senddef: ip_output 64
that's EHOSTDOWN ... that's strange. Are you using syncpeer?
> # netstat -s -p pfsync
> pfsync:
> 1264507 packets received (IPv4)
> 0 packets received (IPv6)
> 0 packets discarded for bad interface
> 0 packets discarded for bad ttl
> 0 packets shorter than header
> 0 packets discarded for bad version
> 0 packets discarded for bad HMAC
> 0 packets discarded for bad action
> 0 packets discarded for short packet
> 0 states discarded for bad values
> 0 stale states
> 115608 failed state lookup/inserts
> 86591 packets sent (IPv4)
> 0 packets sent (IPv6)
> 0 send failed due to mbuf memory error
> 37231 send error
>
But since the send error still increases it seems as if the internal queue
is overflowing, too. This is something that must be fixed as well, but I
think the EHOSTDOWN from ip_output is more serious.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20070828/9197a3ca/attachment.pgp
More information about the freebsd-pf
mailing list