kern/103281: pfsync reports bulk update failures
Douglas K. Rand
rand at meridian-enviro.com
Thu Sep 14 12:50:20 PDT 2006
>Number: 103281
>Category: kern
>Synopsis: pfsync reports bulk update failures
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Sep 14 19:50:18 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Douglas K. Rand
>Release: FreeBSD 6.2-PRERELEASE i386
>Organization:
Meridian Environmental Technology, Inc.
>Environment:
System: FreeBSD luna-0.meridian-enviro.com 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #12: Thu Sep 14 00:03:32 CDT 2006 rand at luna-0.meridian-enviro.com:/usr/obj/usr/src/sys/LUNA i386
>Description:
On a pair of redundant firewalls using carp and pfsync the kernel
reports:
pfsync: received bulk update start
pfsync: received bulk update start
pfsync: received bulk update start
pfsync: received bulk update start
pfsync: received bulk update start
pfsync: received bulk update start
pfsync: received bulk update start
pfsync: received bulk update start
pfsync: received bulk update start
pfsync: received bulk update start
pfsync: received bulk update start
pfsync: received bulk update start
pfsync: failed to receive bulk update status
But it seems that the bulk updates are working. I tested by
establishing a TCP session across the firewall and kept that
session idle. (I ran tcpdump to verify no packets were being
sent.) I then rebooted the primary firewall and when it came up
and while the system was trying to do bulk updates I ran
"pfsync -s state" and saw the state for my idle TCP session.
I'm not sure this is a valid test, but with out a pfsync decoder
in tcpdump I didn't know of a better one.
Scott Ullrich in http://lists.freebsd.org/pipermail/freebsd-pf/2006-June/002231.html
thinks it may be related to the holddown timer.
>How-To-Repeat:
Setup a pair of carp/pfsync firewalls and with an idle TCP stream
verify that the state shows up on a freshly rebooted master even
though the kernel will complain: pfsync: failed to receive bulk update status
>Fix:
I do not have a fix or workaround.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list