pfsync errors
Bill Marquette
bill.marquette at gmail.com
Wed Aug 22 13:11:42 PDT 2007
For the last two days I've been troubleshooting a wierd issue where my
secondary firewall in a pfsync/carp cluster isn't maintaining a state
table similar in size to the primary - it's slowly increasing to the
max size. I think I've finally tracked it down to ip_output()
returning an error, but at this point I'm lost. The interfaces show
no errors, this box happily ran OpenBSD for the last three years with
no similar errors and has only started exhibiting this behavior after
converting it. I'm seeing this on multiple boxes, but am spending my
time troubleshooting just one. Any advice/assistance would be greatly
appreciated, I'm at a loss and this is affecting my production
environment.
We're running RELENG_6_2, nics are Intel PRO/1000's (copper, but the
cat-5e cable is a direct run to the 6513 switch one cabinet over -
15ft cable).
This is a netstat from the primary machine, the secondary has been
failed over to a couple times and looks similar (although
interestingly the cluster seems to handle being on the secondary box
better)
# netstat -s -p pfsync
pfsync:
409302985 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for bad interface
0 packets discarded for bad ttl
0 packets shorter than header
0 packets discarded for bad version
0 packets discarded for bad HMAC
0 packets discarded for bad action
0 packets discarded for short packet
0 states discarded for bad values
0 stale states
16980281 failed state lookup/inserts
1541416698 packets sent (IPv4)
0 packets sent (IPv6)
0 send failed due to mbuf memory error
182754275 send error
# netstat -i -Iem2
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
em2 1500 <Link#3> 00:04:23:a6:b7:be 409328713 27 1359271127
0 0
em2 1500 192.168.100.2 l4dupfw140-sync 409327567 - 1359270884
- -
Thanks
--Bill
More information about the freebsd-pf
mailing list