From owner-freebsd-current@FreeBSD.ORG Fri Jul 17 05:02:56 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D3F21065676 for ; Fri, 17 Jul 2009 05:02:56 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id 7E89A8FC1E for ; Fri, 17 Jul 2009 05:02:55 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id 154D05C026 for ; Fri, 17 Jul 2009 13:02:54 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id BC8CB55CD84E; Fri, 17 Jul 2009 13:02:53 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id 1lEMByS1gYZG; Fri, 17 Jul 2009 13:01:59 +0800 (CST) Received: from charlie.delphij.net (c-67-188-2-183.hsd1.ca.comcast.net [67.188.2.183]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id 5F51055CD84F; Fri, 17 Jul 2009 13:01:53 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:references:in-reply-to: x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=F0KRm8rECrX94tHfxARq4unePPnHFL7WuKwAR/xGpX6R4LYs9AGOEMebNW/2xDla5 62qe+p5i8JF4sX2TypBeg== Message-ID: <4A6005AF.6090402@delphij.net> Date: Thu, 16 Jul 2009 22:01:35 -0700 From: Xin LI Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.22 (X11/20090701) MIME-Version: 1.0 To: Ian FREISLICH References: <4A5F8010.7050504@delphij.net> <4A5F7540.7070201@delphij.net> <4A5EF889.6040604@delphij.net> In-Reply-To: X-Enigmail-Version: 0.95.7 OpenPGP: id=18EDEBA0; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: FreeBSD Current , d@delphij.net Subject: Re: CARP broken on -CURRENT? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2009 05:02:56 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Ian, Ian FREISLICH wrote: > Xin LI wrote: >> Ian FREISLICH wrote: >>> To use carp, the administrator needs to configure at minimum >>> a common virtual host ID (VHID) and virtual host IP address >>> on each machine which is to take part in the virtual group. >>> Additional parameters can also be set on a per-interface basis: >>> advbase and advskew, which are used to control how frequently >>> the host sends advertisements when it is the master for a >>> virtual host, and pass which is used to authenticate carp >>> advertisements. >> Um... In order to narrow this down I have removed advbase setting from >> both servers (now they use the default number, 1) but seems no luck. >> >> I have further checked netstat -s, it seems that only the CARP packets >> with bad length (which are really VRRP packets) are being counted into >> the "received" packets, and were all discarded (of course). I've >> manually put these interfaces down and will check back to see if there >> is some clue in our code in the afternoon. >> >> Jul 16 12:22:58 gate2 kernel: carp_input: received len 20 < >> sizeof(struct carp_header) on em0 >> Jul 16 12:23:01 gate2 kernel: carp_input: received len 20 < >> sizeof(struct carp_header) on em0 > > I've only ever encountered messages like these when there's been a > linux host on the same network with ucarp or heartbeat running > sending their broken "carp" packets with a vhid that's the same as > one I was using. Yes this ("short"s) is from Cisco's VRRP. > Have you tried setting a "pass" on your carp interfaces? Are you > sure it's your host that's generating these short carp packets? Use > 'tcpdump -eni proto carp' to verify. Yes, actually, I think both hosts were sending correct packets, but somehow carp_input did not processed it (no counter update and no action taken)... I'll instrument the network stack further to see why this was happening. Thanks for your hints :) Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iEYEARECAAYFAkpgBa8ACgkQi+vbBBjt66D6fwCePCBz04M4sI0WkC9klNLrrOHu tf0AnRk3+W/phvGYifcL7fBJMnNzUlTP =s3sZ -----END PGP SIGNATURE-----