From owner-freebsd-net@freebsd.org  Wed Jul 13 13:35:30 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CA9F9B978ED
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Wed, 13 Jul 2016 13:35:30 +0000 (UTC)
 (envelope-from patfbsd@davenulle.org)
Received: from sender163-mail.zoho.com (sender163-mail.zoho.com
 [74.201.84.163])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BD7091170
 for <freebsd-net@freebsd.org>; Wed, 13 Jul 2016 13:35:30 +0000 (UTC)
 (envelope-from patfbsd@davenulle.org)
Received: from mr185083 (mr185083.univ-rennes1.fr [129.20.185.83]) by
 mx.zohomail.com with SMTPS id 1468416928157671.7441868731358;
 Wed, 13 Jul 2016 06:35:28 -0700 (PDT)
Date: Wed, 13 Jul 2016 15:35:23 +0200
From: Patrick Lamaiziere <patfbsd@davenulle.org>
To: freebsd-net@freebsd.org
Subject: 10/stable pfsync bulk fail
Message-ID: <20160713153523.1640e0e0@mr185083>
X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.29; amd64-portbld-freebsd10.3)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2016 13:35:30 -0000

Hello,

10/stable rev 302560

I'm building a pair of firewalls with pf and carp and the states are
well synchronized between the firewalls. But at startup or using
"service pfsync restart" pfsync fails the bulk update.

In rare situations the bulk is successful but I don't know why.

Jul 13 15:01:31 fucop1 kernel: carp: demoted by 240 to 3240 (pfsync bulk start)
Jul 13 15:02:32 fucop1 kernel: carp: demoted by -240 to 3000 (pfsync bulk done)
Jul 13 15:03:07 fucop1 kernel: carp: demoted by 240 to 3240 (pfsync bulk start)
Jul 13 15:04:12 fucop1 kernel: carp: demoted by -240 to 3000 (pfsync bulk fail)


/etc/rc.conf
pfsync_enable="YES"
pfsync_syncdev="ix1"

# ix1 : pfsync
ifconfig_ix1="inet 192.168.255.253/24 -tso -lro -vlanhwtso description PF_SYNC"

and on the second FW
# ix1 : pfsync
ifconfig_ix1="inet 192.168.255.254/24 -tso -lro -vlanhwtso description PF_SYNC"

and ix1 is skip in pf.conf

I've tried user the syncpeer option too.

Does it work for you? Or any idea

Thanks, regards