From owner-freebsd-pf@FreeBSD.ORG Mon Nov 5 21:06:54 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABB7F16A419 for ; Mon, 5 Nov 2007 21:06:54 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.freebsd.org (Postfix) with ESMTP id 36D3D13C4B3 for ; Mon, 5 Nov 2007 21:06:54 +0000 (UTC) (envelope-from max@love2party.net) Received: from amd64.laiers.local (dslb-088-066-005-200.pools.arcor-ip.net [88.66.5.200]) by mrelayeu.kundenserver.de (node=mrelayeu8) with ESMTP (Nemesis) id 0ML31I-1Ip93o49Dd-0003dT; Mon, 05 Nov 2007 22:00:44 +0100 From: Max Laier Organization: FreeBSD To: "Mark Miles" Date: Mon, 5 Nov 2007 22:00:30 +0100 User-Agent: KMail/1.9.7 References: In-Reply-To: X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2338776.X3askWqLb8"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200711052200.38733.max@love2party.net> X-Provags-ID: V01U2FsdGVkX19n7/qTwoT3TOKl4SoKvpdeSOfkmhH/nxEOhla 1h2HbX/HItUOKjOQoXM89tbsA5Tht90O0SB6SkKd9vnKkn/6OX yKh6Y+12QhbuHFvtZFuAkjzyvAfCT2/BA3GazqhAfk= Cc: freebsd-pf@freebsd.org Subject: Re: carp_iamatch filling up system log X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2007 21:06:54 -0000 --nextPart2338776.X3askWqLb8 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 05 November 2007, Mark Miles wrote: > I am getting a lot of errors using the carpdev BETA patch against HEAD > provided by Max a few days ago. I don't know if I should be concerned > about them or if they are just informational. These are the main two > carp/vlan devices causing errors, but it happens on others as well - > at random times. > > > carp_iamatch(vlan2, xx.xxx.xx.37, xx.xx.xxx.137, ...) > not: carp2 > carp_iamatch(vlan6, xx.xxx.xx.6, xx.xx.xxx.169, ...) > not: carp6 Ups ... left over debugging. I'll provide an updated patch in a bit. You= =20 can also just grep for that printf and comment it out. Thanks for=20 testing! > fxp1: flags=3D8943 > metric 0 mtu 1500 > options=3D4b > ether 00:02:b3:4d:0b:58 > media: Ethernet 100baseTX > status: active > > vlan2: flags=3D8943 > metric 0 mtu 1500 > ether 00:02:b3:4d:0b:58 > media: Ethernet 100baseTX > status: active > vlan: 2 parent interface: fxp1 > > vlan6: flags=3D8943 > metric 0 mtu 1500 > ether 00:02:b3:4d:0b:58 > media: Ethernet 100baseTX > status: active > vlan: 6 parent interface: fxp1 > > carp2: flags=3D8843 metric 0 mtu > 1500 ether 00:00:5e:00:01:02 > inet xx.xxx.xxx.137 netmask 0xfffffff8 > carp: BACKUP carpdev vlan2 vhid 2 advbase 1 advskew 200 > > carp6: flags=3D8843 metric 0 mtu > 1500 ether 00:00:5e:00:01:06 > inet xx.xx.xxx.169 netmask 0xfffffff8 > carp: BACKUP carpdev vlan6 vhid 6 advbase 1 advskew 200 > > I also got this error when I had an IP on fxp0 and carp100 using > carpdev fxp0: > > arp: xx.xxx.xx.34 is on fxp0 but got reply from 00:03:47:71:a8:b3 on > carp100 carp_iamatch(fxp0, xx.xxx.xx.37, xx.xxx.xx.34, ...) > arp: xx.xxx.xx.33 is on fxp0 but got reply from 00:0c:f1:bb:66:84 on > carp100 I'll look into it. Looks like a too strict check for the carp case - i.e.= =20 the code should ignore this condition on carp interfaces, but somehow my=20 check is wrong. > Please advise, I am filling up message logs at the rate of every 3 > hours!! > > On a side note, this machine is serves vlan trunks which is why I > needed carpdev in the first place (as to not waste more usable public > ips with two gateway ips in a /29 that are silent just to run the one > gateway needed), thus giving my customers 2 useable IP addresses. > With carpdev I can give them 5. Currently, an OpenBSD 4.2-current box > serves as the "MASTER" and I am using a FreeBSD 8.0-CURRENT box to > serve as "BACKUP". When I rebooted the OpenBSD box, everything failed > over as it should, but I got more carp_iamatch errors on almost every > vlan/carp pair. Could the OpenBSD <-> FreeBSD differences in carp be > causing these errors?? Neither are real errors, as far as I can tell ... I'll look into it in=20 more detail and provide an updated patch. For now you can just shut up=20 the printfs. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2338776.X3askWqLb8 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHL4R2XyyEoT62BG0RAqtUAJ91qdqIym6pGaLIR6JqnJv7V2JtKQCdFUxk 0dHDKSUHhv+ji2R0NR0cJCo= =BlfK -----END PGP SIGNATURE----- --nextPart2338776.X3askWqLb8--