Daniel, Question: What happens if you run pfsync/carp and your clock is totally off ?
My backup carp machine have crashed with panic 20-30-40 times since yesterday when i started my upgrade from 3.8 to 4.0 (and later 4.0-current). After sending my email, I made two changes 1) hostname.pfsync0 added "syncpeer x.x.x.x" 2) corrected my typo in pf.conf, outgoing ntp was blocked from the firewall itself. Everything is fine now. Now when i manually f*ck my clock and remove syncpeer i still don't get the kernel panic... Maybe it's time for me to get some sleep ? I'm lost .... -Thomas -----Original Message----- From: Daniel Hartmeier [mailto:[EMAIL PROTECTED] Sent: den 29 januari 2007 19:00 To: Thomas Althoff Cc: pf@benzedrine.cx Subject: Re: Carp/pfsync kernel panic On Mon, Jan 29, 2007 at 04:33:45PM +0100, Thomas Althoff wrote: > I did the "crash" procedure on 3.9 and found that this is the line > causing the problem if (!r->max_states || r->states < r->max_states) > I have upgraded my boxes to 4.0-current, no change. If you can reproduce it with a recent 4.0-current, and the location is really that line above, it looks like a different problem Can you try the patch below? Daniel Index: if_pfsync.c =================================================================== RCS file: /cvs/src/sys/net/if_pfsync.c,v retrieving revision 1.73 diff -u -r1.73 if_pfsync.c --- if_pfsync.c 16 Nov 2006 13:13:38 -0000 1.73 +++ if_pfsync.c 29 Jan 2007 17:51:01 -0000 @@ -243,7 +243,9 @@ * If the ruleset checksums match, it's safe to associate the state * with the rule of that number. */ - if (sp->rule != htonl(-1) && sp->anchor == htonl(-1) && chksum_flag) + if (sp->rule != htonl(-1) && sp->anchor == htonl(-1) && chksum_flag && + ntohl(sp->rule) >= 0 && ntohl(sp->rule) < pf_main_ruleset.rules[ + PF_RULESET_FILTER].active.rcount) r = pf_main_ruleset.rules[ PF_RULESET_FILTER].active.ptr_array[ntohl(sp->rule)]; else
