Thanks Sasha. Last question from my side. Is this bug purely pfsync related or has also something to do with IPSec? I ask because we have other clusters running 7.2-stable, (even ones which are in front of the affected clusters so the same traffic passes But we only have this issue on our clusters running IPSec...
-----Original Message----- From: Alexandr Nedvedicky <[email protected]> Sent: Dienstag, 22. November 2022 09:01 To: Damjan Dimitrov <[email protected]> Cc: [email protected] Subject: Re: pfsync panic in pfsync_insert_state - syspatch? Hello Damjan, thank you for extra information. I just wanted to be sure we are not facing yet another issue with same symptoms. The changeset [1] on github fixes that. you may either apply this fix to your 7.2 tree and rebuild kernel or upgrade your firewall cluster to snapshots. thanks and regards sashan On Tue, Nov 22, 2022 at 07:22:15AM +0000, Damjan Dimitrov wrote: > I attach snapshots from the latest panic last night. > Let me know if more is needed, I'll get it next time. > Thanks. > > -----Original Message----- > From: Alexandr Nedvedicky <[email protected]> > Sent: Montag, 21. November 2022 12:16 > To: Damjan Dimitrov <[email protected]> > Cc: [email protected] > Subject: Re: pfsync panic in pfsync_insert_state - syspatch? > > Hello Damjan, > > can you share some more information about your setup (dmesg output gathered > on your firewall boxes is sufficient). > > Also if you happen to trigger the assert again , I would like to see more > details gathered in ddb (if possible). At least registers and stack traces > for all cpus will be helpful. > > Hrvoje hit those crashes on his test system which puts pf/pfsync under stress. > We usually do not see that crash on production system. > > > Anyone knows if there are plans to release a syspatch for this? > > syspatch is not planned (at least for now). > > thanks and > regards > sashan > > On Mon, Nov 21, 2022 at 08:56:30AM +0000, Damjan Dimitrov wrote: > > Hi, > > > > We're running 7.2-stable and being affected by this pfsync bug: > > KASSERT(st->sync_state == PFSYNC_S_NONE) (Was fixed in this commit: > > https://github.com/openbsd/src/commit/5f17b30aee8b388e13101395f1f026 > > cb > > 3b5be4a6) > > > > Anyone knows if there are plans to release a syspatch for this? > > > > Thanks, > > Damjan.
