Hello Damjan,
On Tue, Nov 22, 2022 at 08:14:40AM +0000, Damjan Dimitrov wrote:
> Thanks Sasha.
> Last question from my side. Is this bug purely pfsync related or has also
> something to do with IPSec?
this is pfsync related as far as I can tell.
> I ask because we have other clusters running 7.2-stable, (even ones which are
> in front of the affected clusters so the same traffic passes
> But we only have this issue on our clusters running IPSec...
Interesting. The issue is caused by race condition. IPsec may change a
timing so race condition becomes more likely on those boxes.
regards
sashan
>
> -----Original Message-----
> From: Alexandr Nedvedicky <[email protected]>
> Sent: Dienstag, 22. November 2022 09:01
> To: Damjan Dimitrov <[email protected]>
> Cc: [email protected]
> Subject: Re: pfsync panic in pfsync_insert_state - syspatch?
>
> Hello Damjan,
>
> thank you for extra information. I just wanted to be sure we are not facing
> yet another issue with same symptoms.
>
> The changeset [1] on github fixes that.
>
> you may either apply this fix to your 7.2 tree and rebuild kernel or upgrade
> your firewall cluster to snapshots.
>
> thanks and
> regards
> sashan
>
> On Tue, Nov 22, 2022 at 07:22:15AM +0000, Damjan Dimitrov wrote:
> > I attach snapshots from the latest panic last night.
> > Let me know if more is needed, I'll get it next time.
> > Thanks.
> >
> > -----Original Message-----
> > From: Alexandr Nedvedicky <[email protected]>
> > Sent: Montag, 21. November 2022 12:16
> > To: Damjan Dimitrov <[email protected]>
> > Cc: [email protected]
> > Subject: Re: pfsync panic in pfsync_insert_state - syspatch?
> >
> > Hello Damjan,
> >
> > can you share some more information about your setup (dmesg output gathered
> > on your firewall boxes is sufficient).
> >
> > Also if you happen to trigger the assert again , I would like to see more
> > details gathered in ddb (if possible). At least registers and stack traces
> > for all cpus will be helpful.
> >
> > Hrvoje hit those crashes on his test system which puts pf/pfsync under
> > stress.
> > We usually do not see that crash on production system.
> >
> > > Anyone knows if there are plans to release a syspatch for this?
> >
> > syspatch is not planned (at least for now).
> >
> > thanks and
> > regards
> > sashan
> >
> > On Mon, Nov 21, 2022 at 08:56:30AM +0000, Damjan Dimitrov wrote:
> > > Hi,
> > >
> > > We're running 7.2-stable and being affected by this pfsync bug:
> > > KASSERT(st->sync_state == PFSYNC_S_NONE) (Was fixed in this commit:
> > > https://github.com/openbsd/src/commit/5f17b30aee8b388e13101395f1f026
> > > cb
> > > 3b5be4a6)
> > >
> > > Anyone knows if there are plans to release a syspatch for this?
> > >
> > > Thanks,
> > > Damjan.
>
>
>
>
>
>
>
>
>
>
>
>
