Hi all,
following there are others usefull infos about my configuration.
I hope these helps to debug the issue.
Paolo
=================== Architecture
xl0 WAN xl0
| |
| |
|-----| rl0 |-----|
| FW1 |--------| FW2 |
|-----| rl0 |-----|
| |
| |
xl1 LAN xl1
Note: FW1 and FW2 have exactly the same hardware
==========================================================
=================== /etc/hostname.* on FW1
hostname.carp0: inet 62.94.11.54 255.255.255.248 62.94.11.55 vhid 1 pass foo
hostname.carp1: inet 62.94.11.46 255.255.255.240 62.94.11.47 vhid 2 pass bar
hostname.pfsync0: up syncif rl0
hostname.rl0: inet 10.0.0.1 255.255.255.0 NONE
hostname.xl0: inet 62.94.11.52 255.255.255.248 NONE
hostname.xl1: inet 62.94.11.33 255.255.255.240 NONE
==========================================================
=================== /etc/hostname.* on FW2
hostname.carp0: inet 62.94.11.54 255.255.255.248 62.94.11.55 vhid 1
advskew 100 pass foo
hostname.carp1: inet 62.94.11.46 255.255.255.240 62.94.11.47 vhid 2
advskew 100 pass bar
hostname.pfsync0: up syncif rl0
hostname.rl0: inet 10.0.0.2 255.255.255.0 NONE
hostname.xl0: inet 62.94.11.53 255.255.255.248 NONE
hostname.xl1: inet 62.94.11.34 255.255.255.240 NONE
==========================================================
=================== dmesg on FW1
OpenBSD 3.7-stable (GENERIC) #0: Tue Jun 7 18:22:34 CEST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 1 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 267935744 (261656K)
avail mem = 237715456 (232144K)
using 3296 buffers containing 13500416 bytes (13184K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(8d) BIOS, date 07/04/02, BIOS32 rev. 0 @ 0xf0c50
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x14b2
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1400/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:04:0 ("VIA VT82C586 ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xa800 0xcc000/0x800 0xd0000/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT82C691 PCI" rev 0xc4
ppb0 at pci0 dev 1 function 0 "VIA VT82C598 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "Nvidia Vanta" rev 0x15
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 4 function 0 "VIA VT82C686 ISA" rev 0x40
pciide0 at pci0 dev 4 function 1 "VIA VT82C571 IDE" rev 0x06: ATA100,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <SAMSUNG SV2042H>
wd0: 16-sector PIO, LBA, 19465MB, 39865392 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <ASUS, CD-S520/A, 1.4K> SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 4 function 2 "VIA VT83C572 USB" rev 0x1a: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 4 function 3 "VIA VT83C572 USB" rev 0x1a: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
viaenv0 at pci0 dev 4 function 4 "VIA VT82C686 SMBus" rev 0x40: HWM disabled
xl0 at pci0 dev 8 function 0 "3Com 3c905C 100Base-TX" rev 0x74: irq 5,
address 00:50:da:8d:fd:36
bmtphy0 at xl0 phy 24: Broadcom 3C905C internal PHY, rev. 6
rl0 at pci0 dev 9 function 0 "D-Link Systems 530TX+" rev 0x10: irq 10
address 00:50:ba:48:f1:c1
rlphy0 at rl0 phy 0: RTL internal phy
xl1 at pci0 dev 10 function 0 "3Com 3c905C 100Base-TX" rev 0x74: irq 11,
address 00:04:76:98:d0:a7
bmtphy1 at xl1 phy 24: Broadcom 3C905C internal PHY, rev. 6
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using
wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask eb45 netmask ef65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
==========================================================
=================== dmesg on FW2
OpenBSD 3.7-stable (GENERIC) #0: Wed Jun 22 18:26:31 CEST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 1 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 267935744 (261656K)
avail mem = 237715456 (232144K)
using 3296 buffers containing 13500416 bytes (13184K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(8d) BIOS, date 07/04/02, BIOS32 rev. 0 @ 0xf0c50
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x14b2
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1400/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:04:0 ("VIA VT82C586 ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xa800 0xcc000/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT82C691 PCI" rev 0xc4
ppb0 at pci0 dev 1 function 0 "VIA VT82C598 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "Nvidia Vanta" rev 0x15
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 4 function 0 "VIA VT82C686 ISA" rev 0x40
pciide0 at pci0 dev 4 function 1 "VIA VT82C571 IDE" rev 0x06: ATA100,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <QUANTUM FIREBALLlct15 20>
wd0: 16-sector PIO, LBA, 19470MB, 39876480 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <ASUS, CD-S520/A, 1.4K> SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 4 function 2 "VIA VT83C572 USB" rev 0x1a: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 4 function 3 "VIA VT83C572 USB" rev 0x1a: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
viaenv0 at pci0 dev 4 function 4 "VIA VT82C686 SMBus" rev 0x40: HWM disabled
xl0 at pci0 dev 8 function 0 "3Com 3c905C 100Base-TX" rev 0x74: irq 5,
address 00:04:76:1d:f8:06
bmtphy0 at xl0 phy 24: Broadcom 3C905C internal PHY, rev. 6
rl0 at pci0 dev 9 function 0 "D-Link Systems 530TX+" rev 0x10: irq 10
address 00:50:ba:47:3e:c6
rlphy0 at rl0 phy 0: RTL internal phy
xl1 at pci0 dev 10 function 0 "3Com 3c905B 100Base-TX" rev 0x64: irq 11,
address 00:50:da:45:18:58
bmtphy1 at xl1 phy 24: Broadcom 3C905B internal PHY, rev. 0
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using
wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask eb45 netmask ef65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
==========================================================
=================== /etc/sysctl.conf on both FW
# $OpenBSD: sysctl.conf,v 1.33 2004/09/22 17:49:39 hshoexer Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time. See sysctl(3) and sysctl(8) for more information on
# the many available variables.
#
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets
#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of packets
#net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding
must be 0)
net.inet.tcp.rfc1323=1 # 0=disable TCP RFC1323 extensions (for
if tcp is slow)
net.inet.tcp.rfc3390=1 # 1=Enable RFC3390 for TCP window increasing
#net.inet.esp.enable=0 # 0=Disable the ESP IPsec protocol
#net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol
#net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation
#net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol
#net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension
#ddb.panic=0 # 0=Do not drop into ddb on a kernel panic
#ddb.console=1 # 1=Permit entry of ddb from the console
#fs.posix.setuid=0 # 0=Traditional BSD chown() semantics
vm.swapencrypt.enable=1 # 1=Encrypt pages that go to swap
#vfs.nfs.iothreads=4 # number of nfsio kernel threads
#net.inet.ip.mtudisc=0 # 0=disable tcp mtu discovery
#kern.usercrypto=1 # 1=enable userland use of /dev/crypto
#kern.splassert=2 # 2=enable and verbose error messages.
#machdep.allowaperture=2 # See xf86(4)
#machdep.apmwarn=10 # battery % when apm status messages enabled
#machdep.apmhalt=1 # 1=powerdown hack, try if halt -p
doesn't work
#machdep.kbdreset=1 # permit console CTRL-ALT-DEL to do a
nice halt
#machdep.userldt=1 # allow userland programs to play with ldt,
# required by some ports
#kern.emul.aout=1 # enable running dynamic OpenBSD a.out bins
#kern.emul.bsdos=1 # enable running BSD/OS binaries
#kern.emul.freebsd=1 # enable running FreeBSD binaries
#kern.emul.ibcs2=1 # enable running iBCS2 binaries
#kern.emul.linux=1 # enable running Linux binaries
#kern.emul.svr4=1 # enable running SVR4 binaries
net.inet.tcp.recvspace=65535 # Increase TCP Window size for increase
in network performance
net.inet.tcp.sendspace=65535 # Increase TCP Window size for increase
in network performance
net.inet.carp.preempt=1
==========================================================
=================== trace after kernel panic
panic: kernel diagnostic assertion "state->timeout < PFTM_MAX" failed:
file "/usr/src/sys/net/pf.c", line 887
Stopped at Debugger+0x4: leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> Debugger(e388eed8,d06d2000,d06d3df4,d5e22000,d5e22000) at Debugger+0x4
panic(d04dea80,d04affb7,d04d5c83,d04d5c9d,377) at panic+0x63
tablefull(d04affb7,d04d5c9d,377,d04d5c83,d05ab760) at tablefull
pf_purge_expired_src_nodes(d5e22000,ffffffff,d0563170,d06d3e30,20) at
pf_purge_expired_src_nodes
pf_purge_expired_states(30,d01feb16,d0b68a80,d06d3e54,d01021b1) at
pf_purge_expired_states+0x33
pf_purge_timeout(d05ab72c,5305,3,0,0) at pf_purge_timeout+0x15
...
==========================================================
=================== ps aux in a normal state on both FW (I don't have ps
output after the kernel panic)
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 1 0.0 0.1 336 248 ?? Is 6:51PM 0:00.01 /sbin/init
root 13972 0.0 0.2 140 484 ?? Is 6:52PM 0:00.01
syslogd: [priv] (syslogd)
_syslogd 10870 0.0 0.2 168 480 ?? I 6:52PM 0:00.14
syslogd -a /var/empty/dev/log
root 1406 0.0 0.1 428 332 ?? Is 6:52PM 0:00.01
pflogd: [priv] (pflogd)
_pflogd 8345 0.0 0.1 492 216 ?? S 6:52PM 0:03.74
pflogd: [running] -s 116 -f /var/log/pflog (pflogd)
root 23152 0.0 0.2 280 412 ?? Ss 6:52PM 0:00.13 ntpd:
[priv] (ntpd)
root 7793 0.0 0.4 960 1168 ?? Ss 6:52PM 0:02.03
sendmail: accepting connections (sendmail)
root 8312 0.0 1.4 1416 3748 ?? Ss 6:52PM 0:01.78 httpd:
parent (httpd)
root 15066 0.0 0.2 140 476 ?? Is 6:52PM 0:00.01 inetd
www 21077 0.0 0.3 1416 896 ?? I 6:52PM 0:00.01 httpd:
child (httpd)
www 13808 0.0 0.3 1416 896 ?? I 6:52PM 0:00.00 httpd:
child (httpd)
www 7565 0.0 0.3 1416 896 ?? I 6:52PM 0:00.01 httpd:
child (httpd)
www 14668 0.0 0.3 1416 896 ?? I 6:52PM 0:00.01 httpd:
child (httpd)
www 19254 0.0 0.3 1416 896 ?? I 6:52PM 0:00.00 httpd:
child (httpd)
root 27394 0.0 0.4 320 1052 ?? Is 6:52PM 0:00.59
/usr/sbin/sshd
root 27309 0.0 0.2 280 584 ?? Is 6:52PM 0:00.12 cron
root 25803 0.0 0.7 336 1828 ?? Ss 6:55PM 0:00.28 sshd:
[EMAIL PROTECTED] (sshd)
root 28297 0.0 0.5 600 1264 p0 Ss 6:56PM 0:00.06 -bash
(bash)
root 16203 0.0 0.1 304 172 p0 R+ 11:22AM 0:00.00 ps -aux
_ntp 7529 0.0 0.2 216 596 C0- I 6:52PM 0:00.70 ntpd:
ntp engine (ntpd)
root 10642 0.0 0.2 76 484 C0 Is+ 6:52PM 0:00.02
/usr/libexec/getty Pc ttyC0
root 7750 0.0 0.2 84 492 C1 Is+ 6:52PM 0:00.10
/usr/libexec/getty Pc ttyC1
root 2061 0.0 0.2 112 480 C2 Is+ 6:52PM 0:00.00
/usr/libexec/getty Pc ttyC2
root 3239 0.0 0.2 80 484 C3 Is+ 6:52PM 0:00.00
/usr/libexec/getty Pc ttyC3
root 9365 0.0 0.2 84 484 C5 Is+ 6:52PM 0:00.00
/usr/libexec/getty Pc ttyC5
==========================================================
Paolo Perrucci ha scritto:
I configured the two firewalls as the basic example described here:
http://www.countersiege.com/doc/pfsync-carp/
I already reported a similar bug
(http://thread.gmane.org/gmane.os.openbsd.misc/83948) but until now I
didn't received any reply.
Before report another bug I would like to know if someone else had
similar experiences.
Thanks
Paolo
knitti ha scritto:
On 6/23/05, Paolo Perrucci <[EMAIL PROTECTED]> wrote:
Hi all,
I'm trying to setup an ha firewall using carp and pfsync.
I tried 3.6 and 3.7 version but both test fails with different
kernel panic.
In my last attempt I used the 3.7 version (-stable) on both the
firewall
but after some hours the primary box fails with this kernel panic:
panic: kernel diagnostic assertion "state->timeout < PFTM_MAX" failed:
file "/usr/src/sys/net/pf.c", line 887
Stopped at Debugger+0x4: leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS
PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> Debugger(e388eed8,d06d2000,d06d3df4,d5e22000,d5e22000) at
Debugger+0x4
panic(d04dea80,d04affb7,d04d5c83,d04d5c9d,377) at panic+0x63
tablefull(d04affb7,d04d5c9d,377,d04d5c83,d05ab760) at tablefull
pf_purge_expired_src_nodes(d5e22000,ffffffff,d0563170,d06d3e30,20) at
pf_purge_expired_src_nodes
pf_purge_expired_states(30,d01feb16,d0b68a80,d06d3e54,d01021b1) at
pf_purge_expired_states+0x33
pf_purge_timeout(d05ab72c,5305,3,0,0) at pf_purge_timeout+0x15
... (the ddb log stop here)
Is there someone that used OpenBSD in a similar configuration ?
no one knows your configuration.
http://www.openbsd.org/faq/faq2.html#Bugs
--knitti
--
=================================
Paolo Perrucci
Program Manager
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Ludonet S.p.A.
www.ludonet.org
EUTELIA
Via G.V. Bona, 67
00156 (GRA Tiburtina) ROMA ITALIA
telefono +39 06.41797.205
fax +39 06.41797.898
=================================
