On May 2, 2012, at 1:02 PM, Kapetanakis Giannis wrote: > On 02/05/12 12:27, Peter Hessler wrote: >> No, that is not what that feature does. >> >> When pfsync starts any sort of bulk update, it will increase the carp >> demotion counter which makes it refuse MASTER. Only when the bulk >> update finishes (or times out), will it decrease the carp demote >> counter, which will allow it to take MASTER, subject to the normal rules. >> >> >> :Giannis >> : > > Well it seems that it goes to MASTER before bulk transfer ends: > > May 1 16:11:43 f1 /bsd: carp: carp0 demoted group carp by 1 to 129 (carpdev) > May 1 16:11:43 f1 /bsd: carp: carp1 demoted group carp by 1 to 130 (carpdev) > May 1 16:11:43 f1 /bsd: carp: carp2 demoted group carp by 1 to 131 (carpdev) > May 1 16:11:43 f1 /bsd: carp: carp3 demoted group carp by 1 to 132 (carpdev) > May 1 16:11:43 f1 /bsd: carp: pfsync0 demoted group carp by 1 to 133 (pfsync bulk start) > May 1 16:11:43 f1 /bsd: carp: pfsync0 demoted group pfsync by 1 to 1 (pfsync bulk start) > May 1 16:11:43 f1 /bsd: carp: carp1 demoted group carp by -1 to 132 (carpdev) > May 1 16:11:43 f1 /bsd: carp: carp0 demoted group carp by -1 to 131 (carpdev) > May 1 16:11:43 f1 /bsd: carp: carp3 demoted group carp by -1 to 130 (carpdev) > May 1 16:11:43 f1 /bsd: carp: carp2 demoted group carp by -1 to 129 (carpdev) > May 1 16:11:43 f1 /bsd: carp: pfsync0 demoted group carp by -1 to 128 (pfsyncdev) > May 1 16:11:43 f1 /bsd: carp: pfsync0 demoted group pfsync by -1 to 0 (pfsyncdev) > May 1 16:11:46 f1 /bsd: carp1: state transition: BACKUP -> MASTER > May 1 16:11:46 f1 /bsd: carp0: state transition: BACKUP -> MASTER > May 1 16:11:46 f1 /bsd: carp3: state transition: BACKUP -> MASTER > May 1 16:11:46 f1 /bsd: carp2: state transition: BACKUP -> MASTER > > manually enforce BACKUP with ifconfig -g carp carpdemote > > May 1 16:11:59 f1 /bsd: carp1: state transition: MASTER -> BACKUP > May 1 16:11:59 f1 /bsd: carp0: state transition: MASTER -> BACKUP > May 1 16:11:59 f1 /bsd: carp2: state transition: MASTER -> BACKUP > May 1 16:11:59 f1 /bsd: carp3: state transition: MASTER -> BACKUP > May 1 16:12:01 f1 /bsd: carp0: state transition: BACKUP -> MASTER > May 1 16:12:01 f1 /bsd: carp1: state transition: BACKUP -> MASTER > May 1 16:12:01 f1 /bsd: carp2: state transition: BACKUP -> MASTER > May 1 16:12:01 f1 /bsd: carp3: state transition: BACKUP -> MASTER > > manually enforce BACKUP with ifconfig -g carp carpdemote > > May 1 16:12:07 f1 /bsd: carp0: state transition: MASTER -> BACKUP > May 1 16:12:07 f1 /bsd: carp2: state transition: MASTER -> BACKUP > May 1 16:12:07 f1 /bsd: carp3: state transition: MASTER -> BACKUP > May 1 16:12:07 f1 /bsd: carp1: state transition: MASTER -> BACKUP > May 1 16:13:45 f1 /bsd: carp: pfsync0 demoted group carp by -1 to 1 (pfsync bulk done) > May 1 16:13:45 f1 /bsd: carp: pfsync0 demoted group pfsync by -1 to 0 (pfsync bulk done) > May 1 16:14:07 f1 /bsd: carp0: state transition: BACKUP -> MASTER > May 1 16:14:07 f1 /bsd: carp2: state transition: BACKUP -> MASTER > May 1 16:14:07 f1 /bsd: carp3: state transition: BACKUP -> MASTER > May 1 16:14:07 f1 /bsd: carp1: state transition: BACKUP -> MASTER > > In advance the secondary firewall, which at this time is operating fine as MASTER, > it starts a bulk transfer when it sees link-up on the network interface connected > to the primary firewall, long before primary firewall is finished booting... > > regards, > > Giannis >
I'd suggest you to experiment with the src and try to rollback if_pfsync.c to, say rev. 1.179, then roll forward with revisions until you can pinpoint one which breaks it. //maxim
