My recommendation is not to release software that hasn't had even the
most basic testing. I would consider disabling/enabling basic
functionality. I would consider relayd coredumps on state changes with
4.3-RELEASE to be a huge no no. I thank you for your contribution
however I am allowed to express my opinion over crappy software. I have
Googled over issues that I laid out and they have been around for a
while e.g. check Questions at
https://calomel.org/relayd.html
Therefore I said that relayd is alpha quality software at best. You are
welcome to take offense at that however I am saying this so that people
who may critically rely on this can make proper evaluation.
Vladimir
Reyk Floeter wrote:
my recommendation is to stay away from this list if you're not able to
send useful bug reports. i use relayd in many production setups and
it works just fine; of course there are bugs but they can fixed or
reported. anyway, i can verify your problem on cleaning up the pf
anchor, i also did some changes before 4.4 here.
On Mon, Nov 10, 2008 at 03:15:22PM -0500, Vladimir wrote:
My recommendation is to stay away from relayd. I have had only bad
experiences with it including a bad production outage. It fails on state
changes, it fails on enabling or disabling hosts, it fails for no
apparent reason. When it fails it doesn't clean up and you have to run
manually something along these lines
for i in `pfctl -a 'relayd/*' -vvsA | sed 's,^.*relayd/,,'`
do
pfctl -a relayd/$i -Fa
etc. etc.
Vladimir
David Caro wrote:
first of all, sorry for my english (i'm spaniard)
i have two testing firewalls running OpenBSD 4.3 -release (fresh install),
with carp and pfsync configured and working, but when i disable one host
with 'relayctl host disable' and then enable it, relayd exits.
a screenshot of the relayd:
[EMAIL PROTECTED]:~]# relayd -d -vvv
startup
init_filter: filter init done
relay_privinit: adding relay web
init_tables: created 0 tables
protocol 0: name default
hce_notify_done: 192.168.4.11 (recv_icmp: done)
flags: 0x0004
host 192.168.4.11, check icmp (0ms), state unknown -> up, availability
100.00%
type: pfe_dispatch_imsg: state 1 for host 5 192.168.4.11
tcp
hce_notify_done: 192.168.4.12 (recv_icmp: done)
relay_init: max open files 1024
host 192.168.4.12, check icmp (0ms), state unknown -> up, availability
100.00%
relay_init: max open files 1024
relay_init: max open files 1024
relay_init: max open files 1024
relay_init: max open files 1024
adding 3 hosts from table pruebas:80
pfe_dispatch_imsg: state 1 for host 4 192.168.4.12
adding 3 hosts from table pruebas:80
adding 3 hosts from table pruebas:80
adding 3 hosts from table pruebas:80
adding 3 hosts from table pruebas:80
relay_launch: running relay web
hce_notify_done: 192.168.4.13 (recv_icmp: done)
relay_launch: running relay web
relay_launch: running relay web
relay_launch: running relay web
relay_launch: running relay web
host 192.168.4.13, check icmp (0ms), state unknown -> up, availability
100.00%
pfe_dispatch_imsg: state 1 for host 3 192.168.4.13
hce_notify_done: 192.168.4.11 (recv_icmp: done)
hce_notify_done: 192.168.4.12 (recv_icmp: done)
hce_notify_done: 192.168.4.13 (recv_icmp: done)
disable_host: disabled host 4
hce_notify_done: 192.168.4.11 (recv_icmp: done)
hce_notify_done: 192.168.4.13 (recv_icmp: done)
host 192.168.4.12, check icmp (0ms), state up -> down, availability 0.00%
hce_notify_done: 192.168.4.11 (recv_icmp: done)
hce_notify_done: 192.168.4.13 (recv_icmp: done)
enable_host: enabled host 4
hce_notify_done: 192.168.4.11 (recv_icmp: done)
hce_notify_done: 192.168.4.12 (recv_icmp: done)
host 192.168.4.12, check icmp (0ms), state unknown -> up, availability
33.33%
pfe_dispatch_imsg: host 4 => 0
hce_notify_done: 192.168.4.13 (recv_icmp: done)
fatal: pfe_dispatch_imsg: desynchronized
host check engine exiting
check_child: lost child: pf update engine exited
socket relay engine exiting
socket relay engine exiting
socket relay engine exiting
socket relay engine exiting
socket relay engine exiting
terminating
and the relayctl:
------------------------------------------------------
[EMAIL PROTECTED]:~]# relayctl show summary
Id Type Name Avlblty Status
0 relay web active
1 table pruebas:80 active (3
hosts up)
5 host 192.168.4.11 100.00% up
4 host 192.168.4.12 100.00% up
3 host 192.168.4.13 100.00% up
[EMAIL PROTECTED]:~]# relayctl host disable 4
command succeeded
[EMAIL PROTECTED]:~]# relayctl show summary
Id Type Name Avlblty Status
0 relay web active
1 table pruebas:80 active (2
hosts up)
5 host 192.168.4.11 100.00% up
4 host 192.168.4.12 disabled
3 host 192.168.4.13 100.00% up
[EMAIL PROTECTED]:~]# relayctl host disable 4
command succeeded
[EMAIL PROTECTED]:~]# relayctl show summary
Id Type Name Avlblty Status
0 relay web active
1 table pruebas:80 active (2
hosts up)
5 host 192.168.4.11 100.00% up
4 host 192.168.4.12 disabled
3 host 192.168.4.13 100.00% up
[EMAIL PROTECTED]:~]# relayctl host enable 4
command succeeded
[EMAIL PROTECTED]:~]# relayctl show summary
Id Type Name Avlblty Status
0 relay web active
1 table pruebas:80 active (2
hosts up)
5 host 192.168.4.11 100.00% up
4 host 192.168.4.12 unknown
3 host 192.168.4.13 100.00% up
[EMAIL PROTECTED]:~]# relayctl show summary
Id Type Name Avlblty Status
0 relay web active
1 table pruebas:80 active (2
hosts up)
5 host 192.168.4.11 100.00% up
4 host 192.168.4.12 unknown
3 host 192.168.4.13 100.00% up
[EMAIL PROTECTED]:~]# relayctl show summary
Id Type Name Avlblty Status
0 relay web active
1 table pruebas:80 active (2
hosts up)
5 host 192.168.4.11 100.00% up
4 host 192.168.4.12 unknown
3 host 192.168.4.13 100.00% up
[EMAIL PROTECTED]:~]# relayctl show summary
relayctl: connect: /var/run/relayd.sock: No such file or directory
Same behaiviour using fresh 3.4-snapshot (10/08) installs
