Re: CARP broken on -CURRENT?

From: Xin LI <delphij_at_delphij.net> Date: Thu, 16 Jul 2009 22:01:35 -0700 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:52 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Ian,

Ian FREISLICH wrote:
> Xin LI wrote:
>> Ian FREISLICH wrote:
>>>      To use carp, the administrator needs to configure at minimum
>>>      a common virtual host ID (VHID) and virtual host IP address
>>>      on each machine which is to take part in the virtual group.
>>>      Additional parameters can also be set on a per-interface basis:
>>>      advbase and advskew, which are used to control how frequently
>>>      the host sends advertisements when it is the master for a
>>>      virtual host, and pass which is used to authenticate carp
>>>      advertisements.
>> Um...  In order to narrow this down I have removed advbase setting from
>> both servers (now they use the default number, 1) but seems no luck.
>>
>> I have further checked netstat -s, it seems that only the CARP packets
>> with bad length (which are really VRRP packets) are being counted into
>> the "received" packets, and were all discarded (of course).  I've
>> manually put these interfaces down and will check back to see if there
>> is some clue in our code in the afternoon.
>>
>> Jul 16 12:22:58 gate2 kernel: carp_input: received len 20 <
>> sizeof(struct carp_header) on em0
>> Jul 16 12:23:01 gate2 kernel: carp_input: received len 20 <
>> sizeof(struct carp_header) on em0
> 
> I've only ever encountered messages like these when there's been a
> linux host on the same network with ucarp or heartbeat running
> sending their broken "carp" packets with a vhid that's the same as
> one I was using.

Yes this ("short"s) is from Cisco's VRRP.

> Have you tried setting a "pass" on your carp interfaces?  Are you
> sure it's your host that's generating these short carp packets?  Use
> 'tcpdump -eni <interface> proto carp' to verify.

Yes, actually, I think both hosts were sending correct packets, but
somehow carp_input did not processed it (no counter update and no action
taken)...  I'll instrument the network stack further to see why this was
happening.

Thanks for your hints :)

Cheers,
- --
Xin LI <delphij_at_delphij.net>	http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)

iEYEARECAAYFAkpgBa8ACgkQi+vbBBjt66D6fwCePCBz04M4sI0WkC9klNLrrOHu
tf0AnRk3+W/phvGYifcL7fBJMnNzUlTP
=s3sZ
-----END PGP SIGNATURE-----