Thanks for all the help.
On 07/14/2008 12:52:16 AM, Ryan McBride wrote:
The carp demotion twiddling in RC isn't disabled until after rc.local
is
run, so this shouldn't be a problem (but in general it's safe to turn
on
forwarding during boot, because the boot-time pf.conf won't pass
forwarded traffic.
So, my problem must be that the pfsync interface is brought
up before the real pf rules are loaded, and so states do
not associate with the right rules. Fixed in 4.3.
Because I'm loading pf.conf myself in rc.local (so it starts
after named, which is a secondary that caches local DNS names
so they can be used in pf.conf) I'll need to make sure that
the pfsync interface does not come up until I bring it up
in rc.local. I'll put "down syncdev vr0" into hostname.pfconf0,
and the bring it up with ifconfig in rc.local after loading
pf.conf. I get the boot order I want without having to alter
rc or netstart.
(FWIW I don't recall that hostname.if(5) matches with the
netstart code particularly well regarding where the "up"
and "down" keywords are allowed. IIRC, the code allows
"up" and "down" to be used with any interface. I could be wrong,
or maybe the "up" and "down" can occur elsewhere because
they're ifconfig options but have to occur first with
pfsync and bridge interfaces to make netstart happy?
I'm not sure it matters.)
> Which brings me back to the question of how the demotion counter
> works,
There is some usage information in ifconfig(8), and you can look at
/etc/rc to see how it's being used.
Thanks. I'd gone though ifconfig, but have now looked at (IIRC)
carp.c and /etc/rc. As you point out I don't need to mess
with the demotion counter because rc has already done
so while rc.local is running. This is good because at
first glance the demotion counter appears to be modulo 256
and with rc modifying it in increments of 128 and bgp
and whatnot also modifying it I was concerned that any
changes I might introduce could lead to overflow.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
