On 20.4.2022. 23:22, Alexandr Nedvedicky wrote: > Hello, > > On Wed, Apr 20, 2022 at 03:43:06PM +0200, Alexander Bluhm wrote: >> On Sat, Apr 09, 2022 at 01:51:05AM +0200, Alexandr Nedvedicky wrote: >>> updated diff is below. >> I am not sure what Hrvoje actually did test and what not. My >> impression was, that he got a panic with the previous version of >> this diff, but the machine was stable with the code in current. >> >> But maybe I got it wrong and we need this code to run pfsync with >> IPsec in parallel. > that's correct. Hrvoje was testing several diffs stacked > on each other: > diff which enables parallel forwarding > diff which fixes tunnel descriptor block handling (tdb) for ipsec > diff which fixes pfsync
Yes, panics that we exchange privately was on production and I couldn't reproduce them in lab. In production I don't have ipsec, only simple pfsync setup. It seems to me that pfsync mpfloor diff solved panics that I had in production. At the same time I was running sasyncd setup with 5 site-to-site ipsec tunnels with same diffs and for now it seems stable ..
