On 04/07/2023 11:45, Alexandr Nedvedicky wrote: > Hello, > > On Tue, Jul 04, 2023 at 11:22:34AM +0300, Kapetanakis Giannis wrote: >> Hello, >> >> I will try your diff, but since I have to completely turn off mail service >> it might take a while. >> >> Meanwhile, just a wild guess from my side, although I'm not a dev: >> >> It seems to me that a table is being removed, specifically the table that has >> the hosts for the redirect. It's like after some active sessions expire >> (1-2min delay), the table is being removed like it's not persistent. Why did >> the table was removed on the first place? Maybe because there was no active >> host inside that table (table empty). > 'why table got removed?' is the right question. the tables are being > removed by kill_tables() function in pfe_filter.c. The function itself is > being called on behalf of flush_rulesets(), which is called by > pfe_shutdown(). > also remember logs you've captured cleanly indicate we are on shutdown > road. > so there is a next question: how relayd process got to its shutdown path? > > also the relayd which exits: does it run on primary firewall or on secondary > one?
It's always on the primary ONLY. I see the tables have 3 status active disabled when manually being disabled by relayctl table disable and "empty" when all hosts inside have been disabled. This is our case. I'm trying to find a way to replicate the issue without disrupting the production service. I've made a copy of the tables and redirects to another IP but I cannot replicate the issue. If I have no active sessions from the redirect, nothing happens. Even with open openssl s_client to 993/995 didn't trigger it either. 13 redirect dir2-imap down 13 table dir2:993 empty 26 host dir12 disabled 27 host dir22 disabled 14 redirect dir2-pop down 14 table dir2_:995 empty 28 host dir12 parent 26 disabled 29 host dir22 parent 27 disabled 15 redirect dir2-lmtp down 15 table dir2_:24 empty 30 host dir12 parent 26 disabled 31 host dir22 parent 27 disabled 16 redirect dir2-sieve down 16 table dir2_:4190 empty 32 host dir12 parent 26 disabled 33 host dir22 parent 27 disabled all anchors are there. G this is without your last diff
