Hi, > Are you sure that fw1 is sending and not receiving those? The only way > to be really sure is to use "tcpdump -D out".
The sender IP was the one I assigned to fw1, but I retested it anyway with -D out and I can confirm that there is a difference between the demote count displayed by ifconfig and the one transmitted over to fw2. > Not sure what's going on yet, but the following may provide more hints: > - bump net.inet.carp.log to 3 > - check "netstat -s -p carp" > - if you use pfsync, use "no-sync" on the carp pass rules The no-sync shouldn't change anything, as I had previously set 'no state' on the carp rule. pfsync can't sync states that don't exist, can it? :-) Anyway, using either 'no state' or 'no-sync' doesn't change anything. Bumping net.inet.carp.log value only reports the demotion: carp:carp0 demoted group carp by 1 to 2 (> snderrors) carp:carp1 demoted group carp by 1 to 2 (> snderrors) And then, a few state transitions later: carp: carp0 demoted group carp by -1 to 1 (< snderrors) which corresponds to me trying to reset the demote counter back to 0. 'netstat -sp carp' doesn't give any information I consider useful, besides the number of IPv4/IPv6 packets sent and received, as well as the number of transitions to master. Marios
