bsalg: parser failed

Hi

Upgraded a M370 cluster from 12.8.1 to 12.8.2 and getting this error logged every second or so:

kernel [ 3466.097047] bsalg: parser failed

I am not sure, if this was present in 12.8.1, but i do not believe so. Google says it is related to snmp nat´ing (?) but as far as i can tell all snmp to the box works and also through the box.
When i disable snmp monitoring of the box (the snmp server is behind the box) i still get the error logged, so i do think it could related to the snmp packets going through a firewall filter.

Anybody else seeing this?

/Robert

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @rv@kaufmann.dk
    bsalg is related to SNMP and usually appears when an invalid OID is requested from the firewall.

    I would suggest turning up logging to debug for management and firewall in Setup -> Logging -> Diagnostic Log Level. bsalg should spit out what OID it's complaining about with logging there.

    -James Carson
    WatchGuard Customer Support

  • Hi @james.carson

    This looks as a bug in fireware. It is not related to snmp requests to the firebox itself. Even when snmp is disabled on the firebox the bsalg error is logged.

    This is caused, if you have snmp packets traverse your external (wan) interface which is doing NAT , excluding any ipsec tunnels. Snmp packets traversing vpn tunnels are not effected.

    No matter if "Use NAT connections through the snmp application layer gateway" is enabled or disabled make no difference.

    This should be very easy to replicate.

    /Robert

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @rv@kaufmann.dk
    I'll look into this and if I can get it reproduced I'll get it logged as a bug.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.