pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162018-07-23T04:50:37ZpfSense bugtracker
Redmine pfSense - Bug #8678 (Resolved): unexpected error string on web page services_dhcpv6.phphttps://redmine.pfsense.org/issues/86782018-07-23T04:50:37ZConstantine Kormashev
<p>In case any actions are performed on services_dhcpv6.php error string appears at the page's frame:<br /><pre>
Warning: Illegal string offset 'item' in /usr/local/www/services_dhcpv6.php on line 959
</pre></p> pfSense - Bug #8630 (Resolved): Web-GUI PHP error in brige after removing all interfaces were in ...https://redmine.pfsense.org/issues/86302018-07-10T02:02:38ZConstantine Kormashev
<p>If device has several interfaces in bridge and all those interfaces are deleted, Web-GUI shows error in <a class="external" href="https://&lt;addr&gt;/interfaces_bridge.php">https://&lt;addr&gt;/interfaces_bridge.php</a><br /><pre>
Warning: Illegal string offset 'bridged' in /usr/local/www/interfaces_bridge.php on line 32 Warning:
Illegal string offset 'bridged' in /usr/local/www/interfaces_bridge.php on line 35
Fatal error: Uncaught Error: Cannot create references to/from string offsets in /usr/local/www/interfaces_bridge.php: 35
Stack trace: #0 {main} thrown in /usr/local/www/interfaces_bridge.php on line 35
PHP ERROR: Type: 1, File: /usr/local/www/interfaces_bridge.php, Line: 35, Message:
Uncaught Error: Cannot create references to/from string offsets in /usr/local/www/interfaces_bridge.php:35 Stack trace: #0 {main} thrown
</pre><br />Looks like this is reaction on empty <code><bridge></bridge></code> section of config. <br />Before deleting interfaces:<br /><pre>
<bridged>
<members>lan,opt1,opt2</members>
<descr><![CDATA[BRIDGE]]></descr>
<maxaddr></maxaddr>
<timeout></timeout>
<maxage></maxage>
<fwdelay></fwdelay>
<hellotime></hellotime>
<priority></priority>
<proto>rstp</proto>
<holdcnt></holdcnt>
<ip6linklocal></ip6linklocal>
<ifpriority></ifpriority>
<ifpathcost></ifpathcost>
<edge>lan,opt1,opt2</edge>
<bridgeif>bridge0</bridgeif>
</bridged>
</pre><br />After deleting interfaces:<br /><pre>
<bridges>
</bridges>
</pre><br />Config without bridges does not have this section at all. Maybe it would be better to delete bridge in case all interfaces composed bridge are not available.</p> pfSense - Bug #8567 (New): Using IPv6 VIP alias for services may affect CARP IPv6 VIP workhttps://redmine.pfsense.org/issues/85672018-06-12T13:26:37ZConstantine Kormashev
<p>During investigation of customer request found IPv6 VIP alias for services may affect CARP IPv6 VIP work. CARP IPv6 VIPs may stops their work until device reboot.<br />For some unknown reason CARP IPv6 VIP stops working even in L2 segments in case IPv6 alias which was bound with service. It produces error during ping <em>Can't assign requested address</em> E.g. some alias was IPsec interface. In that case the alias still works tunnel established and keep-alive work, traffic forwarded via tunnel, but CARP IPv6 VIPs stop their work. Just changing service address does not help, device needs reboot.<br />May be related <a class="external" href="https://redmine.pfsense.org/issues/8566">https://redmine.pfsense.org/issues/8566</a></p> pfSense - Bug #8566 (New): Wrong IPv6 source in NS request in case using of IPv6 aliashttps://redmine.pfsense.org/issues/85662018-06-12T13:26:08ZConstantine Kormashev
<p>During investigation of customer request found system uses wrong IPv6 sources for NS requests therefore they never be completed. For unknown reason system tries to send NS from other IPv6 address which is defined on the same interface. This address is bound with service that tries to establish connection, in this case this is IPsec.<br />Lab example:<br />1st device pf3 has primary IPv6 2003::10/64 and additional alias 2001::2/64<br />2nd device pf4 has primary IPv6 2002::11/64 and additional alias 2001::1/64</p>
<p>2001::0/64 serves for connection between devices. Each of them has a route via this network to primary IPv6 address of another. IPsec setup on these primary IPv6 addresses.</p>
<p>2003::10/64 and 2002::11/64 try to get MAC of 2001::1/64 and 2001::2/64 that are in another network:<br />21 10.557327 <strong>2003::10</strong> ff02::1:ff00:1 ICMPv6 86 Neighbor Solicitation for <strong>2001::1</strong> from 00:0c:29:8e:58:2e<br />22 10.618536 <strong>2002::11</strong> ff02::1:ff00:2 ICMPv6 86 Neighbor Solicitation for * 2001::2* from 00:0c:29:82:01:e2</p>
<p>Valid request from device with 2003::10/64 and 2001::2/64. I made one with ping6 -S 2001::2 2001::1<br />27 13.699943 <strong>2001::2</strong> ff02::1:ff00:1 ICMPv6 86 Neighbor Solicitation for <strong>2001::1</strong> from 00:0c:29:8e:58:2e<br />29 13.700148 2001::1 2001::2 ICMPv6 86 Neighbor Advertisement 2001::1 (rtr, sol, ovr) is at 00:00:5e:00:01:2c</p>
<p>After valid NS/NA 2003::10/64 can ping 2001::1/64<br />41 14.819118 2003::10 2001::1 ICMPv6 62 Echo (ping) request id=0x4b40, seq=9843, hop limit=64 (reply in 42)<br />42 14.819166 2001::1 2003::10 ICMPv6 62 Echo (ping) reply id=0x4b40, seq=9843, hop limit=64 (request in 41)</p>
<p>VM configs and pcaps are in attachment</p> pfSense - Bug #8502 (Confirmed): main (top) menu items do not drop down in some cases https://redmine.pfsense.org/issues/85022018-05-09T08:26:31ZConstantine Kormashev
<p>During testing php7 found main (top) menu items do not drop down on final pages of some pkgs, e.g. arpping, mtr. These pkgs do not have a problem themselves, stat page, processing and result page are well, this is only web-gui menu issue.<br />Stephen Beaver confirmed this is not php7 related issue.</p> pfSense - Bug #8494 (Resolved): pressing Enter in pftop filter field redirects to another pagehttps://redmine.pfsense.org/issues/84942018-05-03T04:40:52ZConstantine Kormashev
<p>If I press Enter in pftop filter field system redirects me to another page instead showing result in Output frame.</p>
<p>E.g.<br />for <code>host 1.1.1.1</code> it shows<br /><pre>
pfTop: Up State no entries (8), View: default, Order: bytes PR DIR SRC DEST STATE AGE EXP PKTS BYTES
</pre><br /><img src="https://redmine.pfsense.org/attachments/download/2411/1111.png" title="1.1.1.1" alt="1.1.1.1" /></p>
<p>for <code>host 172.21.41.127</code> it shows<br /><pre>
pfTop: Up State 1-2/2 (9), View: default, Order: bytes PR DIR SRC DEST STATE AGE EXP PKTS BYTES udp In 172.21.41.127:1194 172.21.41.138:1194 MULTIPLE:MULTIPLE 01:21:35 00:00:58 1285 169271 udp In 172.21.41.127:17500 172.21.41.255:17500 NO_TRAFFIC:SINGLE 00:16:39 00:00:22 34 6664
</pre><br /><img src="https://redmine.pfsense.org/attachments/download/2412/1722141127.png" title="172.21.41.127" alt="172.21.41.127" /></p>
<p>And for any wrong syntax request it shows<br /><pre>
Invalid filter, check syntax
</pre><br /><img src="https://redmine.pfsense.org/attachments/download/2413/err.png" title="syntax error" alt="syntax error" /></p>
<p>Video demonstrates the issue:<br /><a class="external" href="https://youtu.be/TWqdtVJSO_8?t=3m9s">https://youtu.be/TWqdtVJSO_8?t=3m9s</a></p> pfSense - Bug #8493 (Not a Bug): Assigned OpenVPN interface does not send traffic via right route...https://redmine.pfsense.org/issues/84932018-05-03T03:25:55ZConstantine Kormashev
<p>In case of using several OpenVPN instances, e.g. Client (has its own default route) and Server on pfsense, assigned OpenVPN server interface does not send traffic via right route until device reboot (in some cases until pf restart).<br />I can see states and input traffic (10.0.10.0/24) on appropriate interface (OPT1) but does not see one output interface (LAN 10.0.11.0/24). Instead that I observe this traffic on WAN (default route) interface.<br /><pre>
OPT1 icmp 10.0.10.2:1 -> 10.0.11.1:1 0:0 2 / 2 120 B / 120 B
</pre><br />Before reboot<br />OPT1<br /><pre>
IP 10.0.10.2 > 10.0.11.1: ICMP echo request, id 1, seq 157, length 40
IP 10.0.10.2 > 10.0.11.1: ICMP echo request, id 1, seq 158, length 40
</pre><br />WAN<br /><pre>
IP 10.0.11.1 > 10.0.10.2: ICMP echo reply, id 1, seq 157, length 40
IP 10.0.11.1 > 10.0.10.2: ICMP echo reply, id 1, seq 158, length 40
</pre><br />After reboot:<br />OPT1 and LAN<br /><pre>
IP 10.0.10.2 > 10.0.11.1: ICMP echo request, id 1, seq 137, length 40
IP 10.0.11.1 > 10.0.10.2: ICMP echo reply, id 1, seq 137, length 40
IP 10.0.10.2 > 10.0.11.1: ICMP echo request, id 1, seq 138, length 40
IP 10.0.11.1 > 10.0.10.2: ICMP echo reply, id 1, seq 138, length 40
</pre></p>
<p>The issue affects Intel and ARM</p> pfSense - Bug #8464 (New): Wireless USB card does not connect to WiFi automatically after reboot/...https://redmine.pfsense.org/issues/84642018-04-17T03:35:41ZConstantine Kormashev
<p>Wireless USB card on Realtek RTL8192SU chipset in BSS mode does not connect to WiFi until wilreless interface is set to down and after to up state manually. E.g. after device reboot.<br />There is not any problem with forwarding in case device already connected to WiFi, problem happens only after device reboot/halt.<br />Tried with Dlink DWA131 (Realtek RTL8192SU) on 3100 and 2220.<br />During down/up interface there are messages in console:<br /><pre>
rsu0: rsu_join_bss: still scanning! (attempt 0)
rsu0_wlan0: ieee80211_new_state_locked: pending SCAN -> AUTH transition lost
</pre></p> pfSense Packages - Feature #7794 (Resolved): FRR pkg pfsense no metric-type option in OSPF redist...https://redmine.pfsense.org/issues/77942017-08-22T03:14:15ZConstantine Kormashev
<p>There is not <code>metric-type</code> option in OSPF redistribute section of web-interface. By default FRR makes redistribution with route-map without options. But even I use manual route-map for redistribution instead there is no set <code>metric-type</code> option for OSPF IPv4 in web interface of route-map creation.</p> pfSense Packages - Feature #7793 (Resolved): FRR pkg pfsense web interface checking for RID is se...https://redmine.pfsense.org/issues/77932017-08-22T01:46:46ZConstantine Kormashev
<p>There is not any checking for RID in OSPF6 section in web interface now, but one must be, because in case there is not IPv4 interface at all RID is not defined and OSPF6 does not start.</p> pfSense Packages - Feature #7792 (Resolved): FRR pkg pfsense can not wok as ABR with stub areas (...https://redmine.pfsense.org/issues/77922017-08-22T01:26:29ZConstantine Kormashev
<p>Setup pfsense as ABR with several areas and found one does not work properly if one of areas is stub. There are two moments:<br />1. No opportunity to setup one of area as stub in web interface<br />2. Even raw config is used there is not stub option in OSPF Hello:<br /><code>*Aug 22 06:53:36.975: OSPF: Rcv hello from 172.16.150.43 area 0.0.0.1 from FastEthernet0/0.33 10.1.7.1<br />*Aug 22 06:53:36.975: OSPF: Hello from 10.1.7.1 with mismatched Stub/Transit area option bit</code></p> pfSense - Bug #7532 (Resolved): SG-1000 autonegotiation 10baseT speed and duplexhttps://redmine.pfsense.org/issues/75322017-05-09T01:29:47ZConstantine Kormashev
<p>During work on <a class="external" href="https://customercare.netgate.com/requests/show/index/id/19663">https://customercare.netgate.com/requests/show/index/id/19663</a> 10baseT speed and duplex issue was found.<br />SG-1000 can not correctly negotiate speed and duplex if on another side link is 10FD and can not correctly define own link condition if one is in 10FD. See examples below. If link is 100FD or auto there are not any issues.</p>
<p><strong>10FD</strong><br />FastEthernet0/16 is down, line protocol is down (notconnect) <br /> Hardware is Fast Ethernet, address is 0024.c4f0.5512 (bia 0024.c4f0.5512)<br /> MTU 1998 bytes, BW 10000 Kbit/sec, DLY 1000 usec, <br /> reliability 255/255, txload 1/255, rxload 1/255<br /> Encapsulation ARPA, loopback not set<br /> Keepalive set (10 sec)<br /><strong>Full-duplex, 10Mb/s, media type is 10/100BaseTX</strong><br /> input flow-control is off, output flow-control is unsupported <br /> ARP type: ARPA, ARP Timeout 04:00:00<br /> Last input 2w3d, output 00:06:26, output hang never<br /> Last clearing of "show interface" counters never<br /> Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0<br /> Queueing strategy: fifo<br /> Output queue: 0/40 (size/max)<br /> 5 minute input rate 0 bits/sec, 0 packets/sec<br /> 5 minute output rate 0 bits/sec, 0 packets/sec<br /> 1275 packets input, 99743 bytes, 0 no buffer<br /> Received 1274 broadcasts (1159 multicasts)<br /> 0 runts, 0 giants, 0 throttles<br /> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored<br /> 0 watchdog, 1159 multicast, 0 pause input<br /> 0 input packets with dribble condition detected<br /> 4700 packets output, 351100 bytes, 0 underruns<br /> 0 output errors, 0 collisions, 1 interface resets<br /> 0 unknown protocol drops<br /> 0 babbles, 0 late collision, 0 deferred<br /> 0 lost carrier, 0 no carrier, 0 pause output<br /> 0 output buffer failures, 0 output buffers swapped out</p>
<p><strong>10FD</strong><br />cpsw0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500<br /> options=8000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE><br /> ether 68:9e:19:8c:08:6e<br /> inet6 fe80::6a9e:19ff:fe8c:86e%cpsw0 prefixlen 64 scopeid 0x1 <br /> <strong>media: Ethernet 10baseT/UTP <full-duplex></strong><br /> <strong>status: no carrier</strong><br /> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL></p>
<p><strong>Auto</strong><br />FastEthernet0/16 is up, line protocol is up (connected) <br /> Hardware is Fast Ethernet, address is 0024.c4f0.5512 (bia 0024.c4f0.5512)<br /> MTU 1998 bytes, BW 10000 Kbit/sec, DLY 1000 usec, <br /> reliability 255/255, txload 1/255, rxload 1/255<br /> Encapsulation ARPA, loopback not set<br /> Keepalive set (10 sec)<br /> <strong>Half-duplex, 10Mb/s, media type is 10/100BaseTX</strong><br /> input flow-control is off, output flow-control is unsupported <br /> ARP type: ARPA, ARP Timeout 04:00:00<br /> Last input 2w3d, output 00:00:01, output hang never<br /> Last clearing of "show interface" counters never<br /> Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0<br /> Queueing strategy: fifo<br /> Output queue: 0/40 (size/max)<br /> 5 minute input rate 0 bits/sec, 0 packets/sec<br /> 5 minute output rate 0 bits/sec, 0 packets/sec<br /> 1275 packets input, 99743 bytes, 0 no buffer<br /> Received 1274 broadcasts (1159 multicasts)<br /> 0 runts, 0 giants, 0 throttles<br /> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored<br /> 0 watchdog, 1159 multicast, 0 pause input<br /> 0 input packets with dribble condition detected<br /> 4704 packets output, 351376 bytes, 0 underruns<br /> 0 output errors, 0 collisions, 1 interface resets<br /> 0 unknown protocol drops<br /> 0 babbles, 0 late collision, 0 deferred<br /> 0 lost carrier, 0 no carrier, 0 pause output</p>
<p><strong>10FD</strong><br />cpsw0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500<br /> options=8000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE><br /> ether 68:9e:19:8c:08:6e<br /> inet6 fe80::6a9e:19ff:fe8c:86e%cpsw0 prefixlen 64 scopeid 0x1 <br /> inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 <br /> <strong>media: Ethernet 10baseT/UTP <full-duplex></strong><br /> status: active<br /> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL></p>
<p><strong>10FD</strong><br />FastEthernet0/16 is up, line protocol is up (connected) <br /> Hardware is Fast Ethernet, address is 0024.c4f0.5512 (bia 0024.c4f0.5512)<br /> MTU 1998 bytes, BW 10000 Kbit/sec, DLY 1000 usec, <br /> reliability 255/255, txload 1/255, rxload 1/255<br /> Encapsulation ARPA, loopback not set<br /> Keepalive set (10 sec)<br /><strong>Full-duplex, 10Mb/s, media type is 10/100BaseTX</strong><br /> input flow-control is off, output flow-control is unsupported <br /> ARP type: ARPA, ARP Timeout 04:00:00<br /> Last input 2w3d, output 00:00:00, output hang never<br /> Last clearing of "show interface" counters never<br /> Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0<br /> Queueing strategy: fifo<br /> Output queue: 0/40 (size/max)<br /> 5 minute input rate 0 bits/sec, 0 packets/sec<br /> 5 minute output rate 0 bits/sec, 0 packets/sec<br /> 1428 packets input, 111343 bytes, 0 no buffer<br /> Received 1279 broadcasts (1159 multicasts)<br /> 0 runts, 0 giants, 0 throttles<br /> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored<br /> 0 watchdog, 1159 multicast, 0 pause input<br /> 0 input packets with dribble condition detected<br /> 5431 packets output, 425207 bytes, 0 underruns<br /> 0 output errors, 0 collisions, 2 interface resets<br /> 0 unknown protocol drops<br /> 0 babbles, 0 late collision, 0 deferred<br /> 0 lost carrier, 0 no carrier, 0 pause output<br /> 0 output buffer failures, 0 output buffers swapped out</p>
<p><strong>Auto</strong><br />cpsw0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500<br /> options=8000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE><br /> ether 68:9e:19:8c:08:6e<br /> inet6 fe80::6a9e:19ff:fe8c:86e%cpsw0 prefixlen 64 scopeid 0x1 <br /> inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 <br /> <strong>media: Ethernet autoselect (10baseT/UTP <half-duplex>)</strong><br /> status: active<br /> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL></p> pfSense - Bug #7235 (New): 4860 has not got significant IPsec performance rising with enabled HW ...https://redmine.pfsense.org/issues/72352017-02-08T01:47:07ZConstantine Kormashev
<p>During IPsec performance tests on 4860 I did not observe significant IPsec performance increasing if HW acceleration is enabled.<br />Average rising are: <br /><em>10% for AES128CBC<br />7% for AES128GCM</em><br />In comparison with 2440, 2440 gives:<br /><em>56% for AES128CBC<br />54% for AES128GCM</em><br /><strong>4860 tests:</strong><br /><em>128 GCM 34000pps</em><br /><pre>
kldstat
Id Refs Address Size Name
1 3 0xffffffff80200000 225edc0 kernel
2 1 0xffffffff82611000 3646 ichwd.ko
last pid: 62291; load averages: 4.48, 3.20, 1.62 up 0+00:10:24 06:51:23
55 processes: 2 running, 52 sleeping, 1 waiting
CPU 0: 19.3% user, 0.0% nice, 33.1% system, 27.6% interrupt, 20.1% idle
CPU 1: 0.0% user, 0.0% nice, 0.0% system, 99.2% interrupt, 0.8% idle
CPU 2: 17.3% user, 0.0% nice, 52.0% system, 0.0% interrupt, 30.7% idle
CPU 3: 16.1% user, 0.0% nice, 53.1% system, 0.0% interrupt, 30.7% idle
Mem: 55M Active, 40M Inact, 183M Wired, 38M Buf, 7613M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
12 root 45 -72 - 0K 720K WAIT 3 6:24 130.13% intr
77387 root 17 20 0 249M 14632K uwait 2 6:54 106.30% charon
11 root 4 155 ki31 0K 64K RUN 3 20:54 82.03% idle
18291 root 2 20 0 30144K 17988K usem 3 4:44 80.76% ntpd
0 root 32 -8 - 0K 512K - 0 1:30 2.59% kernel
</pre><br /><em>128 GCM 36500pps</em><br /><pre>
kldstat
Id Refs Address Size Name
1 6 0xffffffff80200000 225edc0 kernel
2 1 0xffffffff82611000 7577 aesni.ko
3 1 0xffffffff82619000 3646 ichwd.ko
last pid: 98195; load averages: 4.41, 3.26, 1.77 up 0+00:09:07 07:06:31
55 processes: 4 running, 51 sleeping
CPU 0: 12.2% user, 0.0% nice, 32.2% system, 33.7% interrupt, 22.0% idle
CPU 1: 19.6% user, 0.0% nice, 55.7% system, 0.0% interrupt, 24.7% idle
CPU 2: 17.3% user, 0.0% nice, 57.3% system, 0.0% interrupt, 25.5% idle
CPU 3: 0.0% user, 0.0% nice, 100% system, 0.0% interrupt, 0.0% idle
Mem: 52M Active, 37M Inact, 183M Wired, 30M Buf, 7619M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
25406 root 17 92 0 249M 14692K CPU1 1 8:44 106.54% charon
0 root 32 -8 - 0K 512K - 0 0:47 100.00% kernel
16732 root 2 20 0 30144K 17988K kqread 2 6:21 80.57% ntpd
11 root 4 155 ki31 0K 64K RUN 3 9:51 77.98% idle
12 root 45 -72 - 0K 720K RUN 3 9:17 28.37% intr
</pre></p>
<p><em>128 CBC 34000pps</em><br /><pre>
kldstat
Id Refs Address Size Name
1 3 0xffffffff80200000 225edc0 kernel
2 1 0xffffffff82611000 3646 ichwd.ko
last pid: 66419; load averages: 4.54, 2.28, 1.03 up 0+00:08:24 07:23:31
55 processes: 3 running, 51 sleeping, 1 waiting
CPU 0: 18.0% user, 0.0% nice, 33.7% system, 27.1% interrupt, 21.2% idle
CPU 1: 0.8% user, 0.0% nice, 0.0% system, 98.8% interrupt, 0.4% idle
CPU 2: 20.8% user, 0.0% nice, 51.0% system, 0.0% interrupt, 28.2% idle
CPU 3: 20.4% user, 0.0% nice, 43.5% system, 18.0% interrupt, 18.0% idle
Mem: 52M Active, 38M Inact, 182M Wired, 26M Buf, 7621M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
25895 root 17 92 0 249M 14296K CPU0 0 3:56 101.76% charon
12 root 45 -72 - 0K 720K WAIT 3 1:27 92.04% intr
11 root 4 155 ki31 0K 64K RUN 3 21:23 78.86% idle
18871 root 2 20 0 30144K 17988K usem 1 2:42 75.49% ntpd
0 root 32 -8 - 0K 512K - 0 3:07 39.26% kernel
</pre></p>
<p><em>128 CBC 36500pps</em><br /><pre>
kldstat
Id Refs Address Size Name
1 6 0xffffffff80200000 225edc0 kernel
2 1 0xffffffff82611000 7577 aesni.ko
3 1 0xffffffff82619000 3646 ichwd.ko
last pid: 97408; load averages: 5.05, 3.99, 2.54 up 0+00:14:56 07:12:20
55 processes: 3 running, 51 sleeping, 1 waiting
CPU 0: 14.9% user, 0.0% nice, 26.7% system, 36.1% interrupt, 22.4% idle
CPU 1: 18.4% user, 0.0% nice, 53.3% system, 0.0% interrupt, 28.2% idle
CPU 2: 14.9% user, 0.0% nice, 59.2% system, 0.0% interrupt, 25.9% idle
CPU 3: 0.0% user, 0.0% nice, 100% system, 0.0% interrupt, 0.0% idle
Mem: 53M Active, 38M Inact, 184M Wired, 36M Buf, 7616M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
25406 root 17 92 0 249M 14908K CPU1 1 14:30 103.47% charon
0 root 32 -8 - 0K 512K - 0 4:21 100.00% kernel
16732 root 2 20 0 30144K 17988K usem 1 10:30 85.35% ntpd
11 root 4 155 ki31 0K 64K RUN 3 16:21 79.59% idle
12 root 45 -72 - 0K 720K WAIT 3 12:38 27.78% intr
</pre></p>
<pre>
uname -a
FreeBSD pfSense.localdomain 10.3-RELEASE-p9 FreeBSD 10.3-RELEASE-p9 #1 5fc1b19(RELENG_2_3_2): Tue Sep 27 12:25:49 CDT 2016 root@factory23-amd64-builder:/builder/factory-232/tmp/obj/builder/factory-232/tmp/FreeBSD-src/sys/pfSense amd64
</pre> pfSense - Bug #7234 (Closed): ntpd overload during IPsec session without HW accelerationhttps://redmine.pfsense.org/issues/72342017-02-08T01:24:16ZConstantine Kormashev
<p>During performance test 2440 I noticed quite strange behavior of ntpd. One overloads CPU core during IPsec session if HW acceleration is disabled:<br /><pre>
kldstat
Id Refs Address Size Name
1 1 0xffffffff80200000 225ede0 kernel
</pre><br /><pre>
last pid: 42143; load averages: 3.41, 2.35, 1.15 up 0+00:07:28 09:19:23
54 processes: 2 running, 51 sleeping, 1 waiting
CPU 0: 9.4% user, 0.0% nice, 20.4% system, 65.9% interrupt, 4.3% idle
CPU 1: 18.4% user, 0.0% nice, 53.7% system, 0.0% interrupt, 27.8% idle
Mem: 45M Active, 39M Inact, 140M Wired, 21M Buf, 3676M Free
Swap: 3647M Total, 3647M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
16307 root 2 20 0 30144K 17988K usem 1 1:28 *100.00% ntpd*
23986 root 17 21 0 217M 13796K uwait 0 3:15 80.66% charon
11 root 2 155 ki31 0K 32K RUN 1 6:20 12.16% idle
12 root 27 -72 - 0K 432K WAIT 1 2:56 2.49% intr
0 root 20 -8 - 0K 320K - 0 0:22 0.00% kernel
</pre></p>
<p>If HW acceleration is enabled there is not issues with ntpd, one sometimes can load CPU about 3-5% for several seconds:<br /><pre>
kldstat
Id Refs Address Size Name
1 4 0xffffffff80200000 225ede0 kernel
2 1 0xffffffff82611000 7577 aesni.ko
</pre><br /><pre>
last pid: 99164; load averages: 5.32, 2.80, 1.22 up 3+14:47:13 09:04:56
54 processes: 3 running, 50 sleeping, 1 waiting
CPU 0: 4.3% user, 0.0% nice, 15.7% system, 80.0% interrupt, 0.0% idle
CPU 1: 8.2% user, 0.0% nice, 21.6% system, 70.2% interrupt, 0.0% idle
Mem: 11M Active, 75M Inact, 153M Wired, 382M Buf, 3661M Free
Swap: 3647M Total, 3647M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
12 root 27 -72 - 0K 432K WAIT 1 51:30 200.00% intr
11 root 2 155 ki31 0K 32K RUN 1 171.4H 2.83% idle
15438 root 2 20 0 30144K 17988K usem 0 7:20 *0.49% ntpd*
53451 root 17 72 0 217M 14684K RUN 0 0:50 0.20% charon
0 root 20 -8 - 0K 320K - 0 8:28 0.00% kernel
</pre></p>
<p>Checked on 2440<br /><pre>
uname -a
FreeBSD pfSense.localdomain 10.3-RELEASE-p5 FreeBSD 10.3-RELEASE-p5 #0 7307492(RELENG_2_3_2): Tue Jul 19 13:29:35 CDT 2016 root@ce23-amd64-builder:/builder/pfsense-232/tmp/obj/builder/pfsense-232/tmp/FreeBSD-src/sys/pfSense amd64
</pre></p>
<p>Checked on 4860. For this device it does not matter is HW acceleration enabled or disabled, picture is same. (I have got strong suspicion there is an issue with HW acceleration on 4860)<br /><pre>
uname -a
FreeBSD pfSense.localdomain 10.3-RELEASE-p9 FreeBSD 10.3-RELEASE-p9 #1 5fc1b19(RELENG_2_3_2): Tue Sep 27 12:25:49 CDT 2016 root@factory23-amd64-builder:/builder/factory-232/tmp/obj/builder/factory-232/tmp/FreeBSD-src/sys/pfSense amd64
</pre></p> pfSense - Bug #7166 (Resolved): During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault...https://redmine.pfsense.org/issues/71662017-01-27T06:54:18ZConstantine Kormashev
<p>During bandwidth test 4860 on today 2.4 got `Fatal trap 12: page fault while in kernel mode`<br />FreeBSD pfSense.localdomain 11.0-RELEASE-p6 FreeBSD 11.0-RELEASE-p6 <a class="issue tracker-1 status-6 priority-4 priority-default closed" title="Bug: PfSense 1.2.2 only halt (Rejected)" href="https://redmine.pfsense.org/issues/85">#85</a> 8370c2ed409(RELENG_2_4): Thu Jan 26 14:39:07 CST 2017 <a class="email" href="mailto:root@buildbot2.netgate.com">root@buildbot2.netgate.com</a>:/builder/ce/tmp/obj/builder/ce/tmp/FreeBSD-src/sys/pfSense amd64<br />Trace in attachment<br />There are not any settings besides IP on LAN/WAN, 1-2 rules on both interfaces and a couple routes<br />Perhaps same as <a class="external" href="https://redmine.pfsense.org/issues/6257">https://redmine.pfsense.org/issues/6257</a></p>