pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162020-07-19T05:48:09ZpfSense bugtracker
Redmine pfSense Packages - Bug #10775 (Resolved): pfblockerNG SBL_ADs and hpHosts are not reachable anymorehttps://redmine.pfsense.org/issues/107752020-07-19T05:48:09ZConstantine Kormashev
<p>Following entries of pfblockerNG pkg are not reachable for a long time, we have some tickets and also I can see some forum and reddit topics about this.<br />This is upstream issue, those entries have to be changed or removed from feeds.</p>
<p>SBL_ADs<br /><a class="external" href="https://www.squidblacklist.org/downloads/dg-ads.acl">https://www.squidblacklist.org/downloads/dg-ads.acl</a><br />hpHosts_ATS<br /><a class="external" href="https://hosts-file.net/ad_servers.txt">https://hosts-file.net/ad_servers.txt</a><br />hpHosts_EMD<br /><a class="external" href="https://hosts-file.net/emd.txt">https://hosts-file.net/emd.txt</a><br />hpHosts_EXP<br /><a class="external" href="https://hosts-file.net/exp.txt">https://hosts-file.net/exp.txt</a><br />hpHosts_FSA<br /><a class="external" href="https://hosts-file.net/fsa.txt">https://hosts-file.net/fsa.txt</a><br />hpHosts_GRM<br /><a class="external" href="https://hosts-file.net/grm.txt">https://hosts-file.net/grm.txt</a><br />hpHosts_HFS<br /><a class="external" href="https://hosts-file.net/hfs.txt">https://hosts-file.net/hfs.txt</a><br />hpHosts_HJK<br /><a class="external" href="https://hosts-file.net/hjk.txt">https://hosts-file.net/hjk.txt</a><br />hpHosts_MMT<br /><a class="external" href="https://hosts-file.net/mmt.txt">https://hosts-file.net/mmt.txt</a><br />hpHosts_PHA<br /><a class="external" href="https://hosts-file.net/pha.txt">https://hosts-file.net/pha.txt</a><br />hpHosts_PSH<br /><a class="external" href="https://hosts-file.net/psh.txt">https://hosts-file.net/psh.txt</a><br />hpHosts_PUP<br /><a class="external" href="https://hosts-file.net/pup.txt">https://hosts-file.net/pup.txt</a><br />hpHosts_WRZ<br /><a class="external" href="https://hosts-file.net/wrz.txt">https://hosts-file.net/wrz.txt</a></p> pfSense Packages - Bug #10503 (New): Flapping any GW in multi-WAN influences restating all IPsec ...https://redmine.pfsense.org/issues/105032020-04-28T08:24:55ZConstantine Kormashev
<p>There are 2 nodes with a multi-WAN setup: 2 WANs, 2 Gateways. The are 2 IPsec VTI tunnel every working through its own Gateway.<br />There is a FRR BGP setup with sessions via IPsec VTI tunnels. But both sessions sends and receives updates using loopback interfaces and static routes via IPsec VTI.</p>
<pre>
+->loopback1-->IPsec VTI1-->WANGW1--v v--WANGW3<--IPsec VTI3<--loopback3<-+
Node1 | +->the internet<-+ | Node2
+->loopback2-->IPsec VTY2-->WANGW2--^ ^--WANGW4<--IPsec VTI4<--loopback4<-+
</pre>
<p>FRR recursively finds Next-Hop for BGP routes via static routes via IPsec. So Node1 can reach routes that are behind Node2 via Node2 loopbacks (loopback3 and loopback4) and vice versa, Node2 can reach Node1 routes via loopback1 and loopback2.<br />If one of Gateway flapping, even if it is not default Gateway, it seems leading to remove static routes for all IPsec tunnel, due event /rc.newipsecdns and ipsec_reload_package_hook() which executes<br /><pre>
`function frr_ipsec_reload() {
require_once('interfaces.inc');
$vti_ifs = array_keys(interface_ipsec_vti_list_all());
foreach ($vti_ifs as $vif) {
mwexec('/usr/local/bin/frrctl cycleinterface ' . escapeshellarg($vif));
}
}`
</pre><br />The interesting thing here is that, existing BGP routes and BGP table entries are not removed from FRR routing table and BGP table, probably because BGP large session timeout. But at the same time these BGP routes are removed from system routing table. And the more interesting, is that, even if static routes via IPsec returned to system routing table and FRR routing table, these BGP routes are not exported back to system routing table by FRR.<br />On system it looks like:</p>
<p>Static routes through IPsec in FRR table<br /><pre>
K>* 25.0.0.1/32 [0/0] via 66.0.0.1, 1d01h00m
K>* 26.0.0.1/32 [0/0] via 66.0.1.1, 1d01h00m
</pre></p>
<p>BGP routes in FRR table<br /><pre>
B> 10.16.0.0/16 [20/0] via 25.0.0.1 (recursive), 2d05h00m
* via 66.0.0.1, 2d05h00m
</pre></p>
<p>FRR BGP entries<br /><pre>
* 10.16.0.0/16 25.0.0.1 0 50 65501 i
*> 26.0.0.1 0 150 100 65501 i
</pre></p>
<p>System route table has static routes through IPsec<br /><pre>
25.0.0.1/32 66.0.0.1 UGS 3750 1400 ipsec3000
26.0.0.1/32 66.0.1.1 UGS 3752 1400 ipsec1000
</pre></p>
<p>But there are not BGP routes even if they, as we can see, exist in FRR routing table and BGP table. Pay attention on routes uptime. BGP session uptime is the same as BGP routes uptime.</p> pfSense - Bug #9867 (Resolved): Packet Capture IPv6 rejects all packets if CARP type is set in Pr...https://redmine.pfsense.org/issues/98672019-10-31T07:53:14ZConstantine Kormashev
<p>Packet Capture IPv6 rejects all packets if <strong>CARP</strong> type is set in <strong>Protocol</strong> field.<br />It might be an upstream issue.</p>
<pre>
tcpdump -i vmx0 ip6 and carp
tcpdump: expression rejects all packets
</pre> pfSense Packages - Bug #8944 (Duplicate): attemp of installing pfblocker brakes system on 2.4.3https://redmine.pfsense.org/issues/89442018-09-25T04:47:08ZConstantine Kormashev
<p>Any attempt to install pfblocker on clean 2.4.3-p1 breaks system.<br />Errors during installation:<br /><pre>
Sep 25 08:20:30 pfSense php-fpm[329]: /pkg_mgr_install.php: PHP ERROR: Type: 64, File: /etc/inc/radius.inc, Line: 50, Message: require_once(): Failed opening required '/usr/local/share/pear/PEAR.php' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form:/usr/local/share/pear')
Sep 25 08:20:30 pfSense php-fpm[329]: /pkg_mgr_install.php: New alert found: PHP ERROR: Type: 64, File: /etc/inc/radius.inc, Line: 50, Message: require_once(): Failed opening required '/usr/local/share/pear/PEAR.php' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form:/usr/local/share/pear')
</pre></p>
<p>System generates many php warnings related to some shared objects.<br /><pre>
...many similar messages...
"/usr/local/lib/php/20131226/zmq.so.so")) in Unknown on line 0
[25-Sep-2018 08:42:50 UTC] PHP Warning: PHP Startup: Unable to load dynamic library 'pdo_sqlite.so' (tried: /usr/local/lib/php/20131226/pdo_sqlite.so (Cannot open "/usr/local/lib/php/20131226/pdo_sqlite.so"), /usr/local/lib/php/20131226/pdo_sqlite.so.so (Cannot open "/usr/local/lib/php/20131226/pdo_sqlite.so.so")) in Unknown on line 0
[25-Sep-2018 08:42:50 UTC] PHP Warning: PHP Startup: Unable to load dynamic library 'xmlreader.so' (tried: /usr/local/lib/php/20131226/xmlreader.so (Cannot open "/usr/local/lib/php/20131226/xmlreader.so"), /usr/local/lib/php/20131226/xmlreader.so.so (Cannot open "/usr/local/lib/php/20131226/xmlreader.so.so")) in Unknown on line 0
[25-Sep-2018 08:42:50 Etc/UTC] PHP Fatal error: Uncaught Error: Call to undefined function gettext() in /etc/inc/certs.inc:44
Stack trace:
#0 /etc/inc/functions.inc(32): require_once()
#1 /etc/inc/notices.inc(24): require_once('/etc/inc/functi...')
#2 /etc/inc/config.inc(49): require_once('/etc/inc/notice...')
#3 /etc/rc.packages(28): require_once('/etc/inc/config...')
#4 {main}
thrown in /etc/inc/certs.inc on line 44
</pre></p>
<p>Problem is system does not complete boot process: interfaces do not have addresses, pf is not stated, any attempts of execute php lead to errors:</p>
<pre>
PHP ERROR: Type: 64, File: /etc/inc/config.inc, Line: 51, Message: require_once(): Failed opening required 'Net/IPv6.php' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form:/usr/local/share/pear')
</pre>
<p><img src="https://redmine.pfsense.org/attachments/download/2591/err.png" alt="" /></p>
<p>I am not sure, but have small suspicious php errors like this might affect update to 2.4.4. Because we have got some tickets with the same error messages (e.g. <a class="issue tracker-2 status-3 priority-4 priority-default closed" title="Feature: Eliminate duplicate shell commands from history file (Resolved)" href="https://redmine.pfsense.org/issues/12741">#12741</a>).</p>
<p>The issue affects only 2.4.3-p1. Versions 2.4.4 and 2.3.4-p1 are able to install pfblocker without trouble.</p> pfSense - Bug #8880 (Resolved): [PHP7] warning on system_gateways.php and extra item in gateways ...https://redmine.pfsense.org/issues/88802018-09-10T06:24:45ZConstantine Kormashev
<p>244-RC<br /><pre>
FreeBSD pf5100v.lab 11.2-RELEASE-p2 FreeBSD 11.2-RELEASE-p2 #1 d792717682e(factory-RELENG_2_4_4): Thu Sep 6 00:07:43 EDT 2018 root@buildbot3:/crossbuild/244/obj/amd64/as0Ifpf7/crossbuild/244/pfSense/tmp/FreeBSD-src/sys/pfSense amd64
</pre></p>
<p>I got a php warning after deleting gateway group and switching to gateways<br /><pre>
Warning: Illegal string offset 'inactive' in /etc/inc/gwlb.inc on line 601
Warning: Illegal string offset 'monitor' in /etc/inc/gwlb.inc on line 646
Warning: Illegal string offset 'friendlyiface' in /etc/inc/gwlb.inc on line 653
Warning: Illegal string offset 'interface' in /etc/inc/gwlb.inc on line 659
Warning: Cannot assign an empty string to a string offset in /etc/inc/gwlb.inc on line 659
Warning: Illegal string offset 'attribute' in /etc/inc/gwlb.inc on line 672
</pre><br />Also I can see extra object 0</p>
<p><img src="https://redmine.pfsense.org/attachments/download/2569/err.png" alt="" /></p>
<p>There is difference between old and current config:<br /><pre>
--- /conf/backup/config-1536577702.xml 2018-09-10 14:08:31.633812000 +0300
+++ /conf/config.xml 2018-09-10 14:08:31.646044000 +0300
@@ -1947,8 +1947,8 @@
</domainoverrides>
</unbound>
<revision>
- <time>1536577702</time>
- <description><![CDATA[admin@192.168.129.2 (Local Database): System - Gateways: save default gateway]]></description>
+ <time>1536577711</time>
+ <description><![CDATA[admin@192.168.129.2 (Local Database): Gateway Groups: removed gateway group 0]]></description>
<username>admin@192.168.129.2 (Local Database)</username>
</revision>
<cert>
@@ -2261,15 +2261,9 @@
</ppp>
</ppps>
<gateways>
- <gateway_group>
- <name>GWGR</name>
- <item>LAN_DHCP|1|address</item>
- <item>WAN_DHCP|1|address</item>
- <trigger>down</trigger>
- <descr></descr>
- </gateway_group>
<defaultgw4>WAN_DHCP</defaultgw4>
<defaultgw6>-</defaultgw6>
+ <gateway_item></gateway_item>
</gateways>
<dnsupdates>
<dnsupdate>
</pre></p> pfSense - Bug #8842 (Not a Bug): pfSense-pkg-aws-wizard-php72 sticks during installhttps://redmine.pfsense.org/issues/88422018-08-27T08:12:28ZConstantine Kormashev
<p>I tried to install pfSense-pkg-aws-wizard-php72 for 244 factory built on Wed May 30 14:47:02 EDT 2018 FreeBSD 11.2-BETA3 and install just stuck on <code>[10/109] Deinstalling php56-pear-Crypt_CHAP-1.5.0...</code> I waited for hour but it changed nothing.<br />Interesting I can see pkg in installed, but nothing in menu:<br /><pre>
pkg info | grep aws
aws-sdk-php72-3.61.8 PHP interface for Amazon Web Services (AWS)
pfSense-pkg-aws-wizard-php72-0.7_1 PfSense package AWS VPC VPN Connection Wizard
</pre><br />Log and crash are in attachment</p> pfSense - Bug #8728 (Resolved): Can not create VIP after deleting existed onehttps://redmine.pfsense.org/issues/87282018-08-01T05:01:02ZConstantine Kormashev
<p>I deleted VIP and tried to create new one on latest and got the error:</p>
<pre>
Warning: Illegal string offset 'vip' in /usr/local/www/firewall_virtual_ip_edit.php on line 39
Warning: Illegal string offset 'vip' in /usr/local/www/firewall_virtual_ip_edit.php on line 42
Fatal error: Uncaught Error: Cannot create references to/from string offsets in /usr/local/www/firewall_virtual_ip_edit.php:42
Stack trace: #0 {main} thrown in /usr/local/www/firewall_virtual_ip_edit.php on line 42
PHP ERROR: Type: 1, File: /usr/local/www/firewall_virtual_ip_edit.php,Line: 42,
Message: Uncaught Error: Cannot create references to/from string offsets in /usr/local/www/firewall_virtual_ip_edit.php:42 Stack trace: #0 {main} thrown
</pre> pfSense - Bug #8679 (Resolved): error in services_router_advertisements.php after clicking on Sav...https://redmine.pfsense.org/issues/86792018-07-23T04:53:09ZConstantine Kormashev
<p>The error occurs in services_router_advertisements.php after clicking on Save button<br /><pre>
Warning: Illegal string offset 'lan' in /usr/local/www/services_router_advertisements.php on line 209
Warning: Illegal string offset 'lan' in /usr/local/www/services_router_advertisements.php on line 212
Fatal error: Uncaught Error: Cannot use string offset as an array in /usr/local/www/services_router_advertisements.php:212
Stack trace: #0 {main} thrown in /usr/local/www/services_router_advertisements.php on line 212
PHP ERROR: Type: 1, File: /usr/local/www/services_router_advertisements.php,
Line: 212, Message: Uncaught Error: Cannot use string offset as an array in /usr/local/www/services_router_advertisements.php:212
Stack trace: #0 {main} thrown
</pre></p> pfSense - Bug #8630 (Resolved): Web-GUI PHP error in brige after removing all interfaces were in ...https://redmine.pfsense.org/issues/86302018-07-10T02:02:38ZConstantine Kormashev
<p>If device has several interfaces in bridge and all those interfaces are deleted, Web-GUI shows error in <a class="external" href="https://&lt;addr&gt;/interfaces_bridge.php">https://&lt;addr&gt;/interfaces_bridge.php</a><br /><pre>
Warning: Illegal string offset 'bridged' in /usr/local/www/interfaces_bridge.php on line 32 Warning:
Illegal string offset 'bridged' in /usr/local/www/interfaces_bridge.php on line 35
Fatal error: Uncaught Error: Cannot create references to/from string offsets in /usr/local/www/interfaces_bridge.php: 35
Stack trace: #0 {main} thrown in /usr/local/www/interfaces_bridge.php on line 35
PHP ERROR: Type: 1, File: /usr/local/www/interfaces_bridge.php, Line: 35, Message:
Uncaught Error: Cannot create references to/from string offsets in /usr/local/www/interfaces_bridge.php:35 Stack trace: #0 {main} thrown
</pre><br />Looks like this is reaction on empty <code><bridge></bridge></code> section of config. <br />Before deleting interfaces:<br /><pre>
<bridged>
<members>lan,opt1,opt2</members>
<descr><![CDATA[BRIDGE]]></descr>
<maxaddr></maxaddr>
<timeout></timeout>
<maxage></maxage>
<fwdelay></fwdelay>
<hellotime></hellotime>
<priority></priority>
<proto>rstp</proto>
<holdcnt></holdcnt>
<ip6linklocal></ip6linklocal>
<ifpriority></ifpriority>
<ifpathcost></ifpathcost>
<edge>lan,opt1,opt2</edge>
<bridgeif>bridge0</bridgeif>
</bridged>
</pre><br />After deleting interfaces:<br /><pre>
<bridges>
</bridges>
</pre><br />Config without bridges does not have this section at all. Maybe it would be better to delete bridge in case all interfaces composed bridge are not available.</p> pfSense - Bug #8567 (New): Using IPv6 VIP alias for services may affect CARP IPv6 VIP workhttps://redmine.pfsense.org/issues/85672018-06-12T13:26:37ZConstantine Kormashev
<p>During investigation of customer request found IPv6 VIP alias for services may affect CARP IPv6 VIP work. CARP IPv6 VIPs may stops their work until device reboot.<br />For some unknown reason CARP IPv6 VIP stops working even in L2 segments in case IPv6 alias which was bound with service. It produces error during ping <em>Can't assign requested address</em> E.g. some alias was IPsec interface. In that case the alias still works tunnel established and keep-alive work, traffic forwarded via tunnel, but CARP IPv6 VIPs stop their work. Just changing service address does not help, device needs reboot.<br />May be related <a class="external" href="https://redmine.pfsense.org/issues/8566">https://redmine.pfsense.org/issues/8566</a></p> pfSense - Bug #8566 (New): Wrong IPv6 source in NS request in case using of IPv6 aliashttps://redmine.pfsense.org/issues/85662018-06-12T13:26:08ZConstantine Kormashev
<p>During investigation of customer request found system uses wrong IPv6 sources for NS requests therefore they never be completed. For unknown reason system tries to send NS from other IPv6 address which is defined on the same interface. This address is bound with service that tries to establish connection, in this case this is IPsec.<br />Lab example:<br />1st device pf3 has primary IPv6 2003::10/64 and additional alias 2001::2/64<br />2nd device pf4 has primary IPv6 2002::11/64 and additional alias 2001::1/64</p>
<p>2001::0/64 serves for connection between devices. Each of them has a route via this network to primary IPv6 address of another. IPsec setup on these primary IPv6 addresses.</p>
<p>2003::10/64 and 2002::11/64 try to get MAC of 2001::1/64 and 2001::2/64 that are in another network:<br />21 10.557327 <strong>2003::10</strong> ff02::1:ff00:1 ICMPv6 86 Neighbor Solicitation for <strong>2001::1</strong> from 00:0c:29:8e:58:2e<br />22 10.618536 <strong>2002::11</strong> ff02::1:ff00:2 ICMPv6 86 Neighbor Solicitation for * 2001::2* from 00:0c:29:82:01:e2</p>
<p>Valid request from device with 2003::10/64 and 2001::2/64. I made one with ping6 -S 2001::2 2001::1<br />27 13.699943 <strong>2001::2</strong> ff02::1:ff00:1 ICMPv6 86 Neighbor Solicitation for <strong>2001::1</strong> from 00:0c:29:8e:58:2e<br />29 13.700148 2001::1 2001::2 ICMPv6 86 Neighbor Advertisement 2001::1 (rtr, sol, ovr) is at 00:00:5e:00:01:2c</p>
<p>After valid NS/NA 2003::10/64 can ping 2001::1/64<br />41 14.819118 2003::10 2001::1 ICMPv6 62 Echo (ping) request id=0x4b40, seq=9843, hop limit=64 (reply in 42)<br />42 14.819166 2001::1 2003::10 ICMPv6 62 Echo (ping) reply id=0x4b40, seq=9843, hop limit=64 (request in 41)</p>
<p>VM configs and pcaps are in attachment</p> pfSense Packages - Feature #7793 (Resolved): FRR pkg pfsense web interface checking for RID is se...https://redmine.pfsense.org/issues/77932017-08-22T01:46:46ZConstantine Kormashev
<p>There is not any checking for RID in OSPF6 section in web interface now, but one must be, because in case there is not IPv4 interface at all RID is not defined and OSPF6 does not start.</p> pfSense - Bug #7532 (Resolved): SG-1000 autonegotiation 10baseT speed and duplexhttps://redmine.pfsense.org/issues/75322017-05-09T01:29:47ZConstantine Kormashev
<p>During work on <a class="external" href="https://customercare.netgate.com/requests/show/index/id/19663">https://customercare.netgate.com/requests/show/index/id/19663</a> 10baseT speed and duplex issue was found.<br />SG-1000 can not correctly negotiate speed and duplex if on another side link is 10FD and can not correctly define own link condition if one is in 10FD. See examples below. If link is 100FD or auto there are not any issues.</p>
<p><strong>10FD</strong><br />FastEthernet0/16 is down, line protocol is down (notconnect) <br /> Hardware is Fast Ethernet, address is 0024.c4f0.5512 (bia 0024.c4f0.5512)<br /> MTU 1998 bytes, BW 10000 Kbit/sec, DLY 1000 usec, <br /> reliability 255/255, txload 1/255, rxload 1/255<br /> Encapsulation ARPA, loopback not set<br /> Keepalive set (10 sec)<br /><strong>Full-duplex, 10Mb/s, media type is 10/100BaseTX</strong><br /> input flow-control is off, output flow-control is unsupported <br /> ARP type: ARPA, ARP Timeout 04:00:00<br /> Last input 2w3d, output 00:06:26, output hang never<br /> Last clearing of "show interface" counters never<br /> Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0<br /> Queueing strategy: fifo<br /> Output queue: 0/40 (size/max)<br /> 5 minute input rate 0 bits/sec, 0 packets/sec<br /> 5 minute output rate 0 bits/sec, 0 packets/sec<br /> 1275 packets input, 99743 bytes, 0 no buffer<br /> Received 1274 broadcasts (1159 multicasts)<br /> 0 runts, 0 giants, 0 throttles<br /> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored<br /> 0 watchdog, 1159 multicast, 0 pause input<br /> 0 input packets with dribble condition detected<br /> 4700 packets output, 351100 bytes, 0 underruns<br /> 0 output errors, 0 collisions, 1 interface resets<br /> 0 unknown protocol drops<br /> 0 babbles, 0 late collision, 0 deferred<br /> 0 lost carrier, 0 no carrier, 0 pause output<br /> 0 output buffer failures, 0 output buffers swapped out</p>
<p><strong>10FD</strong><br />cpsw0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500<br /> options=8000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE><br /> ether 68:9e:19:8c:08:6e<br /> inet6 fe80::6a9e:19ff:fe8c:86e%cpsw0 prefixlen 64 scopeid 0x1 <br /> <strong>media: Ethernet 10baseT/UTP <full-duplex></strong><br /> <strong>status: no carrier</strong><br /> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL></p>
<p><strong>Auto</strong><br />FastEthernet0/16 is up, line protocol is up (connected) <br /> Hardware is Fast Ethernet, address is 0024.c4f0.5512 (bia 0024.c4f0.5512)<br /> MTU 1998 bytes, BW 10000 Kbit/sec, DLY 1000 usec, <br /> reliability 255/255, txload 1/255, rxload 1/255<br /> Encapsulation ARPA, loopback not set<br /> Keepalive set (10 sec)<br /> <strong>Half-duplex, 10Mb/s, media type is 10/100BaseTX</strong><br /> input flow-control is off, output flow-control is unsupported <br /> ARP type: ARPA, ARP Timeout 04:00:00<br /> Last input 2w3d, output 00:00:01, output hang never<br /> Last clearing of "show interface" counters never<br /> Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0<br /> Queueing strategy: fifo<br /> Output queue: 0/40 (size/max)<br /> 5 minute input rate 0 bits/sec, 0 packets/sec<br /> 5 minute output rate 0 bits/sec, 0 packets/sec<br /> 1275 packets input, 99743 bytes, 0 no buffer<br /> Received 1274 broadcasts (1159 multicasts)<br /> 0 runts, 0 giants, 0 throttles<br /> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored<br /> 0 watchdog, 1159 multicast, 0 pause input<br /> 0 input packets with dribble condition detected<br /> 4704 packets output, 351376 bytes, 0 underruns<br /> 0 output errors, 0 collisions, 1 interface resets<br /> 0 unknown protocol drops<br /> 0 babbles, 0 late collision, 0 deferred<br /> 0 lost carrier, 0 no carrier, 0 pause output</p>
<p><strong>10FD</strong><br />cpsw0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500<br /> options=8000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE><br /> ether 68:9e:19:8c:08:6e<br /> inet6 fe80::6a9e:19ff:fe8c:86e%cpsw0 prefixlen 64 scopeid 0x1 <br /> inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 <br /> <strong>media: Ethernet 10baseT/UTP <full-duplex></strong><br /> status: active<br /> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL></p>
<p><strong>10FD</strong><br />FastEthernet0/16 is up, line protocol is up (connected) <br /> Hardware is Fast Ethernet, address is 0024.c4f0.5512 (bia 0024.c4f0.5512)<br /> MTU 1998 bytes, BW 10000 Kbit/sec, DLY 1000 usec, <br /> reliability 255/255, txload 1/255, rxload 1/255<br /> Encapsulation ARPA, loopback not set<br /> Keepalive set (10 sec)<br /><strong>Full-duplex, 10Mb/s, media type is 10/100BaseTX</strong><br /> input flow-control is off, output flow-control is unsupported <br /> ARP type: ARPA, ARP Timeout 04:00:00<br /> Last input 2w3d, output 00:00:00, output hang never<br /> Last clearing of "show interface" counters never<br /> Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0<br /> Queueing strategy: fifo<br /> Output queue: 0/40 (size/max)<br /> 5 minute input rate 0 bits/sec, 0 packets/sec<br /> 5 minute output rate 0 bits/sec, 0 packets/sec<br /> 1428 packets input, 111343 bytes, 0 no buffer<br /> Received 1279 broadcasts (1159 multicasts)<br /> 0 runts, 0 giants, 0 throttles<br /> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored<br /> 0 watchdog, 1159 multicast, 0 pause input<br /> 0 input packets with dribble condition detected<br /> 5431 packets output, 425207 bytes, 0 underruns<br /> 0 output errors, 0 collisions, 2 interface resets<br /> 0 unknown protocol drops<br /> 0 babbles, 0 late collision, 0 deferred<br /> 0 lost carrier, 0 no carrier, 0 pause output<br /> 0 output buffer failures, 0 output buffers swapped out</p>
<p><strong>Auto</strong><br />cpsw0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500<br /> options=8000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE><br /> ether 68:9e:19:8c:08:6e<br /> inet6 fe80::6a9e:19ff:fe8c:86e%cpsw0 prefixlen 64 scopeid 0x1 <br /> inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 <br /> <strong>media: Ethernet autoselect (10baseT/UTP <half-duplex>)</strong><br /> status: active<br /> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL></p> pfSense - Bug #7235 (New): 4860 has not got significant IPsec performance rising with enabled HW ...https://redmine.pfsense.org/issues/72352017-02-08T01:47:07ZConstantine Kormashev
<p>During IPsec performance tests on 4860 I did not observe significant IPsec performance increasing if HW acceleration is enabled.<br />Average rising are: <br /><em>10% for AES128CBC<br />7% for AES128GCM</em><br />In comparison with 2440, 2440 gives:<br /><em>56% for AES128CBC<br />54% for AES128GCM</em><br /><strong>4860 tests:</strong><br /><em>128 GCM 34000pps</em><br /><pre>
kldstat
Id Refs Address Size Name
1 3 0xffffffff80200000 225edc0 kernel
2 1 0xffffffff82611000 3646 ichwd.ko
last pid: 62291; load averages: 4.48, 3.20, 1.62 up 0+00:10:24 06:51:23
55 processes: 2 running, 52 sleeping, 1 waiting
CPU 0: 19.3% user, 0.0% nice, 33.1% system, 27.6% interrupt, 20.1% idle
CPU 1: 0.0% user, 0.0% nice, 0.0% system, 99.2% interrupt, 0.8% idle
CPU 2: 17.3% user, 0.0% nice, 52.0% system, 0.0% interrupt, 30.7% idle
CPU 3: 16.1% user, 0.0% nice, 53.1% system, 0.0% interrupt, 30.7% idle
Mem: 55M Active, 40M Inact, 183M Wired, 38M Buf, 7613M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
12 root 45 -72 - 0K 720K WAIT 3 6:24 130.13% intr
77387 root 17 20 0 249M 14632K uwait 2 6:54 106.30% charon
11 root 4 155 ki31 0K 64K RUN 3 20:54 82.03% idle
18291 root 2 20 0 30144K 17988K usem 3 4:44 80.76% ntpd
0 root 32 -8 - 0K 512K - 0 1:30 2.59% kernel
</pre><br /><em>128 GCM 36500pps</em><br /><pre>
kldstat
Id Refs Address Size Name
1 6 0xffffffff80200000 225edc0 kernel
2 1 0xffffffff82611000 7577 aesni.ko
3 1 0xffffffff82619000 3646 ichwd.ko
last pid: 98195; load averages: 4.41, 3.26, 1.77 up 0+00:09:07 07:06:31
55 processes: 4 running, 51 sleeping
CPU 0: 12.2% user, 0.0% nice, 32.2% system, 33.7% interrupt, 22.0% idle
CPU 1: 19.6% user, 0.0% nice, 55.7% system, 0.0% interrupt, 24.7% idle
CPU 2: 17.3% user, 0.0% nice, 57.3% system, 0.0% interrupt, 25.5% idle
CPU 3: 0.0% user, 0.0% nice, 100% system, 0.0% interrupt, 0.0% idle
Mem: 52M Active, 37M Inact, 183M Wired, 30M Buf, 7619M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
25406 root 17 92 0 249M 14692K CPU1 1 8:44 106.54% charon
0 root 32 -8 - 0K 512K - 0 0:47 100.00% kernel
16732 root 2 20 0 30144K 17988K kqread 2 6:21 80.57% ntpd
11 root 4 155 ki31 0K 64K RUN 3 9:51 77.98% idle
12 root 45 -72 - 0K 720K RUN 3 9:17 28.37% intr
</pre></p>
<p><em>128 CBC 34000pps</em><br /><pre>
kldstat
Id Refs Address Size Name
1 3 0xffffffff80200000 225edc0 kernel
2 1 0xffffffff82611000 3646 ichwd.ko
last pid: 66419; load averages: 4.54, 2.28, 1.03 up 0+00:08:24 07:23:31
55 processes: 3 running, 51 sleeping, 1 waiting
CPU 0: 18.0% user, 0.0% nice, 33.7% system, 27.1% interrupt, 21.2% idle
CPU 1: 0.8% user, 0.0% nice, 0.0% system, 98.8% interrupt, 0.4% idle
CPU 2: 20.8% user, 0.0% nice, 51.0% system, 0.0% interrupt, 28.2% idle
CPU 3: 20.4% user, 0.0% nice, 43.5% system, 18.0% interrupt, 18.0% idle
Mem: 52M Active, 38M Inact, 182M Wired, 26M Buf, 7621M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
25895 root 17 92 0 249M 14296K CPU0 0 3:56 101.76% charon
12 root 45 -72 - 0K 720K WAIT 3 1:27 92.04% intr
11 root 4 155 ki31 0K 64K RUN 3 21:23 78.86% idle
18871 root 2 20 0 30144K 17988K usem 1 2:42 75.49% ntpd
0 root 32 -8 - 0K 512K - 0 3:07 39.26% kernel
</pre></p>
<p><em>128 CBC 36500pps</em><br /><pre>
kldstat
Id Refs Address Size Name
1 6 0xffffffff80200000 225edc0 kernel
2 1 0xffffffff82611000 7577 aesni.ko
3 1 0xffffffff82619000 3646 ichwd.ko
last pid: 97408; load averages: 5.05, 3.99, 2.54 up 0+00:14:56 07:12:20
55 processes: 3 running, 51 sleeping, 1 waiting
CPU 0: 14.9% user, 0.0% nice, 26.7% system, 36.1% interrupt, 22.4% idle
CPU 1: 18.4% user, 0.0% nice, 53.3% system, 0.0% interrupt, 28.2% idle
CPU 2: 14.9% user, 0.0% nice, 59.2% system, 0.0% interrupt, 25.9% idle
CPU 3: 0.0% user, 0.0% nice, 100% system, 0.0% interrupt, 0.0% idle
Mem: 53M Active, 38M Inact, 184M Wired, 36M Buf, 7616M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
25406 root 17 92 0 249M 14908K CPU1 1 14:30 103.47% charon
0 root 32 -8 - 0K 512K - 0 4:21 100.00% kernel
16732 root 2 20 0 30144K 17988K usem 1 10:30 85.35% ntpd
11 root 4 155 ki31 0K 64K RUN 3 16:21 79.59% idle
12 root 45 -72 - 0K 720K WAIT 3 12:38 27.78% intr
</pre></p>
<pre>
uname -a
FreeBSD pfSense.localdomain 10.3-RELEASE-p9 FreeBSD 10.3-RELEASE-p9 #1 5fc1b19(RELENG_2_3_2): Tue Sep 27 12:25:49 CDT 2016 root@factory23-amd64-builder:/builder/factory-232/tmp/obj/builder/factory-232/tmp/FreeBSD-src/sys/pfSense amd64
</pre> pfSense - Bug #7166 (Resolved): During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault...https://redmine.pfsense.org/issues/71662017-01-27T06:54:18ZConstantine Kormashev
<p>During bandwidth test 4860 on today 2.4 got `Fatal trap 12: page fault while in kernel mode`<br />FreeBSD pfSense.localdomain 11.0-RELEASE-p6 FreeBSD 11.0-RELEASE-p6 <a class="issue tracker-1 status-6 priority-4 priority-default closed" title="Bug: PfSense 1.2.2 only halt (Rejected)" href="https://redmine.pfsense.org/issues/85">#85</a> 8370c2ed409(RELENG_2_4): Thu Jan 26 14:39:07 CST 2017 <a class="email" href="mailto:root@buildbot2.netgate.com">root@buildbot2.netgate.com</a>:/builder/ce/tmp/obj/builder/ce/tmp/FreeBSD-src/sys/pfSense amd64<br />Trace in attachment<br />There are not any settings besides IP on LAN/WAN, 1-2 rules on both interfaces and a couple routes<br />Perhaps same as <a class="external" href="https://redmine.pfsense.org/issues/6257">https://redmine.pfsense.org/issues/6257</a></p>