pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-02-26T09:35:21ZpfSense bugtracker
Redmine pfSense - Bug #15291 (New): Error on Traffic Shaper 0% Bandwidthhttps://redmine.pfsense.org/issues/152912024-02-26T09:35:21ZPavan K
<p>Link to post on pfSense Forum: <br /><a class="external" href="https://forum.netgate.com/topic/186137/error-on-traffic-shaper-0-bandwidth?_=1708915183963">https://forum.netgate.com/topic/186137/error-on-traffic-shaper-0-bandwidth?_=1708915183963</a></p>
<p>Backstory:<br />recently we migrated from pfSense 2.4.x to 2.7.2 which was a direct update. Everything worked fine etc the traffic shaping feature.</p>
<p>Following is the error:<br />There were error(s) loading the rules: pfctl: the sum of the child<br />bandwidth (1200000000) higher than parent "root_igc4" (1000000000) -<br />The line in question reads [0]: @ 2024-01-31 16:45:05</p>
<p>Following is our configuration:<br />Name → FAIRQ_7<br />Priority→ 7<br />Scheduler Option → Random Early detection in and out<br />Bandwidth → None</p>
<p>Add new Queue(Default)<br />Enable<br />Name → qFAIRQ_2(Default)<br />Priority→ 2<br />Scheduler Option → Default<br />Bandwidth → None</p>
<p>Add new Queue(ACK)<br />Enable<br />Name → qACK_6<br />Priority→ 6<br />Scheduler Option → Random Early detection in and out<br />Bandwidth → None</p>
<p>According to the configuration the Bandwidth on Queue(ACK) should be 0% which was migrated off from 2.4.x but on 2.7.2 it's not letting us save 0% bandwidth for some reason.</p>
<p>And due to this new rules which are created are not taking effect it's only after we disable and enable the Traffic Shaper completely the rule is effective.</p> pfSense - Bug #15178 (New): ACB (autoconfig backup) restore always returns could not decrypt desp...https://redmine.pfsense.org/issues/151782024-01-20T22:34:33ZJordan G
<p>ACB restore, using the proper password will permit viewing the encrypted and decrypted configuration, but either using the install this revision button on the xml view page or the action button on the restore tab always returns the error below, which cannot be accurate since the decrypted configuration can be viewed, subsequently copied and then used in a working configuration. It would seem copying the information into a new file and restoring or directly pasting it into the running configuration would be the only way to actually restore from an ACB backup entry.</p>
<p><img src="https://redmine.pfsense.org/attachments/download/5863/clipboard-202401201632-ifito.png" alt="" /></p> pfSense Plus - Bug #14778 (Incomplete): /usr/local/www/csrf/csrf-magic.php on line 161 PH...https://redmine.pfsense.org/issues/147782023-09-13T16:04:10ZAndrew Rojek
<p>Got this error message when trying to view a small list of CIDR addresses in Firewall->Aliases.<br />It was followed by a white blank screen and I had to reload the console page to reveal the error message below...</p>
<p>Crash report begins. Anonymous machine information:</p>
<p>arm64<br />14.0-CURRENT<br />FreeBSD 14.0-CURRENT #1 plus-RELENG_23_05_1-n256108-459fc493a87: Wed Jun 28 04:25:15 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/obj/aarch64/0P4W6joa/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/source</p>
<p>Crash report details:</p>
<p>PHP Errors:<br />[13-Sep-2023 10:08:16 Europe/London] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 161<br />[13-Sep-2023 10:08:53 Europe/London] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 161</p>
<p>No FreeBSD crash data found.</p>
<p>Thank you.</p> pfSense - Bug #14473 (Confirmed): Automatic gateway not updating after default deleted https://redmine.pfsense.org/issues/144732023-06-14T01:46:38ZMatthew Foran
<p>Copied from forum post: <a class="external" href="https://forum.netgate.com/topic/177395/automatic-gateway-not-updating-after-default-deleted">https://forum.netgate.com/topic/177395/automatic-gateway-not-updating-after-default-deleted</a></p>
<p>At System/Routing/Gateways in the web UI, I created a new gateway and set it to be the default gateway. It was not working (my fault, not pfsense issue) so I deleted it and returned the "Default gateway IPv4" field to the "Automatic" setting. After hours of frustration I realized this "Automatic" setting had not switched back to the original gateway (received via DHCP). The original gateway was online according to the Status/Gateways page, but was not the default and thus no default route was defined. Manually resetting the default ipv4 gateway solved the problem.</p>
<p>I am on pfSense 2.6.0-RELEASE. I do have ipv6 enabled so there are two gateways on Status/Gateways, one for ipv4 and one for v6 (there should be a default gateway for each).</p>
<p>I found this somewhat similar issue (<a class="external" href="https://redmine.pfsense.org/issues/11570">https://redmine.pfsense.org/issues/11570</a>), but mine seems to be more related to config saving/parsing. While attempting to replicate the issue with the ipv6 gateway I found that even worse, I could not change the default gateway back manually. All my configuration is done in the web UI but I will show how the config file gets messed up:</p>
<p>Default configuration:<br /><pre><code class="xml syntaxhl"><span class="nt"><gateways></span>
<span class="nt"><defaultgw4></span>WANGW<span class="nt"></defaultgw4></span>
<span class="nt"><defaultgw6></span>WANGWv6<span class="nt"></defaultgw6></span>
<span class="nt"></gateways></span>
</code></pre></p>
<p>Added a new default ipv6 gateway "test6" and disabled the original:<br /><pre><code class="xml syntaxhl">
<span class="nt"><gateways></span>
<span class="nt"><defaultgw4></defaultgw4></span>
<span class="nt"><defaultgw6></defaultgw6></span>
<span class="nt"><gateway_item></span>
<span class="nt"><interface></span>wan<span class="nt"></interface></span>
<span class="nt"><gateway></span>dynamic<span class="nt"></gateway></span>
<span class="nt"><name></span>WAN_DHCP6<span class="nt"></name></span>
<span class="nt"><weight></span>1<span class="nt"></weight></span>
<span class="nt"><ipprotocol></span>inet6<span class="nt"></ipprotocol></span>
<span class="nt"><descr></span><span class="cp"><![CDATA[Interface WAN_DHCP6Gateway]]></span><span class="nt"></descr></span>
<span class="nt"><disabled></disabled></span>
<span class="nt"></gateway_item></span>
<span class="nt"><gateway_item></span>
<span class="nt"><interface></span>wan<span class="nt"></interface></span>
<span class="nt"><gateway></span>**garbage ipv6**<span class="nt"></gateway></span>
<span class="nt"><name></span>test6<span class="nt"></name></span>
<span class="nt"><weight></span>1<span class="nt"></weight></span>
<span class="nt"><ipprotocol></span>inet6<span class="nt"></ipprotocol></span>
<span class="nt"><descr></descr></span>
<span class="nt"></gateway_item></span>
<span class="nt"></gateways></span>
</code></pre></p>
<p>Removed the new gateway and manually restored the default gateway:<br /><pre><code class="xml syntaxhl">
<span class="nt"><gateways></span>
<span class="nt"><defaultgw4></defaultgw4></span>
<span class="nt"><defaultgw6></defaultgw6></span>
<span class="nt"><gateway_item></span>
<span class="nt"><interface></span>wan<span class="nt"></interface></span>
<span class="nt"><gateway></span>dynamic<span class="nt"></gateway></span>
<span class="nt"><name></span>WAN_DHCP6<span class="nt"></name></span>
<span class="nt"><weight></span>1<span class="nt"></weight></span>
<span class="nt"><ipprotocol></span>inet6<span class="nt"></ipprotocol></span>
<span class="nt"><descr></span><span class="cp"><![CDATA[Interface WAN_DHCP6 Gateway]]></span><span class="nt"></descr></span>
<span class="nt"></gateway_item></span>
<span class="nt"></gateways></span>
</code></pre></p>
<p>But now the web UI does not show wan_dhcp6 as a default gateway!</p>
<p>The gateway itself works as it should, but whatever determines the default gateway is not choosing the only one remaining after "test6" was deleted.</p> pfSense - Bug #12796 (Confirmed): 2.5.2 -> 2.6.0 upgrade segfaults if certain packages are instal...https://redmine.pfsense.org/issues/127962022-02-14T10:50:07ZM Felden
<p>If a 2.5.2 install has zabbix-agent52 installed and tries to upgrade to 2.6.0 from console or GUI it will segfault.</p>
<p>Expected behavior: zabbix-agent52 doesn't seem to exist in 2.6.0 repo. Upgrader should recognize this and upgrade zabbix-agent52 to zabbix-agent54.</p>
<p>Actual behavior: Segfault</p>
<p>Ref: <a class="external" href="https://forum.netgate.com/topic/169845/segmentation-fault-when-attempting-to-upgrade-2-5-2-2-6-0">https://forum.netgate.com/topic/169845/segmentation-fault-when-attempting-to-upgrade-2-5-2-2-6-0</a></p> pfSense - Bug #12552 (New): "Pull DNS" option within OpenVPN client does not cause pfSense to use...https://redmine.pfsense.org/issues/125522021-12-01T11:19:15ZJohn Williams
<p>I have an OpenVPN client setup to connect to ExpressVPN. ExpressVPN does not provide static DNS servers for use with their VPN traffic; DNS servers are assigned dynamically. If the "Pull DNS" checkbox is checked within the OpenVPN client settings, I'd expect my DNS Resolver to use the Express VPN assigned DNS servers</p>
<p>Instead, the DNS Resolver still uses the DNS servers that are configured via System -> General Setup. I have my DNS Resolver in forwarding mode ("Enable Forwarding Mode" is checked). If I put the DNS Resolver in resolver mode, then DNS queries are forwarded to my ISP (Comcast).</p> pfSense - Bug #10712 (New): "default allow LAN IPv6 to any" rule does not work right after boot w...https://redmine.pfsense.org/issues/107122020-06-29T04:54:35ZViktor Gurov
<p><a class="external" href="https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense">https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense</a>:<br />Quite simply, you boot, you get an IPv6 PD and give it out through SLAAC on your LAN interface, machines get an IP but aren't able to connect to the internet over IPv6. If you check the firewall logs, you'll see the traffic gets dropped due to the default drop all rule.</p>
<p>Workaround : disable and enable any firewall rule to force a reload of the rules. After that, connectivity works.</p>
<p>My assumption for the root cause: the "LAN net" source does not get updated correctly when the PD gets assigned, since it does take a while to get the PD and assign it to all the needed interfaced. Because of this, the traffic from the PDd IPs is not recognised and dropped. Reloading the rules forced a reload of the "LAN net" source and thus makes it work.</p> pfSense - Bug #9585 (New): 6RD: Unable to reach hosts on within same 6rd-domainhttps://redmine.pfsense.org/issues/95852019-06-14T04:11:43ZKewin Christensen
<p>There seem to be a bug in the implementation of 6RD on pfSense as it is unable to pass traffic to hosts within the same 6RD domain.</p>
<p>It appears to convert the receiving IPv4 address to something completely bogus.</p>
<p>The 6RD RFC5969 standard reads:</p>
<p><code>A 6rd domain consists of 6rd Customer Edge (CE) routers and one or<br /> more 6rd Border Relays (BRs). IPv6 packets encapsulated by 6rd<br /> follow the IPv4 routing topology within the SP network among CEs and<br /> BRs. 6rd BRs are traversed only for IPv6 packets that are destined to<br /> or are arriving from outside the SP's 6rd domain. As 6rd is<br /> stateless, BRs may be reached using anycast for failover and<br /> resiliency (in a similar fashion to [RFC3068]).</code></p>
<p>Please see attached network topology: <img src="attached_image" alt="" /></p>
<p>So, Host A, B and C must be able to pass traffic to eachother without ever touching the 6RD Border Relay router.</p>
<p>pfSense expects that all traffic originates from the 6RD Border Relay, as per the predefined firewall rules:</p>
From rules.debug:
<ol>
<li>allow our proto 41 traffic from the 6RD border relay in<br />pass in on $WAN proto 41 from 158.248.255.254 to any tracker 1000001601 label "Allow 6in4 traffic in for 6rd on WAN" <br />pass out on $WAN proto 41 from any to 158.248.255.254 tracker 1000001602 label "Allow 6in4 traffic out for 6rd on WAN"</li>
</ol>
<p>This can be easily fixed by adding a simple firewall rule allowing all IPv6 traffic from within the same 6rd domain:<br />pass in log quick on $WAN reply-to ( igb1.102 158.248.160.1 ) inet proto ipv6 from 158.248.128.0/17 to 158.248.168.137 tracker 1560433953 keep state label "USER_RULE"</p>
<p>However, when pfSense replies to traffic from other hosts, it converts the receiving IPv4 address to something that frankly makes no sence :)</p>
<p>This is a ping from pfSense to <a class="external" href="http://www.google.com">www.google.com</a> that is working as designed. Traffic forwarded to my 6RD-BR:<br /><code>09:00:53.860138 IP 158.248.168.137 > 158.248.255.254: IP6 2a00:fd00:fff4:a224:: > 2a00:1450:4001:825::2004: ICMP6, echo request, seq 1, length 16<br />09:00:53.892530 IP 158.248.255.254 > 158.248.168.137: IP6 2a00:1450:4001:825::2004 > 2a00:fd00:fff4:a224::: ICMP6, echo reply, seq 1, length 16</code></p>
<p>This is a ping from Host B to host C (pfSense) within the same 6rd domain. IPv4 address header in receiving packet shows the correct IPv4 source IP:<br /><code>16:08:27.876648 IP 158.248.170.165 > 158.248.168.137: IP6 2a00:fd00:fff4:aa94:4e5e:cff:fe0e:4fa7 > 2a00:fd00:fff4:a224::: ICMP6, echo request, seq 24534, length 16<br />16:08:27.876774 IP 158.248.168.137 > 158.248.0.156: IP6 2a00:fd00:fff4:a224:: > 2a00:fd00:fff4:aa94:4e5e:cff:fe0e:4fa7: ICMP6, echo reply, seq 24534, length 16</code></p>
<p>But notice when pfSense replies to the packet, the destination IPv4 IP is different?!</p>
<p>It is the same when pinging from host C (pfSense) towards Host A and C:</p>
<p>@Ping from pfSense towards 2a00:fd00:fff5:ab5c::1<br />10:21:25.088407 IP 158.248.168.137 > 158.248.0.0: IP6 2a00:fd00:fff4:a224:: > 2a00:fd00:fff5:ab5c::1: ICMP6, echo request, seq 138, length 16</p>
<p>Ping from pfSense towards 2a00:fd00:fff4:aa94:4e5e:cff:fe0e:4fa7<br />10:22:48.594700 IP 158.248.168.137 > 158.248.0.156: IP6 2a00:fd00:fff4:a224:: > 2a00:fd00:fff4:aa94:4e5e:cff:fe0e:4fa7: ICMP6, echo request, seq 3, length 16@</p>
<p>I can't figure out how pfSense calculates destination addresses 158.248.0.0 / 158.248.0.156. They're not even within the 158.248.128.0/17 scope my ISP has. :)</p> pfSense - Bug #8963 (New): 2.4.4 Limiters don't work after CARP fail-overhttps://redmine.pfsense.org/issues/89632018-09-27T01:12:17ZJames Cornett
<p>Limiters are not applied when using HA, states are being synced with pfsync, and a CARP fail over occurs.</p>
<p>When Firewall A has a limiter applied (like on a WAN interface) and a CARP fail-over event occurs, bandwidth becomes unrestricted for existing download sessions on Firewall B until either CARP fails back to Firewall A or the NAT session state expires on Firewall B.</p>
To replicate:<br />Setup pfSense:
<ul>
<li>Enable HA (pfsync)</li>
<li>Enable CARP and setup as default gateway for a LAN interface</li>
<li>Update NAT rules for HA and CARP (Manual NAT and modify gateway)</li>
<li>Create WAN_IN and WAN_OUT Limiters with defaults and a small bandwidth limit</li>
<li>Create a Floating Rules for In and Out and assign Limiters<br />Test Scenario:</li>
<li>Start a large download. </li>
<li>Note download speed and observe traffic chart on primary firewall. Download follows expected limiter behavior.</li>
<li>Goto Status, "CARP (failover)", and click "Enter Persistent CARP Maintenance Mode" </li>
<li>Download speed becomes unlimited and immediately increases speed. Observe traffic chart on failover firewall.</li>
<li>Simultaneously, without stopping first download, start another download from a different server. Note the download speed follows expected limiter behavior.</li>
<li>Goto Status, "CARP (failover)" on Primary firewall and click "Leave Persistent CARP Maintenance Mode" </li>
<li>The original download will throttle back down to the expected speed, whereas the second download will become unlimited.</li>
</ul> pfSense - Bug #8207 (New): 2.4 cannot boot as a Xen VM with more than 7 NICshttps://redmine.pfsense.org/issues/82072017-12-13T10:47:48ZMichael Reardon
<p>2.4 does not seem to be able to boot when running as a VM under Xen when the guest is assigned more than 7 NICs. Boot log attached. Selecting Safe Mode from the boot options does not resolve it and the system still hangs.</p>
<p>I've installed 2.3(.5) to it without any issue, but I would like to eventually move it along to 2.4 with the rest of our firewalls. I've attached the boot log, with the interesting lines from it being:</p>
<blockquote>
<p><em>xn7: failed to allocate tx grant refs<br />...<br />run_interrupt_driven_hooks: still waiting after 60 seconds for xenbusb_nop_confighook_cb<br />run_interrupt_driven_hooks: still waiting after 120 seconds for xenbusb_nop_confighook_cb<br />...</em></p>
</blockquote> pfSense - Bug #8177 (New): "../xsl/package.xsl" is referenced in package XML files but not on the...https://redmine.pfsense.org/issues/81772017-12-09T18:58:49ZHarry Coinhcoin@quietfountain.compfSense - Bug #8176 (New): ../schema/packages.dtd -- referenced in *xml, but missing?https://redmine.pfsense.org/issues/81762017-12-09T18:52:43ZHarry Coinhcoin@quietfountain.com
<p>Nearly every xml file in the packages collection includes<br /><!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"></p>
<p>However, I can not find that file on an installed system, even one that includes one of those packages, e.g. routed.</p> pfSense - Bug #7730 (New): 2.3.4_1 greX: loop detected when hit save on filter rules or interfaceshttps://redmine.pfsense.org/issues/77302017-07-27T07:16:59ZRichie M
<p>upgraded from 2.2.6<br />anytime we hit save in the GUI for interface or filter rules, even if no change was made, we start getting Jul 25 14:50:02 <histname> kernel: greX: loop detected spam in dmesg/system.log. Our GRE tunnel goes down.</p>
<p>Any cluster sync activity from the Primary to Secondary also causes this issue.</p>
<p>We have to do a save on the GRE interface in the web GUI (this downs/ups the interface) and the tunnel starts working again.</p>
<p><code><br />Jul 25 14:50:01 hostname kernel: gre0: loop detected<br />Jul 25 14:50:02 hostname kernel: gre1: loop detected<br />Jul 25 14:50:02 hostname kernel: gre0: loop detected<br />Jul 25 14:50:02 hostname kernel: gre1: loop detected<br />Jul 25 14:50:02 hostname kernel: gre0: loop detected<br />Jul 25 14:50:03 hostname kernel: gre1: loop detected<br />Jul 25 14:50:03 hostname kernel: gre0: loop detected<br />Jul 25 14:50:03 hostname kernel: gre1: loop detected<br /></code></p>
<p>Original Forum Thread: <a class="external" href="https://forum.pfsense.org/index.php?topic=134258.0">https://forum.pfsense.org/index.php?topic=134258.0</a></p> pfSense - Bug #7235 (New): 4860 has not got significant IPsec performance rising with enabled HW ...https://redmine.pfsense.org/issues/72352017-02-08T01:47:07ZConstantine Kormashev
<p>During IPsec performance tests on 4860 I did not observe significant IPsec performance increasing if HW acceleration is enabled.<br />Average rising are: <br /><em>10% for AES128CBC<br />7% for AES128GCM</em><br />In comparison with 2440, 2440 gives:<br /><em>56% for AES128CBC<br />54% for AES128GCM</em><br /><strong>4860 tests:</strong><br /><em>128 GCM 34000pps</em><br /><pre>
kldstat
Id Refs Address Size Name
1 3 0xffffffff80200000 225edc0 kernel
2 1 0xffffffff82611000 3646 ichwd.ko
last pid: 62291; load averages: 4.48, 3.20, 1.62 up 0+00:10:24 06:51:23
55 processes: 2 running, 52 sleeping, 1 waiting
CPU 0: 19.3% user, 0.0% nice, 33.1% system, 27.6% interrupt, 20.1% idle
CPU 1: 0.0% user, 0.0% nice, 0.0% system, 99.2% interrupt, 0.8% idle
CPU 2: 17.3% user, 0.0% nice, 52.0% system, 0.0% interrupt, 30.7% idle
CPU 3: 16.1% user, 0.0% nice, 53.1% system, 0.0% interrupt, 30.7% idle
Mem: 55M Active, 40M Inact, 183M Wired, 38M Buf, 7613M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
12 root 45 -72 - 0K 720K WAIT 3 6:24 130.13% intr
77387 root 17 20 0 249M 14632K uwait 2 6:54 106.30% charon
11 root 4 155 ki31 0K 64K RUN 3 20:54 82.03% idle
18291 root 2 20 0 30144K 17988K usem 3 4:44 80.76% ntpd
0 root 32 -8 - 0K 512K - 0 1:30 2.59% kernel
</pre><br /><em>128 GCM 36500pps</em><br /><pre>
kldstat
Id Refs Address Size Name
1 6 0xffffffff80200000 225edc0 kernel
2 1 0xffffffff82611000 7577 aesni.ko
3 1 0xffffffff82619000 3646 ichwd.ko
last pid: 98195; load averages: 4.41, 3.26, 1.77 up 0+00:09:07 07:06:31
55 processes: 4 running, 51 sleeping
CPU 0: 12.2% user, 0.0% nice, 32.2% system, 33.7% interrupt, 22.0% idle
CPU 1: 19.6% user, 0.0% nice, 55.7% system, 0.0% interrupt, 24.7% idle
CPU 2: 17.3% user, 0.0% nice, 57.3% system, 0.0% interrupt, 25.5% idle
CPU 3: 0.0% user, 0.0% nice, 100% system, 0.0% interrupt, 0.0% idle
Mem: 52M Active, 37M Inact, 183M Wired, 30M Buf, 7619M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
25406 root 17 92 0 249M 14692K CPU1 1 8:44 106.54% charon
0 root 32 -8 - 0K 512K - 0 0:47 100.00% kernel
16732 root 2 20 0 30144K 17988K kqread 2 6:21 80.57% ntpd
11 root 4 155 ki31 0K 64K RUN 3 9:51 77.98% idle
12 root 45 -72 - 0K 720K RUN 3 9:17 28.37% intr
</pre></p>
<p><em>128 CBC 34000pps</em><br /><pre>
kldstat
Id Refs Address Size Name
1 3 0xffffffff80200000 225edc0 kernel
2 1 0xffffffff82611000 3646 ichwd.ko
last pid: 66419; load averages: 4.54, 2.28, 1.03 up 0+00:08:24 07:23:31
55 processes: 3 running, 51 sleeping, 1 waiting
CPU 0: 18.0% user, 0.0% nice, 33.7% system, 27.1% interrupt, 21.2% idle
CPU 1: 0.8% user, 0.0% nice, 0.0% system, 98.8% interrupt, 0.4% idle
CPU 2: 20.8% user, 0.0% nice, 51.0% system, 0.0% interrupt, 28.2% idle
CPU 3: 20.4% user, 0.0% nice, 43.5% system, 18.0% interrupt, 18.0% idle
Mem: 52M Active, 38M Inact, 182M Wired, 26M Buf, 7621M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
25895 root 17 92 0 249M 14296K CPU0 0 3:56 101.76% charon
12 root 45 -72 - 0K 720K WAIT 3 1:27 92.04% intr
11 root 4 155 ki31 0K 64K RUN 3 21:23 78.86% idle
18871 root 2 20 0 30144K 17988K usem 1 2:42 75.49% ntpd
0 root 32 -8 - 0K 512K - 0 3:07 39.26% kernel
</pre></p>
<p><em>128 CBC 36500pps</em><br /><pre>
kldstat
Id Refs Address Size Name
1 6 0xffffffff80200000 225edc0 kernel
2 1 0xffffffff82611000 7577 aesni.ko
3 1 0xffffffff82619000 3646 ichwd.ko
last pid: 97408; load averages: 5.05, 3.99, 2.54 up 0+00:14:56 07:12:20
55 processes: 3 running, 51 sleeping, 1 waiting
CPU 0: 14.9% user, 0.0% nice, 26.7% system, 36.1% interrupt, 22.4% idle
CPU 1: 18.4% user, 0.0% nice, 53.3% system, 0.0% interrupt, 28.2% idle
CPU 2: 14.9% user, 0.0% nice, 59.2% system, 0.0% interrupt, 25.9% idle
CPU 3: 0.0% user, 0.0% nice, 100% system, 0.0% interrupt, 0.0% idle
Mem: 53M Active, 38M Inact, 184M Wired, 36M Buf, 7616M Free
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME CPU COMMAND
25406 root 17 92 0 249M 14908K CPU1 1 14:30 103.47% charon
0 root 32 -8 - 0K 512K - 0 4:21 100.00% kernel
16732 root 2 20 0 30144K 17988K usem 1 10:30 85.35% ntpd
11 root 4 155 ki31 0K 64K RUN 3 16:21 79.59% idle
12 root 45 -72 - 0K 720K WAIT 3 12:38 27.78% intr
</pre></p>
<pre>
uname -a
FreeBSD pfSense.localdomain 10.3-RELEASE-p9 FreeBSD 10.3-RELEASE-p9 #1 5fc1b19(RELENG_2_3_2): Tue Sep 27 12:25:49 CDT 2016 root@factory23-amd64-builder:/builder/factory-232/tmp/obj/builder/factory-232/tmp/FreeBSD-src/sys/pfSense amd64
</pre> pfSense - Bug #5253 (New): 3gstats.php 100% CPUhttps://redmine.pfsense.org/issues/52532015-10-04T07:40:01ZPhilipp Schmidcom@schmidp.com
<p>I have a 3G modem connected the USB port of my pfsense SG-2220 appliance.</p>
<p>For whatever reason, the 3G connection is not very stable and often times does not get reestablished, but this issue is actually about the script 3gstats.php using 100% CPU time and not my 3G problems.</p>
<p>The 3G connection on my pfsense box is currently offline and 3gstats.php uses 100% CPU time:</p>
<p>root 18315 98.7 1.1 228224 22412 u1- R 20Sep15 1164:20.63 /usr/local/bin/php -f /usr/local/bin/3gstats.php cuaU0.3 opt3</p>
<p>I guess CPU goes down when the 3G connection does work, but I cannot confirm that now.</p>
<p>Looking at the script, the main things happen in a while(true) loop, which does not have any kind of throttling or error handling built in.<br />I'm not familiar with PHP, but shouldn't there be some error handling when fgets cannot read from the device, or at least throttle the while loop to read only every X milliseconds?</p>