Project

General

Profile

Actions

Bug #12829

open

Dummynet kernel module fails to load after upgrade.

Added by Lewis Smith 4 months ago. Updated 3 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
Traffic Shaper (Limiters)
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

pfSense 2.6.0 - Fresh upgrade.

When creating a limiter and assigning it in a floating rule, all traffic stops from LAN -> WAN stops. I cannot ping an IP address via the firewall its self, either.

The exact same configuration worked correctly in 2.5.2.

pfSense is on bare metal.

Exactly the same symptoms as the 2.5.0 bug here: https://redmine.pfsense.org/issues/9643


Files

clipboard-202202221943-wv69x.png (11.8 KB) clipboard-202202221943-wv69x.png Evgeny Korostelev, 02/22/2022 08:42 AM
dmesg.boot (9.21 KB) dmesg.boot Evgeny Korostelev, 02/22/2022 10:08 AM
clipboard-202202222110-l8ovf.png (6.79 KB) clipboard-202202222110-l8ovf.png Evgeny Korostelev, 02/22/2022 10:10 AM
Actions #1

Updated by Lewis Smith 4 months ago

I get the following errors in the System Logs:

Feb 19 01:58:37 php 420 rc.bootup: The command '/sbin/kldload dummynet' returned exit code '1', the output was 'kldload: can't load dummynet: No such file or directory'
Feb 19 01:58:37 php 420 rc.bootup: The command '/sbin/ipfw /tmp/rules.limiter' returned exit code '1', the output was 'Line 2: duplicate token, override bandwidth value! Line 2: setsockopt(IP_DUMMYNET_CONFIGURE): Protocol not available'

Actions #2

Updated by Lewis Smith 4 months ago

I have tried only applying a limiter in the upload direction, as that was a proposed workaround for the 2.5.0 issue, however it still struggles.

Actions #3

Updated by Lewis Smith 4 months ago

Have had to downgrade for now as the internet connection can become quite unusable without the queues. Happy to set up another box with 2.6.0 for testing.

Actions #4

Updated by Jim Pingle 4 months ago

  • Status changed from New to Feedback

I can't reproduce this here on a fresh install or upgrade. Limiters are passing traffic as expected and there are no errors.

The errors you have posted imply that the kernel module for limiters (dummynet) is missing, which is unusual as they are a part of the kernel package itself so there isn't a way that something in the base OS could remove just that file. The errors also do not line up with the other issue linked in the description so it's almost certainly unrelated.

Do you see /boot/kernel/dummynet.ko on your firewall?

: ls -l /boot/kernel/dummynet.ko
-r-xr-xr-x  1 root  wheel  167808 Jan 31 15:15 /boot/kernel/dummynet.ko

If that file is missing, there may be something deeper wrong with your installation (e.g. disk or filesystem problem). Do a fresh installation of 2.6.0 and see if the module is present there before attempting to reconfigure limiters.

If you still get that error on a fresh installation, we'll need to know a lot more information about the setup. The limiter configuration in config.xml, any installed packages, etc.

Actions #5

Updated by Lewis Smith 4 months ago

Jim Pingle wrote in #note-4:

I can't reproduce this here on a fresh install or upgrade. Limiters are passing traffic as expected and there are no errors.

The errors you have posted imply that the kernel module for limiters (dummynet) is missing, which is unusual as they are a part of the kernel package itself so there isn't a way that something in the base OS could remove just that file. The errors also do not line up with the other issue linked in the description so it's almost certainly unrelated.

Hi Jim,

Thank you for getting back to me. A duplicate issue was posted here: https://redmine.pfsense.org/issues/12830#change-59154 shortly after I posted this issue.

What I will do is do another upgrade to 2.6.0, and see if the error persists. Maybe it was transient, who knows. If the error is there again, I will do a fresh installation and set everything up from scratch.

If it's there during a fresh install, but not the upgrade, perhaps there's something wrong with the upgrade process.

Actions #6

Updated by Jim Pingle 4 months ago

Lewis Smith wrote in #note-5:

Thank you for getting back to me. A duplicate issue was posted here: https://redmine.pfsense.org/issues/12830#change-59154 shortly after I posted this issue.

That user did not give enough detail to say for certain if the issue was the same. Even so, that does not mean it's a bug, both systems could have been affected by a similar issue in hardware/filesystem/etc.

What I will do is do another upgrade to 2.6.0, and see if the error persists. Maybe it was transient, who knows. If the error is there again, I will do a fresh installation and set everything up from scratch.

If it's there during a fresh install, but not the upgrade, perhaps there's something wrong with the upgrade process.

Let us know what you find there. I've checked fresh installs and upgrades both but in my testing the module is always there, it always loads, and limiters are always working.

Actions #7

Updated by Evgeny Korostelev 4 months ago

I have fresh install 2.6.0 and problem with limiter exists.

The problem appeared after the upgrade from 2.5.2 -> 2.6.0
A fresh install didn't fix it.
File dummynet.ko exists.

Actions #8

Updated by Evgeny Korostelev 4 months ago

The problem is not relevant on all pfsense 2.6.0 installations
Some random.
how can i help to find the reason ?
Now problem still exist on NIC - Intel 211 Gigabit Network Connection

Actions #9

Updated by Jim Pingle 4 months ago

Evgeny Korostelev wrote in #note-7:

I have fresh install 2.6.0 and problem with limiter exists.

The problem appeared after the upgrade from 2.5.2 -> 2.6.0
A fresh install didn't fix it.
File dummynet.ko exists.

Do you see the same error in the logs from note 1 above about the dummynet module not loading? If not, your problem is probably not the same issue it may just share some common symptoms. You should post on the forum to discuss it in more detail.

Actions #10

Updated by Evgeny Korostelev 4 months ago

Jim Pingle wrote in #note-9:

Do you see the same error in the logs from note 1 above about the dummynet module not loading? If not, your problem is probably not the same issue it may just share some common symptoms. You should post on the forum to discuss it in more detail.

No, i don't see this error in boot log.
File attached

Actions #11

Updated by Evgeny Korostelev 4 months ago

cat /var/log/system.log | grep i dummy -> empty out

Actions #12

Updated by Jim Pingle 4 months ago

Then your problem is different from the one on this issue. Post on the forum to discuss and diagnose your problem.

Actions #13

Updated by Luca De Andreis 4 months ago

Hello everybody,

I can confirm that there are problems with PfSense 2.6.0 release.
I use more than 20 PfSense (some CEs some pluses) and on exactly the same hardware (Proxmox VE virtual machine) some have problems with WAN traffic (all use limiters).

It seems that the problem does not occur immediately after the firewall is booted and if it is restarted it will work properly again.
A rollback to version 2.5.2 completely resolves the problem.

PS I don't use floating rules but the behavior is the same as described above.

Thanks

Luca

Actions #14

Updated by Lewis Smith 3 months ago

Luca De Andreis wrote in #note-13:

Hello everybody,

I can confirm that there are problems with PfSense 2.6.0 release.
I use more than 20 PfSense (some CEs some pluses) and on exactly the same hardware (Proxmox VE virtual machine) some have problems with WAN traffic (all use limiters).

It seems that the problem does not occur immediately after the firewall is booted and if it is restarted it will work properly again.
A rollback to version 2.5.2 completely resolves the problem.

PS I don't use floating rules but the behavior is the same as described above.

Thanks

Luca

Hi Luca,

How long was it before you noticed issues on your limiters?

I've just redone the upgrade from 2.5.2 and it worked this time.

Thanks,
Lewis

Actions #15

Updated by Luca De Andreis 3 months ago

Lewis Smith wrote in #note-14:

Luca De Andreis wrote in #note-13:

Hello everybody,

I can confirm that there are problems with PfSense 2.6.0 release.
I use more than 20 PfSense (some CEs some pluses) and on exactly the same hardware (Proxmox VE virtual machine) some have problems with WAN traffic (all use limiters).

It seems that the problem does not occur immediately after the firewall is booted and if it is restarted it will work properly again.
A rollback to version 2.5.2 completely resolves the problem.

PS I don't use floating rules but the behavior is the same as described above.

Thanks

Luca

Hi Luca,

How long was it before you noticed issues on your limiters?

I've just redone the upgrade from 2.5.2 and it worked this time.

Thanks,
Lewis

Hi Lewis,

I had a long discussion with stephenw10 of the Netgate development team and the problem was identified.

The problem occurs when the Captive Portal is active and limiters are used. Practically due to a captive portal bug, even if this refers to a different interface, the limiters do not work correctly on all interfaces (including WAN ones, therefore the ports natted towards the internal segments and subject to limiters).
If you don't use the Captive Portal the limiters work without problems.

Luca

Actions #16

Updated by Steve Wheeler 3 months ago

  • Subject changed from Traffic shaper + Floating firewall rule causes no traffic to leave to Dummynet kernel module fails to load after upgrade.

See #12954 for Limiters failing to pass traffic.

That is not related to the dummynet kernel module being unavailable as reported here.

Actions

Also available in: Atom PDF