Bug #12829
closedDummynet kernel module fails to load after upgrade.
0%
Description
pfSense 2.6.0 - Fresh upgrade.
When creating a limiter and assigning it in a floating rule, all traffic stops from LAN -> WAN stops. I cannot ping an IP address via the firewall its self, either.
The exact same configuration worked correctly in 2.5.2.
pfSense is on bare metal.
Exactly the same symptoms as the 2.5.0 bug here: https://redmine.pfsense.org/issues/9643
Files
Updated by Lewis Smith almost 3 years ago
I get the following errors in the System Logs:
Feb 19 01:58:37 php 420 rc.bootup: The command '/sbin/kldload dummynet' returned exit code '1', the output was 'kldload: can't load dummynet: No such file or directory'
Feb 19 01:58:37 php 420 rc.bootup: The command '/sbin/ipfw /tmp/rules.limiter' returned exit code '1', the output was 'Line 2: duplicate token, override bandwidth value! Line 2: setsockopt(IP_DUMMYNET_CONFIGURE): Protocol not available'
Updated by Lewis Smith almost 3 years ago
I have tried only applying a limiter in the upload direction, as that was a proposed workaround for the 2.5.0 issue, however it still struggles.
Updated by Lewis Smith almost 3 years ago
Have had to downgrade for now as the internet connection can become quite unusable without the queues. Happy to set up another box with 2.6.0 for testing.
Updated by Jim Pingle almost 3 years ago
- Status changed from New to Feedback
I can't reproduce this here on a fresh install or upgrade. Limiters are passing traffic as expected and there are no errors.
The errors you have posted imply that the kernel module for limiters (dummynet) is missing, which is unusual as they are a part of the kernel package itself so there isn't a way that something in the base OS could remove just that file. The errors also do not line up with the other issue linked in the description so it's almost certainly unrelated.
Do you see /boot/kernel/dummynet.ko on your firewall?
: ls -l /boot/kernel/dummynet.ko -r-xr-xr-x 1 root wheel 167808 Jan 31 15:15 /boot/kernel/dummynet.ko
If that file is missing, there may be something deeper wrong with your installation (e.g. disk or filesystem problem). Do a fresh installation of 2.6.0 and see if the module is present there before attempting to reconfigure limiters.
If you still get that error on a fresh installation, we'll need to know a lot more information about the setup. The limiter configuration in config.xml, any installed packages, etc.
Updated by Lewis Smith almost 3 years ago
Jim Pingle wrote in #note-4:
I can't reproduce this here on a fresh install or upgrade. Limiters are passing traffic as expected and there are no errors.
The errors you have posted imply that the kernel module for limiters (dummynet) is missing, which is unusual as they are a part of the kernel package itself so there isn't a way that something in the base OS could remove just that file. The errors also do not line up with the other issue linked in the description so it's almost certainly unrelated.
Hi Jim,
Thank you for getting back to me. A duplicate issue was posted here: https://redmine.pfsense.org/issues/12830#change-59154 shortly after I posted this issue.
What I will do is do another upgrade to 2.6.0, and see if the error persists. Maybe it was transient, who knows. If the error is there again, I will do a fresh installation and set everything up from scratch.
If it's there during a fresh install, but not the upgrade, perhaps there's something wrong with the upgrade process.
Updated by Jim Pingle almost 3 years ago
Lewis Smith wrote in #note-5:
Thank you for getting back to me. A duplicate issue was posted here: https://redmine.pfsense.org/issues/12830#change-59154 shortly after I posted this issue.
That user did not give enough detail to say for certain if the issue was the same. Even so, that does not mean it's a bug, both systems could have been affected by a similar issue in hardware/filesystem/etc.
What I will do is do another upgrade to 2.6.0, and see if the error persists. Maybe it was transient, who knows. If the error is there again, I will do a fresh installation and set everything up from scratch.
If it's there during a fresh install, but not the upgrade, perhaps there's something wrong with the upgrade process.
Let us know what you find there. I've checked fresh installs and upgrades both but in my testing the module is always there, it always loads, and limiters are always working.
Updated by Evgeny Korostelev almost 3 years ago
I have fresh install 2.6.0 and problem with limiter exists.
The problem appeared after the upgrade from 2.5.2 -> 2.6.0
A fresh install didn't fix it.
File dummynet.ko exists.
Updated by Evgeny Korostelev almost 3 years ago
The problem is not relevant on all pfsense 2.6.0 installations
Some random.
how can i help to find the reason ?
Now problem still exist on NIC - Intel 211 Gigabit Network Connection
Updated by Jim Pingle almost 3 years ago
Evgeny Korostelev wrote in #note-7:
I have fresh install 2.6.0 and problem with limiter exists.
The problem appeared after the upgrade from 2.5.2 -> 2.6.0
A fresh install didn't fix it.
File dummynet.ko exists.
Do you see the same error in the logs from note 1 above about the dummynet module not loading? If not, your problem is probably not the same issue it may just share some common symptoms. You should post on the forum to discuss it in more detail.
Updated by Evgeny Korostelev almost 3 years ago
- File dmesg.boot dmesg.boot added
Jim Pingle wrote in #note-9:
Do you see the same error in the logs from note 1 above about the dummynet module not loading? If not, your problem is probably not the same issue it may just share some common symptoms. You should post on the forum to discuss it in more detail.
No, i don't see this error in boot log.
File attached
Updated by Evgeny Korostelev almost 3 years ago
cat /var/log/system.log | grep i dummy -> empty out
Updated by Jim Pingle almost 3 years ago
Then your problem is different from the one on this issue. Post on the forum to discuss and diagnose your problem.
Updated by Luca De Andreis almost 3 years ago
Hello everybody,
I can confirm that there are problems with PfSense 2.6.0 release.
I use more than 20 PfSense (some CEs some pluses) and on exactly the same hardware (Proxmox VE virtual machine) some have problems with WAN traffic (all use limiters).
It seems that the problem does not occur immediately after the firewall is booted and if it is restarted it will work properly again.
A rollback to version 2.5.2 completely resolves the problem.
PS I don't use floating rules but the behavior is the same as described above.
Thanks
Luca
Updated by Lewis Smith almost 3 years ago
Luca De Andreis wrote in #note-13:
Hello everybody,
I can confirm that there are problems with PfSense 2.6.0 release.
I use more than 20 PfSense (some CEs some pluses) and on exactly the same hardware (Proxmox VE virtual machine) some have problems with WAN traffic (all use limiters).It seems that the problem does not occur immediately after the firewall is booted and if it is restarted it will work properly again.
A rollback to version 2.5.2 completely resolves the problem.PS I don't use floating rules but the behavior is the same as described above.
Thanks
Luca
Hi Luca,
How long was it before you noticed issues on your limiters?
I've just redone the upgrade from 2.5.2 and it worked this time.
Thanks,
Lewis
Updated by Luca De Andreis almost 3 years ago
Lewis Smith wrote in #note-14:
Luca De Andreis wrote in #note-13:
Hello everybody,
I can confirm that there are problems with PfSense 2.6.0 release.
I use more than 20 PfSense (some CEs some pluses) and on exactly the same hardware (Proxmox VE virtual machine) some have problems with WAN traffic (all use limiters).It seems that the problem does not occur immediately after the firewall is booted and if it is restarted it will work properly again.
A rollback to version 2.5.2 completely resolves the problem.PS I don't use floating rules but the behavior is the same as described above.
Thanks
Luca
Hi Luca,
How long was it before you noticed issues on your limiters?
I've just redone the upgrade from 2.5.2 and it worked this time.
Thanks,
Lewis
Hi Lewis,
I had a long discussion with stephenw10 of the Netgate development team and the problem was identified.
The problem occurs when the Captive Portal is active and limiters are used. Practically due to a captive portal bug, even if this refers to a different interface, the limiters do not work correctly on all interfaces (including WAN ones, therefore the ports natted towards the internal segments and subject to limiters).
If you don't use the Captive Portal the limiters work without problems.
Luca
Updated by Steve Wheeler almost 3 years ago
- Subject changed from Traffic shaper + Floating firewall rule causes no traffic to leave to Dummynet kernel module fails to load after upgrade.
See #12954 for Limiters failing to pass traffic.
That is not related to the dummynet kernel module being unavailable as reported here.
Updated by Jim Pingle almost 2 years ago
- Status changed from Feedback to Closed
No other reports and no way to reproduce it that I'm aware of, and it's been quite some time since the last report.
We can always revisit, but so much has changed here it's unlikely this is still relevant.