Project

General

Profile

Actions

Regression #12862

closed

Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed

Added by David Burns about 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Operating System
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:

Description

It is common for advanced pfSense users to make use of FreeBSD /boot/loader.conf.local.

Since release of pfSense CE 2.6 / pfSense+ 22.01 it appears that the following 2 oids are removed from loader.conf.local:
kern.ipc.nmbclusters - only removed in pfSense+ 22.01 for 1100/2100/3100/uFW
net.link.ifqmaxlen - removed in all configs

It appears that this behaviour is coded in /etc/inc/pfsense-utils.inc.

1. Removal of the oid net.link.ifqmaxlen (and resetting it to 128) is particularly problematic - it has been linked to improved OpenVPN performance
(eg. references https://redmine.pfsense.org/issues/10311 & https://redmine.pfsense.org/issues/12237)
NB oid 'net.link.ifqmaxlen' is a read only tunable

2. In the case of kern.ipc.nmbclusters the default is too high for low end platforms such as uFW / SG-1100.
(eg. on SG-1100 kern.ipc.nmbclusters defaults to 1000000 which is 2GB of buffer memory - the SG-1100 only has 1GB of RAM - fortunately FreeBSD does not pre-allocate memory)
This inhibits advanced users attempting to configure a more performant yet conservative configuration (eg. avoid memory exhaustion from DoS attacks)

Lastly this behaviour should likely be added to release notes...

Actions

Also available in: Atom PDF