Project

General

Profile

Actions

Bug #13180

closed

High CPU Utilization with pfb_filter since pfBlockerNG update to devel 3.1.0_4

Added by RED SKULL almost 2 years ago. Updated about 1 year ago.

Status:
Duplicate
Priority:
High
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.6.0
Affected Plus Version:
Affected Architecture:

Description

SPECS:
-----
4 core Broadwell Xeon with SMT disabled in BIOS (0 logical cores)
32 GB DDR4 RAM
Powerd set to Maximum for all scenarios

BACKGROUND:
----------
This issue has been happening on both my 2.6 boxes and 2.7 development boxes that recently had pfBlockerNG devel updated to 3.1.0_4. It resolves only when I stop pfb_filter service (not an ideal scenario and unacceptable).

NOTE: A variant of this issue seems to keep rearing its ugly head every so often on PfSense in the past - based on personal experience and Reddit/netgate forum searches.

Every few seconds, pfctl -vvsr eats up CPU. ps auxwwd output below and top -aSH screenshot is attached (you can see 99% CPU). Disabling SMP is also not an option and this issue disabled total throughput of firewall drastically; also results in occasional dropped packets even with lowered throughput ceiling.

OUTPUT:
------
/root: ps auxwwd
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 0 0.8 0.0 0 976 - DLs 14:16 26:52.36 [kernel]
root 11 313.1 0.0 0 64 - RNL 14:16 1729:02.60 - [idle]
root 12 0.1 0.0 0 352 - WL 14:16 1:55.72 - [intr]
root 1 0.0 0.0 9496 936 - ILs 14:16 0:00.07 - /sbin/init --
root 82842 0.2 0.2 73432 53192 - S 14:26 4:10.27 |-- /usr/local/bin/php_pfb f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog
root 12912 23.6 0.0 11936 3236 - R 00:27 0:02.58 | `-
/sbin/pfctl vvsr
root 273 0.0 0.0 11732 2628 - Is 14:25 0:02.79 |-
/usr/local/bin/dpinger S -r 0 -i REMOVED FOR PRIVACY -p /var/run/dpinger_REMOVED FOR PRIVACY.pid -u /var/run/dpinger_REMOVED FOR PRIVACY.sock -C /etc/rc.gateway_alarm REMOVED FOR PRIVACY
root 649 0.0 0.1 105028 27956 - Ss 14:16 0:00.61 |-
php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
root 651 0.0 0.1 138772 49844 - I 14:16 2:58.29 | |-- php-fpm: pool nginx (php-fpm)
root 3756 0.0 0.2 141164 50476 - I 14:18 3:15.34 | |-- php-fpm: pool nginx (php-fpm)
root 4095 0.0 0.1 138004 44696 - I 14:18 2:43.25 | |-- php-fpm: pool nginx (php-fpm)
root 4113 0.0 0.1 139072 49776 - I 14:18 3:02.07 | |-- php-fpm: pool nginx (php-fpm)
root 4134 0.0 0.1 140916 49952 - I 14:18 3:31.62 | |-- php-fpm: pool nginx (php-fpm)
root 7487 0.0 0.2 144276 54116 - I 14:19 2:54.59 | |-- php-fpm: pool nginx (php-fpm)
root 81544 0.0 0.1 111240 44908 - I 14:24 3:12.46 | `-- php-fpm: pool nginx (php-fpm)
root 689 0.0 0.0 11388 2892 - INs 14:16 0:00.07 |-- /usr/local/sbin/check_reload_status

~ truncated for privacy (too many gateways and pingers with IP/config details) :) ~


SEE ATTACHMENT


Files

Untitled.png (149 KB) Untitled.png top -aSH screenshot RED SKULL, 05/18/2022 12:44 AM

Related issues

Is duplicate of Bug #13154: pfBlocker causing excessive CPU loadResolvedMarcos M

Actions
Actions

Also available in: Atom PDF