Project

General

Profile

Actions
Copy link

Bug #13874

closed

pfBlocker -devel hanging on cron jobs

Added by Chris W over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

Build:
23.01-BETA (amd64)
built on Fri Jan 06 06:04:43 UTC 2023
FreeBSD 14.0-CURRENT

When pfBlocker is told to run a cron job, it hangs on the HTTP 200 message after downloading the first block list. A reboot will push it onto the next list, where it'll just hang up again. We have a report from a customer that a PHP error notification accompanied this, but I'm not able to reproduce that aspect locally, just the cron job hang.


**Saving configuration [ 01/14/23 15:40:19 ]**

  Removing DB Files/Folders 

Saving new DNSBL web server configuration to port [  and  ]
**Saving configuration [ 01/14/23 15:40:22 ]**

  Removing DB Files/Folders 

 [ Force Reload Task - All ]
 UPDATE PROCESS START [ v3.1.0_16 ] [ 01/14/23 15:40:39 ]

===[  DNSBL Process  ]================================================

 Missing DNSBL stats and/or Unbound DNSBL files - Rebuilding

 Loading DNSBL SafeSearch...  disabled
 Loading DNSBL Whitelist... completed

[ StevenBlack_ADs ]         Downloading update .. 200 OK
**Saving configuration [ 01/14/23 15:44:21 ]**

Adding DNSBL Unbound mode (Resolver adv. setting)
DNS Resolver ( enabled ) unbound.conf modifications:
  Added DNSBL Unbound mode

Saving new DNSBL web server configuration to port [ 8081 and 8443 ]
VIP address(es) configured
New DNSBL certificate created
Restarting DNSBL Service
Stopping Unbound Resolver.
Unbound stopped in 2 sec.
Additional mounts:
  No changes required.
Starting Unbound Resolver... completed [ 01/14/23 15:44:22 ]
DNSBL update [ 0 | PASSED  ]... completed
------------------------------------------------------------------------

** Restarting firewall filter daemon **

 [ Force Reload Task - All ]
 UPDATE PROCESS START [ v3.1.0_16 ] [ 01/14/23 15:44:42 ]

===[  DNSBL Process  ]================================================

 Loading DNSBL Statistics... completed
 Missing DNSBL stats and/or Unbound DNSBL files - Rebuilding

 Loading DNSBL SafeSearch...  disabled
 Loading DNSBL Whitelist... completed

[ StevenBlack_ADs ]         Reload . completed ..
  Whitelist: 5726.bapi.adsafeprotected.com|6063.bapi.adsafeprotected.com|aax-cpm.amazon-adsystem.com|aax-eu-retail-direct.amazon-adsystem.com|aax-eu.amazon-adsystem.com|aax-fe-sin.amazon-adsystem.com|aax-fe.amazon-adsystem.com|aax-us-east-retail-direct.amazon-adsystem.com|aax-us-east-rtb.amazon-adsystem.com|aax-us-east.amazon-adsystem.com|aax-us-pdx.amazon-adsystem.com|aax-us.amazon-adsystem.com|aax.amazon-adsystem.com|adsafeprotected.com|amazon-adsystem.com|anycast.dt.adsafeprotected.com|appvast.adsafeprotected.com|bs.eyeblaster.akadns.net|bs.serving-sys.com|c.amazon-adsystem.com|cdn-a.amazon-adsystem.com|cdn.adsafeprotected.com|control.kochava.com|device-metrics-us-2.amazon.com|dra.amazon-adsystem.com|dt.adsafeprotected.com|dtvc.adsafeprotected.com|fls-eu.amazon-adsystem.com|fls-fe.amazon-adsystem.com|fls-na.amazon-adsystem.com|fls-na.amazon.com|fw.adsafeprotected.com|fwvc.adsafeprotected.com|images-aud.sourceforge.net|imp.control.kochava.com|ir-de.amazon-adsystem.com|ir-jp.amazon-adsystem.com|ir-na.amazon-adsystem.com|ir-uk.amazon-adsystem.com|localhost.localdomain|mads.amazon-adsystem.com|mobile-static.adsafeprotected.com|mobile.adsafeprotected.com|nyidt.adsafeprotected.com|orfw.adsafeprotected.com|orpixel.adsafeprotected.com|pixel.adsafeprotected.com|pm.adsafeprotected.com|ps-eu.amazon-adsystem.com|ps-jp.amazon-adsystem.com|ps-us.amazon-adsystem.com|px.moatads.com|rcm-eu.amazon-adsystem.com|rcm-fe.amazon-adsystem.com|rcm-na.amazon-adsystem.com|s.amazon-adsystem.com|secure-gl.imrworldwide.com|sgfw.adsafeprotected.com|sgpixel.adsafeprotected.com|spixel.adsafeprotected.com|static.adsafeprotected.com|unified.adsafeprotected.com|vafw.adsafeprotected.com|vapixel.adsafeprotected.com|vast.adsafeprotected.com|video.adsafeprotected.com|web-sdk.control.kochava.com|wildcard.moatads.com.edgekey.net|wms-eu.amazon-adsystem.com|wms-na.amazon-adsystem.com|wrapper-vast.adsafeprotected.com|ws-eu.amazon-adsystem.com|ws-fe.amazon-adsystem.com|ws-na.amazon-adsystem.com|z-eu.amazon-adsystem.com|z-na.amazon-adsystem.com|
  ----------------------------------------------------------------------
  Orig.    Unique     # Dups     # White    # TOP1M    Final                
  ----------------------------------------------------------------------
  168819   168819     0          76         0          168743               
  ----------------------------------------------------------------------

Saving DNSBL statistics... completed [ 01/14/23 15:44:48 ]
------------------------------------------------------------------------
Assembling DNSBL database...... completed
Adding DNSBL Unbound mode (Resolver adv. setting)
Stopping Unbound Resolver.
Unbound stopped in 2 sec.
Starting Unbound Resolver... completed [ 01/14/23 15:44:51 ]
DNSBL update [ 168743 | PASSED  ]... completed [ 01/14/23 15:44:52 ]
------------------------------------------------------------------------

===[  GeoIP Process  ]============================================

===[  IPv4 Process  ]=================================================

[ Abuse_Feodo_C2_v4 ]         Downloading update .. 200 OK

Related issues

Related to Bug #13926: pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1ResolvedJim Pingle

Actions
Related to Regression #13884: pfBlockerNG DNSBL TLD option causes reloads to take a long timeResolvedChristian McDonald

Actions
Actions
Copy link
 #1

Updated by Chris W over 1 year ago

  • Project changed from pfSense to pfSense Plus
  • Category changed from Package System to Package System
Actions
Copy link
 #2

Updated by Chris W over 1 year ago

The PHP errors related to the widget provided by the customer were:

PHP ERROR: Type: 1, File: /usr/local/www/widgets/widgets/pfblockerng.widget.php, Line: 456, Message: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/widgets/widgets/pfblockerng.widget.php:456

Stack trace:

#0 /usr/local/www/widgets/widgets/pfblockerng.widget.php(970): pfBlockerNG_get_failed()

#1 /usr/local/www/index.php(430): include('/usr/local/www/...')

#2 {main}
Actions
Copy link
 #4

Updated by Jim Pingle over 1 year ago

  • Project changed from pfSense Plus to pfSense Packages
  • Category changed from Package System to pfBlockerNG
  • Release Notes deleted (Default)
Actions
Copy link
 #5

Updated by Lev Prokofev over 1 year ago

I can confirm this behavior on 22.05 after updating the pfBlocker package to v3.1.0_16

Actions
Copy link
 #6

Updated by Jim Pingle over 1 year ago

Lev Prokofev wrote in #note-5:

I can confirm this behavior on 22.05 after updating the pfBlocker package to v3.1.0_16

Confirm that it's solved or that it still happens?

Actions
Copy link
 #7

Updated by Lev Prokofev over 1 year ago

It is still here, unfortunately.

Actions
Copy link
 #8

Updated by Lev Prokofev over 1 year ago

Lev Prokofev wrote in #note-7:

It is still here, unfortunately.

I mean the issue was occurred after I update the package to the latest version.

Actions
Copy link
 #9

Updated by Michael Kellogg over 1 year ago

I am seeing this on 3.1.0_19

Actions
Copy link
 #10

Updated by Danilo Zrenjanin over 1 year ago

  • Status changed from New to Confirmed

Yes, the issue is present on the 3.1.0_19 version.

Actions
Copy link
 #11

Updated by Allen C about 1 year ago

Ran into this issue on pfBlockerNG-devel v3.2.0 a few days ago. Have been deploying dailies, currently on v2.7.0.a.20230203.0600, as I'm testing out this new hardware. I see the problem has been marked as confirmed so won't add to this unless requested. Happy days all.

Actions
Copy link
 #12

Updated by Jim Pingle about 1 year ago

There may be two distinct issues there: One with downloads, and one with processing.

If you find it's hanging up on downloading, try the patch at https://redmine.pfsense.org/issues/13926#note-1

If it's getting stuck processing the downloaded data (e.g. with Wildcard TLD matching) that patch wouldn't change anything, but it's still worth trying to rule it out.

Actions
Copy link
 #13

Updated by Allen C about 1 year ago

Work has had me tied up so I haven't been able to do review the information Jim was kind enough to provide. I freed up some time this afternoon and noticed that v3.2.0_1 has been released. Deployed it and today's daily build. Initial run through is that CRON issues have been resolved. Was able to manually run updates and reloads and scheduled runs complete normally. One other discrepancy I noted in 3.2.0 was that if you set the cron settings to disabled, saved, and then view the update tab it would show that it wasn't disabled and reflected the interval from the last configuration. This appears to have been cleared up as well.

Will work in more testing as I learn how to tune this for my environment. Thanks for the help and the devs who turned it around so quickly!

Actions
Copy link
 #14

Updated by Jim Pingle about 1 year ago

  • Status changed from Confirmed to Resolved
  • % Done changed from 0 to 100

Thanks for testing and following up!

I'm going to mark this one resolved as there was some overlap with #13926 and there is already #13884 which is dedicated to just the Wildcard TLD matching issue which is unrelated.

Actions
Copy link
 #15

Updated by Jim Pingle about 1 year ago

  • Related to Bug #13926: pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1 added
Actions
Copy link
 #16

Updated by Jim Pingle about 1 year ago

  • Related to Regression #13884: pfBlockerNG DNSBL TLD option causes reloads to take a long time added
Actions
Copy link

Also available in: Atom PDF