Actions
Bug #15396
closedBE upgrade process deferred pkg install can cause significant delays
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Upgrade
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Release Notes:
Default
Affected Plus Version:
24.03
Affected Architecture:
Description
Some package install scripts attempt to connect out to update lists/signatures/aliases. When run as part of the new BE upgrade process they are run before any network interfaces are setup which causes significant delay as each connection attempt has to timeout:
Setting up extended sysctls...done. Executing deferred package installation scripts...Running last steps of aws-wizard installation. Saving updated package information... overwrite! Loading package configuration... done. Configuring package components... Custom commands... Menu items... done. Writing configuration... done. Running last steps of ipsec-profile-wizard installation. Saving updated package information... overwrite! Loading package configuration... done. Configuring package components... Custom commands... Menu items... done. Writing configuration... done. Running last steps of Netgate_Firmware_Upgrade installation. Saving updated package information... overwrite! Loading package configuration... done. Configuring package components... Loading package instructions... Custom commands... Menu items... done. Writing configuration... done. Running last steps of suricata installation. Saving updated package information... overwrite! Loading package configuration... done. Configuring package components... Loading package instructions... Custom commands... Executing custom_php_install_command()...Saved settings detected... Migrating settings to new configuration... done. Downloading Emerging Threats Open rules md5 file...Emerging Threats Open rules md5 error ... Server returned error code 0 Emerging Threats Open rules will not be updated. Downloading Snort GPLv2 Community Rules md5 file...Snort GPLv2 Community Rules md5 error ... Server returned error code 0 Snort GPLv2 Community Rules will not be updated. Downloading Feodo Tracker Botnet C2 IP rules file...Feodo Tracker Botnet C2 IP rules file download failed! Downloading ABUSE.ch SSL Blacklist rules file...ABUSE.ch SSL Blacklist rules file download failed! Cleaning up after rules extraction... done. The Rules update has finished. Generating suricata.yaml configuration file from saved settings. Generating YAML configuration file for WAN...route: route has not been found done. Finished rebuilding Suricata configuration from saved settings. Setting package version in configuration file. done. Executing custom_php_resync_config_command()...route: route has not been found done. Menu items... done. Services... done. Writing configuration... done. done. Executing early shell commands...done. coretemp0: <CPU On-Die Thermal Sensors> on cpu0 Setting timezone...done. Configuring looplo0: link state changed to UP back interface...done. '/var/log': not a ZFS filesystem Starting syslog...done. Setting up interfaces microcode...done. Configuring loopback interface...done. Creating wireless clone interfaces...done. Configuring WAN2 interface...done. Configuring WAN3 interface...done. Configuring WAN4 interface...done. Configuring LAN2 interface...done. Configuring LAN3 interface...done. Configuring LAN4 interface...done. Configuring LAN interface...done. Configuring WAN interface...done.
These are updated when the service starts. The upgrade does complete.
Snort, Suricata and pfBlockerNG do this.
Updated by Marcos M about 1 month ago
Snort and Suricata have been updated to work around this issue:
Updated by Georgiy Tyutyunnik 28 days ago
fixed in the new versions, reproduced on 23.09.1 -> 24.03,
can't reproduce on 24.03 -> 24.11 BETA
24.11-BETA (amd64)
built on Tue Nov 5 5:17:00 CET 2024
FreeBSD 15.0-CURRENT
Actions