Bug #6747
closed
pfctl - getting high cpu usage
0%
Description
When firewall logs is enabled on dashboard and update interval is set to a small time (5 seconds, ie), pfctl starts to get high cpu usage. This causes a packet loss problem.
Version 2.3.2-RELEASE (amd64)
built on Tue Jul 19 12:44:43 CDT 2016
FreeBSD 10.3-RELEASE-p5
The system is on the latest version.
CPU Type Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
16 CPUs: 2 package(s) x 4 core(s) x 2 SMT threads
Updated by Rafael Cunha over 7 years ago
In case anyone need:
pfctl -sr | wc -l
8707
Updated by Rafael Cunha over 7 years ago
When pfblockerng counter widget is enabled too.
`-- sh -c /sbin/pfctl -vv -sr | /usr/bin/grep 'pfB_'
Updated by Pi Ba over 7 years ago
As discussed on IRC, his original pfctl usage was caused by the line below:
`-- sh -c /sbin/pfctl -vvPsr | /usr/bin/egrep '^@[0-9]+\\(1470855395\\)[[:space:]]pass[[:space:]].*[[:space:]]log[[:space:]]'
This seems to be responsible for reading rule descriptions, but as far as i can tell those are not shown on the widget anywhere.. Though are included in a 'data-content=' attribute for which i yet have to find any purpose on the widget.
Rafael will try and see if he edits the /usr/local/www/widgets/widgets/log.widget.php to nolonger read those descriptions if at least the first issue is 'gone'. And check if there are no negative sideeffects from that. If he confirms it works alright ill send a pullrequest removing it completely, if there are no objections ofc.. :).
Updated by Rafael Cunha over 7 years ago
Pi Ba, does this edition include pfblockerng widget problem too?
Updated by BBcan177 . over 7 years ago
egrep is very memory aggressive...
The pfBlockerNG widget runs this line which doesn't use egrep:
pfctl -vv -sr | grep pfBI don't think there is any concern for high cpu usage with the pfBlockerNG widget...
Updated by Rafael Cunha over 7 years ago
It only happens with firewall log widget and pfblockerng widget. The resources consumption (I'm not 100% sure if it's memory or cpu) gets high and pfSense starts losing packets. There's about 5000 hosts in this network and several rules. When I use command 'top' to monitor resources usage it's possible to see pfctl with high cpu usage.
Updated by BBcan177 . over 7 years ago
Remove one widget at a time from the Dashboard and test with:
top -SHThen see which is causing the high cpu usage. Let the top command run for a few minutes at a minimum...
Updated by Jim Pingle over 4 years ago
- Category set to Operating System
- Status changed from New to Closed
Old report and no recent recurrences. Lots of things in this area have changed, so most likely it's either fixed no longer relevant.