pfBlockerNG - unbound-control process spikes CPU to 100% every few seconds [SOLVED]
-
@nimrod I would directly look at the file and make sure it actually applied, if your not seeing any difference in your cpu usage after applying..
you can find the inc file in this dir
/usr/local/pkg/pfblockerng
-
@johnpoz said in Strange issue with CPU usage.:
@nimrod I would directly look at the file and make sure it actually applied, if your not seeing any difference in your cpu usage after applying..
you can find the inc file in this dir
/usr/local/pkg/pfblockerng
It seems ok. I also see pfblockerng.inc.orig file, which i think is the backup created by system patches package.
This file is 300 megs, and it has 10000 lines of code in it. I guess, the file size depends on how many feeds/lists i have loaded.
-
-
@johnpoz said in Strange issue with CPU usage.:
@nimrod said in Strange issue with CPU usage.:
300 megs
no - 300k, not 300M hehehe
Yeah. 300k, sry. My mind is going out...
Anyway, @stephenw10 gave me idea with his question. So i actually switched pfBlocker from Unbound mode to Python mode. And guess what. Issue is gone.
Now im puzzled.
Is Python mode less effective, or inferior in any way to unbound mode ?
-
@nimrod I don't use DNSBL, so not sure - but if you click the little i next to it says it uses less memory. And can do more advanced DNSBL
But again I don't use that..
-
Had to switch back to unbound mode, because python mode is just not working correctly when TLD is enabled.
Of course, CPU is spiking to 100% again, and i dont know what else to try and resolve this.
-
I'd probably open a thread in the pfBlocker forum section with all the details you have found.
-
Update.
- Setting pfBlocker into Unbound python mode.
- Performing DNSBL reload.
- Setting pfBlocker into Unbound mode.
- Performing DNSBL reload.
These 4 steps are resolving the issue. However, when i reboot, issue comes back again. Then i repeat those 4 steps from above, and issue is gone again.
Is there any way to locate what changes are made when switching modes ? What logs should i analyze ?
Edit: @johnpoz, @stephenw10, or @jimp can you please move this thread to pfBlocker forum section ?
Thank you.
-
Here is another update.
When i perform 4 steps that i described in previous post, pfBlocker is blocking hosts, but its not showing what feed was used, and there are no whitelisting buttons available.
It looks like this:
When i reboot, blocking is still working as it should, but feed is also displayed properly along with whitelisting buttons. It looks like this:
I hope ill narrow this down some more.
-
S stephenw10 moved this topic from General pfSense Questions on
-
Moved. You may want to re-title it so others can find it more easily.
-
@stephenw10 & @johnpoz i have finally resolved the issue after weeks of digging.
It turned out that i caused the issue by adding this DNSBL list in my DNSBL feeds. First i thought that the amount of entries in this list was the cause, but then i replaced it with with this one, which has over million entries in it and everything is still working fine.
On top of all that, the problematic list of domains is no longer supported and it was last updated 2 years ago. "Project" is abandoned and moved to another github page.
Lesson learned here. Make sure you know what are you adding in your feeds. Make sure to use only verified lists that get consistently updated.
Thank you guys for your help.
-
So just the list containing a bunch of obsolete domains?
-
@stephenw10 said in pfBlockerNG - unbound-control process spikes CPU to 100% every few seconds [SOLVED]:
So just the list containing a bunch of obsolete domains?
Not sure how many domains in that list are obsolete, and if that was the issue, however, what led me to actually remove the list is the fact that there are tons of legit domains in that list that pfBlocker was blocking. If you check the list, you will see asus.com and sony.com in there. And there is absolutely no reason to blacklist those sites. They are legit.
Then I thought this was actually a whitelist that i was using as blacklist, but then you find all those porn sites in there and tons of other entries that are present in legit block lists. Its a mess.
I just removed it and it all works.
