More on Abnormally High CPU Usage

SteveITS

@courierdog said in More on Abnormally High CPU Usage:

Netgate should have a slightly more open platform, allow, 3rd party storage and 3rd party RAM.

I get your point but especially with the smaller devices I would expect parts are fastened to the board and there aren't slots. Third party parts are tricky, if it causes a problem and the owner wants tech support why should that be on Netgate? Etc.

One other option which I would like to see is a plug in WiFi board.

If you watch this forum a while you'll see people post that FreeBSD wireless drivers are not great. (ref: Netgate support time above) So while theoretically convenient, it's usually better to use an external AP.

stephenw10

Yes with ARM based devices adding additional RAM becomes an issue. And for small appliances it all starts to add to the cost.

You can actually fit a wifi card to the 2100 but the only one I'm aware of that works is the WLE200NX which is a 2x2 802.11n device. So it's hard to recommend that.
There is ongoing work in FreeBSD to bring in far better wifi support but an external AP is always going to be better IMO.

Steve

Courierdog

@steveits said in More on Abnormally High CPU Usage:
Steve I was told by the technicians / Engineers at Netgate the WiFi is in fact an LTE Cellular fall back ISP connection not WiFi in the Domestic or Home Type of WiFi.

stephenw10

It's possible to run either, or both. But the m.2 slot for a cellular modem is used by an SSD if you have that so those are mutually exclusive.

[22.11-DEVELOPMENT][admin@2100-2.stevew.lan]/root: usbconfig
ugen0.1: <Generic XHCI root HUB> at usbus0, cfg=0 md=HOST spd=SUPER (5.0Gbps) pwr=SAVE (0mA)
ugen1.1: <Marvell EHCI root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen0.2: <Sierra Wireless, Incorporated EM7305> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (500mA)

But, as I say, the only wifi device I know will work is very limited.

[22.05-RELEASE][admin@2100-3.stevew.lan]/root: pciconf -lv
ath0@pci0:0:0:0:	class=0x028000 card=0x3099168c chip=0x002a168c rev=0x01 hdr=0x00
    vendor     = 'Qualcomm Atheros'
    device     = 'AR928X Wireless Network Adapter (PCI-Express)'
    class      = network

Steve

Courierdog

@stephenw10
Steve, it was more wishful thinking of having a built in WiFi port on the Firewall.
It is just more hardware to add the External WiFi Access Point.
I have two distinct WiFi system.
the ISP provided Router also has a built in WiFi which is used as a fall back WiFi as is their ethernet access to the internet.
The entire home network is behind the Netgate pfsense Firewall.

Courierdog

@steveits
Steve:
I am unsure why but on my SG-2100 to goto the correct place in the code I have to GOTO Line %(#e32400)[4853]

// Collect pfBlockerNG rule names and Tracker IDs
function pfb_filterrules() {
global $pfb;

$rule_list		= array();
$rule_list['id']	= array();
$rule_list['other']	= array();
$rule_list['int']	= array();

exec("{$pfb['pfctl']} -vvsr 2>&1", $results);
if (!empty($results)) {
	foreach ($results as $result) {
		if (substr($result, 0, 1) == '@') {

			$r = explode(')', $result, 2);

			// pfSense > v2.6 uses an 'ridentifier' string
			if (strpos($result, 'ridentifier') != FALSE) {
				$id = trim(strstr(strstr($r[1], 'ridentifier', FALSE), ' ', FALSE));
			} else {
				$id = ltrim(strstr($r[0], '(', FALSE), '(');
			}

stephenw10

Hmm, that's weird. I can't replicate that here on a 2100 running 22.05.

If you download that file from Diag > Command Prompt > Download box and then open it in a text editor do the line numbers actually appear as expected?

Steve

Courierdog

@stephenw10
Steve:
To ensure I get everything precisely correct.

Please lay out the actual code I need to enter.
I am so new and it is so easy (for me) to make a mess of things.
So far as I have followed your instructions I have not messed anything up (makes me happy)

Please assume I know absolutely nothing (I have ADHD) and when it comes to this sort of thing I have to follow a script.
Thanks

stephenw10

Download the file like this:

Then open that file on your desktop in a text editor and look at line 4139.

Does it appear correct there or do you actually have 'extra' lines in that file somehow?

Steve

Courierdog

@stephenw10
Steve:
You are absolutely correct.
I opened the download file in BBEdit and on line 4139 is
$r = explode(' ', $result, 2);

The thing I seemed to have found is this edit seems to only hold for a nominal 24 hours and reverts to the original.
Have you experienced this.
regardless the reduction in CPU usage is reduced.

stephenw10

No I would not expect that change to be reverted unless the package was reinstalled or there was some sort of roll-back, ZFS boot environments for example.

ChrisLynch

So, what about those that are running 23.05-RELEASE on an NG 2100 with the same CPU utilization issue but without pfBlocker? I have a stock NG2100 with only:

• aws-wizard
• ipsec-profile-wizard

packages installed. Each time the system CPU goes to above 75%, it eventually reaches 99% and any real-time streams stop working until utilization drops below 50%.

SteveITS

@ChrisLynch This thread was specifically about a bug in pfBlocker that is long since fixed.

I’d suggest a new thread and look at the output of Diagnostics/System Activity or “top” at a command line to see what’s using CPU.