Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Posting for the benefit of others and comment. High CPU use from /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog

    pfBlockerNG
    2
    3
    510
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jerry3716
      last edited by

      New installation -
      Netgate 7100 1U Base system
      Intel(R) Atom(TM) CPU C3558 @ 2.20GHz 8GB ram
      pfSense 22.05-RELEASE (amd64)
      pfBlockerNG-devel net 3.1.0_4

      Moderately busy office environment. Testing before install, system was stable. Upon install, with traffic, sluggish and would freeze every 24-48 hours.

      Two processes were identified as suspect. (Logs were not helpful.) The first -

      /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog

      Upon grabbing some sample records from filterlog and stepping through the code in a simulator, it appears that the format of the output of - pfctl - has changed. May be a regression between devel version of pfblockerng and the production version of pfsense.

      Made the following changes to the function pfb_filterrules -

      		// pfSense > v2.6 uses an ‘ridentifier’ string
		If (strpos($result, ‘ridentifier’) != FALSE) {

      •   		$id = trim(strstr(strstrs($r[1], ‘ridentifier’, FALSE), ‘ ‘, FALSE));
      • $id = ltrim(strstr(strstr($r[1], 'ridentifier', FALSE), ' ', FALSE))
      • $id = rtrim(strstr($id, '[', TRUE));
        } else {
      •   		$id = ltrim(strstr($r[0], ‘(‘, FALSE), ‘(‘);
      • $id = substr($r[0], 1);
        }

      I make no warranty in any way to the above changes being appropriate or useful for your installation.

      I am posting here for the potential benefit of others.

      The second finding - Almost never turn on Global Logging / Blocking Mode. It appears to overwrite settings on previously defined lists. If one would turn on Global Blocking to a VIP with a substantial ad list, the system jumps in CPU utilization and upon moderate activity, fell in performance substantially. (Not that anyone which I know would have done such a thing.) Basically, telling all the blocked ads to go to the DNSBL VIP. (It was using an entire core in an attempt to serve all the pages.)

      Hopefully, the above helps someone else. 🙂

      1 Reply Last reply Reply Quote 0
      • B
        bbrendon
        last edited by

        I'm having this on 23.09.1-RELEASE . pfb v 3.2.0_7

        I checked redmine for recent CPU issues and nothing. I don't have DNSBL enabled.

        I'm not a php expert, but I can stumble through some things. Any tips on how I might figure out what's causing it? For me this problem has been going on for about a year. I just reboot the pfsense every few months. The CPU usage goes up slowly over time (about 3 months) until one CPU is pegged at 100%.

        https://redmine.pfsense.org/projects/pfsense-packages/issues?utf8=%E2%9C%93&set_filter=1&sort=id%3Adesc&f%5B%5D=status_id&op%5Bstatus_id%5D=*&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=97&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&group_by=&t%5B%5D=

        B 1 Reply Last reply Reply Quote 0
        • B
          bbrendon @bbrendon
          last edited by

          I think my CPU problem might be fixed...
          I found some corruption in my config.xml in regards to ipv6 and router advertisements. Somehow fixing that seems to have fixed pfblocker. Doesn't make any sense really so I'm thinking the problem might come back in a few weeks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.