There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy

clawsonn

FYI
This week I just hit a similar issue where the PF machine ( Netgate pfSense Plus 23.09-RELEASE (amd64) ) was no longer smoothly pushing packets through and there was significant packet loss. After logging into webgui the notifications greeted with the following (date and time removed):

pf_busy

PF was wedged/busy and has been reset. @ -DATE TIME-
PF was wedged/busy and has been reset. @ -DATE TIME-

Filter Reload

There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ -DATE TIME-
There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ -DATE TIME-
There were error(s) loading the rules: pfctl: SIOCGIFGROUP: Device not configured - The line in question reads [0]: @ -DATE TIME-

The machine was rebooted and appears to functioning normal again.

When I have the time I will try to pull and review logs.

a.dresner

@clawsonn My situation has not improved. My notices:

pf_busy
• PF was wedged/busy and has been reset. @ 2024-01-25 04:54:20
• PF was wedged/busy and has been reset. @ 2024-01-28 20:04:22
• PF was wedged/busy and has been reset. @ 2024-01-30 02:24:22
• PF was wedged/busy and has been reset. @ 2024-03-06 07:54:55
• PF was wedged/busy and has been reset. @ 2024-03-15 08:14:59
• PF was wedged/busy and has been reset. @ 2024-03-21 09:15:02
• PF was wedged/busy and has been reset. @ 2024-03-23 20:45:03
• PF was wedged/busy and has been reset. @ 2024-03-24 06:50:04
Filter Reload
• There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-01-25 04:54:21
• There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-01-28 20:04:23
• There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-01-30 02:24:23
• There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-03-06 07:54:56
• There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-03-15 08:15:00
• There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-03-21 09:15:03
• There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-03-23 20:45:04
• There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-03-24 06:50:05

This should not be happening.

a.dresner

@stephenw10 Would be great if you could take a look at this, its happening quite consistently now

stephenw10

Still the 6100 running 23.09.1?

If you manually reload the ruleset in Status > Filter Reload does that trigger it?

a.dresner

@stephenw10 Yes sir, the 6100 running 23.09.1. Here is the output from the Filter Reload, it did not trigger any notices.

Initializing
Creating aliases
Creating gateway group item...
Generating Limiter rules
Generating NAT rules
Creating 1:1 rules...
Creating outbound NAT rules
Creating automatic outbound rules
Setting up TFTP helper
Generating filter rules
Creating default rules
Pre-caching ...
Creating filter rule  ...
Creating filter rules  ...
Setting up pass/block rules
Setting up pass/block rules 
Creating rule 
Pre-caching Wireguard Port...
Creating filter rule Wireguard Port ...
Creating filter rules Wireguard Port ...
Setting up pass/block rules
Setting up pass/block rules Wireguard Port
Creating rule Wireguard Port
Pre-caching ping...
Creating filter rule ping ...
Creating filter rules ping ...
Setting up pass/block rules
Setting up pass/block rules ping
Creating rule ping
Pre-caching Default allow LAN to any rule...
Creating filter rule Default allow LAN to any rule ...
Creating filter rules Default allow LAN to any rule ...
Setting up pass/block rules
Setting up pass/block rules Default allow LAN to any rule
Creating rule Default allow LAN to any rule
Pre-caching ...
Creating filter rule  ...
Creating filter rules  ...
Setting up pass/block rules
Setting up pass/block rules 
Creating rule 
Pre-caching OpenVPN OpenVPN Users wizard...
Creating filter rule OpenVPN OpenVPN Users wizard ...
Creating filter rules OpenVPN OpenVPN Users wizard ...
Pre-caching Homebridge Allow...
Creating filter rule Homebridge Allow ...
Creating filter rules Homebridge Allow ...
Setting up pass/block rules
Setting up pass/block rules Homebridge Allow
Creating rule Homebridge Allow
Pre-caching Block Default LAN...
Creating filter rule Block Default LAN ...
Creating filter rules Block Default LAN ...
Setting up pass/block rules
Setting up pass/block rules Block Default LAN
Creating rule Block Default LAN
Pre-caching Block Default LAN...
Creating filter rule Block Default LAN ...
Creating filter rules Block Default LAN ...
Setting up pass/block rules
Setting up pass/block rules Block Default LAN
Creating rule Block Default LAN
Pre-caching Allow Any...
Creating filter rule Allow Any ...
Creating filter rules Allow Any ...
Setting up pass/block rules
Setting up pass/block rules Allow Any
Creating rule Allow Any
Pre-caching Pass VPN traffic from WireGuard peers...
Creating filter rule Pass VPN traffic from WireGuard peers ...
Creating filter rules Pass VPN traffic from WireGuard peers ...
Setting up pass/block rules
Setting up pass/block rules Pass VPN traffic from WireGuard peers
Creating rule Pass VPN traffic from WireGuard peers
Pre-caching ...
Creating filter rule  ...
Creating filter rules  ...
Setting up pass/block rules
Setting up pass/block rules 
Creating rule 
Pre-caching Pass VPN traffic from WireGuard peers...
Creating filter rule Pass VPN traffic from WireGuard peers ...
Creating filter rules Pass VPN traffic from WireGuard peers ...
Setting up pass/block rules
Setting up pass/block rules Pass VPN traffic from WireGuard peers
Creating rule Pass VPN traffic from WireGuard peers
Pre-caching UNVR Allow...
Creating filter rule UNVR Allow ...
Creating filter rules UNVR Allow ...
Setting up pass/block rules
Setting up pass/block rules UNVR Allow
Creating rule UNVR Allow
Pre-caching Block Default LAN...
Creating filter rule Block Default LAN ...
Creating filter rules Block Default LAN ...
Setting up pass/block rules
Setting up pass/block rules Block Default LAN
Creating rule Block Default LAN
Pre-caching Allow Any...
Creating filter rule Allow Any ...
Creating filter rules Allow Any ...
Setting up pass/block rules
Setting up pass/block rules Allow Any
Creating rule Allow Any
Creating IPsec rules...
Creating uPNP rules...
Generating ALTQ queues
Loading filter rules
Setting up logging information
Setting up Ethernet filter rules...
Setting up SCRUB information
Processing down interface states
Running plugins
Done

stephenw10

Hmm, is there any sort of pattern to when it happens? When it's passing most traffic perhaps?

Is there anything else logged at the time?

a.dresner

@stephenw10 I have 3 locations. 3 6100, 2 of them are nearly identical configuration, most of the same components on the LAN. The 6100 that is throwing off these errors was replaced due to hardware at one time and so the config was restored. It's also the least configured of the 3 in terms of rules. I really wish I could give you more details but that location is pretty quiet..

a.dresner

@stephenw10 I forgot to mention that I have Tac Pro on this device, I plan to open a ticket

stephenw10

Yes, open a ticket if you haven't already. Link to this thread so TAC have the details here.

stephenw10

Just to be clear when this happens it just logs that and continues? It doesn't require manual intervention?

a.dresner

@stephenw10 It's crashed and I had to hire someone to go onsite and manually power cycle it

stephenw10

I assume not every time that error is shown though?

a.dresner

@stephenw10 No, just 2x

stephenw10

Hmm, OK. 2x too many!

Do you know if it remains responsive at the console when that happens?

a.dresner

@stephenw10 I wish I could say, but its a remote location and has only acted this way when I'm not on site... last time was 24 hours after I left...frustrating

stephenw10

Are you able to upload a status file to us to review?

a.dresner

@stephenw10 of course, pls tell me what to do =)

stephenw10

Great, you can pull the status_output file from the GUI. See:
https://docs.netgate.com/pfsense/en/latest/recipes/diagnostic-data.html#view-and-download-diagnostic-data-in-the-gui

Then upload it here:
https://nc.netgate.com/nextcloud/s/YfciQktBin7fLEM

a.dresner

@stephenw10 All done sir

stephenw10

Great I see that. Checking....