CPU 100% with process "/usr/local/bin/aggregate -t -p 32 -m 32 -o 32"
-
Hello.
At one pfSense 2.3.2 amd64, there is a process "/usr/local/bin/aggregate -t -p 32 -m 32 -o 32" cause a 100% CPU consumer.
The output for "ps aux"
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 11 174.9 0.0 0 64 - RL 12:03PM 30:12.55 [idle] root 82608 99.0 0.2 12272 5272 - R 12:10PM 8:23.33 /usr/local/bin/aggregate -t -p 32 -m 32 -o 32 root 9377 7.0 1.2 268344 32896 - S 12:19PM 0:00.82 php-fpm: pool nginx (php-fpm) root 40277 1.0 0.1 17000 2384 v0- SN 12:04PM 0:03.89 /bin/sh /var/db/rrd/updaterrd.sh root 0 0.0 0.0 0 176 - DLs 12:03PM 0:08.39 [kernel] root 1 0.0 0.0 9136 816 - ILs 12:03PM 0:00.30 /sbin/init -- root 2 0.0 0.0 0 16 - DL 12:03PM 0:00.00 [crypto] root 3 0.0 0.0 0 16 - DL 12:03PM 0:00.00 [crypto returns] root 4 0.0 0.0 0 32 - DL 12:03PM 0:02.48 [cam] root 5 0.0 0.0 0 16 - DL 12:03PM 0:00.00 [mpt_recovery0] root 6 0.0 0.0 0 16 - DL 12:03PM 0:03.05 [pf purge] root 7 0.0 0.0 0 16 - DL 12:03PM 0:00.00 [sctp_iterator] root 8 0.0 0.0 0 32 - DL 12:03PM 0:01.85 [pagedaemon] root 9 0.0 0.0 0 16 - DL 12:03PM 0:00.00 [vmdaemon] root 10 0.0 0.0 0 16 - DL 12:03PM 0:00.00 [audit] root 12 0.0 0.0 0 320 - WL 12:03PM 0:27.11 [intr] root 13 0.0 0.0 0 64 - DL 12:03PM 0:00.00 [ng_queue] root 14 0.0 0.0 0 48 - DL 12:03PM 0:00.50 [geom] root 15 0.0 0.0 0 16 - DL 12:03PM 0:00.98 [rand_harvestq] root 16 0.0 0.0 0 80 - DL 12:03PM 0:01.45 [usb] root 17 0.0 0.0 0 16 - DL 12:03PM 0:00.02 [idlepoll] root 18 0.0 0.0 0 16 - DL 12:03PM 0:00.00 [pagezero] root 19 0.0 0.0 0 32 - DL 12:03PM 0:00.84 [bufdaemon] root 20 0.0 0.0 0 16 - DL 12:03PM 0:00.04 [vnlru] root 21 0.0 0.0 0 16 - DL 12:03PM 0:01.53 [syncer] root 52 0.0 0.0 0 16 - DL 12:03PM 0:00.21 [md0] root 265 0.0 0.9 268344 25060 - Ss 12:03PM 0:04.27 php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm) root 304 0.0 0.1 18888 2424 - INs 12:03PM 0:00.13 /usr/local/sbin/check_reload_status root 306 0.0 0.1 18888 2280 - IN 12:03PM 0:00.01 check_reload_status: Monitoring daemon of check_reload_status root 319 0.0 0.2 13624 4828 - Ss 12:03PM 0:00.02 /sbin/devd -q root 6220 0.0 0.1 14564 2188 - Is 12:04PM 0:00.06 dhclient: em0 [priv] (dhclient) root 9227 0.0 0.2 59068 6476 - Is 12:04PM 0:00.06 /usr/sbin/sshd root 9263 0.0 0.1 14612 2100 - Is 12:04PM 0:00.06 /usr/local/sbin/sshlockout_pf 15 root 9704 0.0 0.3 63736 7304 - Ss 12:13PM 0:00.67 sshd: root@pts/0 (sshd) _dhcp 15076 0.0 0.1 14564 2324 - Is 12:04PM 0:00.02 dhclient: em0 (dhclient) root 17576 0.0 0.1 16676 2252 - Ss 12:04PM 0:00.60 /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid root 18350 0.0 0.1 18896 2396 - Is 12:04PM 0:00.06 /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile root 18755 0.0 0.1 12420 2136 - Is 12:04PM 0:00.13 /usr/local/sbin/dhcp6c -d -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp root 21169 0.0 0.1 17000 2516 - S 12:19PM 0:00.04 sh -c /usr/bin/top -aHS | /usr/bin/cut -c1-105 root 21277 0.0 0.0 3512 596 - R 12:19PM 0:00.06 /usr/bin/top -aHS root 21533 0.0 0.1 17000 2384 - SN 12:19PM 0:00.04 /bin/sh /var/db/rrd/updaterrd.sh root 21796 0.0 0.1 12272 1860 - S 12:19PM 0:00.07 /usr/bin/cut -c1-105 root 22143 0.0 0.1 17000 2252 - RNE 12:19PM 0:00.02 /bin/sh /var/db/rrd/updaterrd.sh root 22290 0.0 0.1 17000 2384 - RN 12:19PM 0:00.00 /bin/sh /var/db/rrd/updaterrd.sh root 22422 0.0 0.1 15012 2212 - Ss 12:04PM 0:05.17 /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 192.168.1.65 -p /var/run root 22862 0.0 0.1 15012 2216 - Ss 12:04PM 0:03.90 /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP6 -B fe80::250:56ff:fe3e:d18 root 26737 0.0 0.2 39136 6040 - Is 12:04PM 0:00.05 nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfi root 26743 0.0 0.3 39136 7268 - S 12:04PM 0:06.81 nginx: worker process (nginx) root 27127 0.0 0.3 39136 6832 - S 12:04PM 0:01.89 nginx: worker process (nginx) root 27613 0.0 0.1 16532 2212 - Ss 12:04PM 0:00.11 /usr/sbin/cron -s unbound 29083 0.0 2.4 125416 62768 - Is 12:04PM 0:11.38 /usr/local/sbin/unbound -c /var/unbound/unbound.conf root 29709 0.0 0.7 30140 17968 - Ss 12:04PM 0:02.75 /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid dhcpd 35018 0.0 0.5 24812 13124 - Ss 12:04PM 0:00.82 /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf root 51305 0.0 0.1 12268 1872 - Is 12:05PM 0:00.02 /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/pin root 51778 0.0 0.1 12268 1884 - I 12:05PM 0:00.01 minicron: helper /usr/local/bin/ping_hosts.sh (minicron) root 51873 0.0 0.1 12268 1872 - Is 12:05PM 0:00.04 /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/s root 52386 0.0 0.1 12268 1884 - I 12:05PM 0:00.02 minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts (m root 52521 0.0 0.1 12268 1872 - Is 12:05PM 0:00.03 /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/ root 53060 0.0 0.1 12268 1884 - I 12:05PM 0:00.03 minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_d root 59585 0.0 0.3 103460 8352 - S 12:05PM 0:05.09 /usr/local/bin/vmtoolsd -c /usr/local/share/vmware-tools/tools.conf -p root 59797 0.0 1.3 229352 33640 - S 12:05PM 0:03.93 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl root 61438 0.0 23.5 1053304 625624 - Ss 12:09PM 0:10.01 /usr/local/bin/snort -R 24285 -D -q --suppress-config-log -l /var/log/ root 62782 0.0 0.1 14612 2172 - Is 12:05PM 0:00.06 /usr/local/sbin/sshlockout_pf 15 root 70443 0.0 0.1 17000 2756 - I 12:10PM 0:00.15 /bin/sh /usr/local/pkg/pfblockerng/pfblockerng.sh _255_agg_rep_dup ope root 81915 0.0 0.1 17000 2756 - I 12:10PM 0:00.01 /bin/sh /usr/local/pkg/pfblockerng/pfblockerng.sh _255_agg_rep_dup ope root 82140 0.0 0.1 12272 1860 - I 12:10PM 0:00.05 cat /var/db/pfblockerng/deny/openbl_all.txt root 92476 0.0 0.1 14508 2308 - Ss 12:04PM 0:01.00 /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslo root 98342 0.0 0.2 36164 5556 - S 12:05PM 0:00.32 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf root 62678 0.0 0.1 43440 2664 v0 Is 12:05PM 0:00.11 login [pam] (login) root 62946 0.0 0.1 17000 2636 v0 I 12:05PM 0:00.07 -sh (sh) root 62973 0.0 0.1 17000 2524 v0 I+ 12:05PM 0:00.05 /bin/sh /etc/rc.initial root 11929 0.0 0.1 17000 2616 0 Is 12:13PM 0:00.08 -sh (sh) root 12907 0.0 0.1 17000 2528 0 I 12:13PM 0:00.07 /bin/sh /etc/rc.initial root 19466 0.0 0.1 17340 3640 0 S 12:14PM 0:00.23 /bin/tcsh root 21952 0.0 0.1 18676 2264 0 R+ 12:19PM 0:00.08 ps aux
The output for "top":
last pid: 67146; load averages: 2.10, 2.03, 1.75 up 0+00:22:50 12:28:14
46 processes: 3 running, 43 sleeping
CPU: 28.1% user, 0.0% nice, 12.5% system, 0.6% interrupt, 58.7% idle
Mem: 718M Active, 66M Inact, 285M Wired, 288K Cache, 164M Buf, 1468M Free
Swap: 8192M Total, 8192M FreePID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
82608 root 1 103 0 12272K 5800K CPU2 2 15:23 100.00% aggregate
53727 root 1 74 0 262M 33084K CPU1 1 0:01 5.96% php-fpm
61438 root 2 20 0 1029M 611M nanslp 0 0:21 0.00% snort
29083 unbound 4 20 0 122M 62768K kqread 1 0:11 0.00% unbound
26743 root 1 20 0 39136K 7276K kqread 1 0:09 0.00% nginx
59585 root 1 20 0 101M 8352K select 0 0:08 0.00% vmtoolsd
22422 root 5 20 0 15012K 2212K accept 1 0:07 0.00% dpinger
265 root 1 52 0 262M 25060K kqread 1 0:06 0.00% php-fpm
40277 root 1 52 20 17000K 2384K wait 0 0:06 0.00% sh
59797 root 1 20 0 224M 33640K nanslp 1 0:05 0.00% php
22862 root 5 20 0 15012K 2216K accept 0 0:05 0.00% dpinger
27127 root 1 20 0 39136K 6832K kqread 3 0:04 0.00% nginx
29709 root 1 20 0 30140K 17968K select 1 0:04 0.00% ntpd
92476 root 1 20 0 14508K 2308K select 3 0:02 0.00% syslogd
35018 dhcpd 1 20 0 24812K 13124K select 3 0:01 0.00% dhcpd
9704 root 1 20 0 63736K 7312K select 2 0:01 0.00% sshdIf i kill this process:
kill -9 82608
Everything seems fine, but waht is this process (/usr/local/bin/aggregate)?
Regards.
-
This is an option for pfBlockerNG. Don't enable this option if you have a slow box or very large lists. There is more description in the help text for that option. I am working on adding an alternative executable that is less intensive.
-
Ok.
Thanks for the answer.
Yes, I have a very large lists IPv4 in pfBlockerNG ( > 300.000 items ), I will see how to optimizer the lists.
Regards.
–-- add ---
Ok, if I uncheck:
"CIDR Aggregation - Optimise CIDRs (not recommended for slow systems with large lists) "
in menú Firewall > pfBlockerNG > pfBlockerNG , all is fine :)