Traffic not going to Limiters after 2.4.4
-
Shame 2.4.4 was called a RELEASE... lot of troubles after upgrading. First, all my limiter queues disappeared. Tried creating them again but was not working. Had to manually edit XML file, erase all about Limiters, and start from zero.
Now, with all Limiters and it's queues created, redirected traffic back to In/Out pipes (yes, had to edit my Rules again since 2.4.4 upgrade fucked them all!!), but dynamic queues are empty!. They show NO traffic:
Limiters: 00001: 9.500 Mbit/s 0 ms burst 0 q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail sched 65537 type FIFO flags 0x0 0 buckets 0 active 00002: 950.000 Kbit/s 0 ms burst 0 q131074 50 sl. 0 flows (1 buckets) sched 65538 weight 0 lmax 0 pri 0 droptail sched 65538 type FIFO flags 0x0 0 buckets 0 active Queues: q00001 50 sl. 0 flows (256 buckets) sched 1 weight 20 lmax 0 pri 0 droptail mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000 q00002 50 sl. 0 flows (256 buckets) sched 1 weight 1 lmax 0 pri 0 droptail mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000 q00003 50 sl. 0 flows (256 buckets) sched 2 weight 20 lmax 0 pri 0 droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 q00004 50 sl. 0 flows (256 buckets) sched 2 weight 1 lmax 0 pri 0 droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000
Limiters are configured according to https://www.netgate.com/docs/pfsense/book/trafficshaper/limiters.html
This is my Pipe config:
And this is the child pipe (dynamic queue) config. As u can see, mask is applied correctly:
This is traffic assignment into the outbound LAN rule:
But what it's worst..... IT WAS WORKING PERFECTLY ON 2.4.3_1!!!. So why now it's bugged??
-
I have the same issues with limiters when a child limiter is created. Limiters only work when there are no sub-categories. Looks like a bug to me.
-
Glad I wasn't the only one having this issue. all my child queues for my traffic limiters vanished. Creating a queue does not do anything. At this stage I'm going to just install a fresh VM and then restore my config to see if that works. It also seems that this update actually forced all Firewall rules for In/Out pipes to be none (even for those who didn't have child queues).
-
So, should we file a bug report?. This issue is quite critical
-
There is already a report here: https://redmine.pfsense.org/issues/8956
-
Seems nobody caring about this bug, and is quite critical. Traffic shaping section is one of the most important, and the main reason for many people to use pfSense.
So, only 4 guys affected by this?. Is there any way to BUMP the pfsense reported bug?.
-
It already has a target of 2.4.4-p1, there is no need to "bump" it or draw more attention to it. We're all busy here and it hasn't made it to the top of anyone's todo list yet.
-
Hi jimp, sorry for disturbing.
Reading in detail bug #8956 I can see it's a different situation. In that case, report it's about not being able to create queues under each limiter. Workaround for that is manually deleting all Limiters into XML file and starting from scratch.I filled in a new bug https://redmine.pfsense.org/issues/8973 because in this case, queues are properly created, they are shown into GUI and also doble checked with ipfw pipe show command, and queues are there.
-
+1 for a quick fix. This issue is ways too critical to wait weeks for a -p1 release in my opinion!
There's a presentation video on limiters from August 2018 for the upcoming 2.4.4 release - I can't understand that a presentation was taken although that seems to be fully untested.
As much as I love pfSense and appreciate the work Netgate puts in, but I really wonder how such a bug can make it into a release version ...
-
@vesikk said in Traffic not going to Limiters after 2.4.4:
At this stage I'm going to just install a fresh VM and then restore my config to see if that works.
So for those wondering I did install a fresh pfSense VM and I tested the limiters before restoring my backup config. Limiters and child queues were working perfectly but as soon as I restored my backup I could not create any queues for limiters. At the moment it's not an issue for me and I'm happy to wait for the patch release.
-
@vpreatoni said in Traffic not going to Limiters after 2.4.4:
Hi jimp, sorry for disturbing.
Reading in detail bug #8956 I can see it's a different situation. In that case, report it's about not being able to create queues under each limiter. Workaround for that is manually deleting all Limiters into XML file and starting from scratch.I filled in a new bug https://redmine.pfsense.org/issues/8973 because in this case, queues are properly created, they are shown into GUI and also doble checked with ipfw pipe show command, and queues are there.
Could you check if this is just a GUI issue that the traffic is not shown (but the limiters itself are working), or aren't they working at all?
I'd delete my shaper config via XML file as well and redo them it that would solve it, but as far as I understand your post this will still not help me even when I'm able to create them in the GUI.
-
@jacotec said in Traffic not going to Limiters after 2.4.4:
+1 for a quick fix. This issue is ways too critical to wait weeks for a -p1 release in my opinion!
There's a presentation video on limiters from August 2018 for the upcoming 2.4.4 release - I can't understand that a presentation was taken although that seems to be fully untested.
As much as I love pfSense and appreciate the work Netgate puts in, but I really wonder how such a bug can make it into a release version ...
Because maybe it isn't quite that clear and it doesn't affect everyone?
There are a large number of users with limiters on 2.4.4 working just fine, with traffic using the limiters as expected. You need only peek at the FQ_CODEL thread for evidence.
-
If someone has a limiter problem where the queues DO NOT show up, including if you re-created them, I'd like to see the contents of the limiters from
config.xml
from before the upgrade as well as after. The section I'm looking for is the<dnshaper> ... </dnshaper>
section. There should not be anything too private in there, with a possible exception of a masked subnet if you used that.I'd also like to see the contents of
/tmp/rules.limiter
,ipfw pipe show
, andipfw queue show
.And as always, make sure you reset states between any limiter config change or test.
-
@jacotec It's not a GUI issue (in my case), check my first post, there is the output of ipfw pipe show and ipfw queue show. Pipes and subqueues are created properly.
-
@jimp Please find the requested info here: https://jaycloud.de/f/4a4b8a11ff4a49cfb179/
There seems to be no command "ipfw limiter show":
ipfw: bad command `limiter'
Let me know if you need any more information
-
That should have been
ipfw queue show
, sorry. I edited the message. -
@jimp OK, that one is empty. I've updated my document above.
-
You have queues defined but they are not loaded. Do your firewall rules have the queue selected or the base limiter itself?
Also the "after" settings look like they were changed after the upgrade. Was that what you have right now after attempting to make changes, or from immediately after the upgrade?
-
@jimp The base limiters have been there after the update, the child queues have been completely gone. My floating rules in the firewall are still there, but they were using the child queues before the update - after the update the child queue assignment in all floating rules were gone, just showing "none". So pfSense has deleted the configured pipes at this point after the update.
My child queues are not available anymore as the selection for the In/Out pipe of the rules, I see only the base limiters there.
I've changed the base queues to "FQCodel" later after the update, right ... hoping that I can see / recreate my children after changing the settings. Which did not happen. But the childs vanished before, right after the update and still with the old settings.
Do you think it would make sense to delete the dnshaper section from the XML, reboot and recreate the limiters and children in the GUI to see if they would work then?
-
@jimp
So, I've deleted all my limiters and deassigned the queues from the firewall rules.
I then was able to reconfigure all limiters and queues from scratch, and the child queues are now showing up and I can reassign them to the firewall rules.Did a "reset states", did a reboot - but traffic is not going to the queues.
On the console I see periodically errors:
config_aqm Unable to configure flowset, flowset busy
I've then changed all limiters / queues back to "TailDrop" / "FIFO", Reset states ... I don't see the error messages above, but still all limiters and queues are showing "0 flows" in the limiter info. :-(
Any ideas?