2.4.5.a.20200110.1421 and earlier: High CPU usage from pfctl

jimp

@psylenced said in 2.4.5.a.20200110.1421 and earlier: High CPU usage from pfctl:

There are 4 more hidden bugs, so hopefully they're done soon!

3 of those are just administrivia things like updating the docs, release notes, and blog. Just one "bug" left and it should be solved just waiting for internal confirmation. Main thing we're waiting on now is internal testing of the release images.

JeGr

@jimp said in 2.4.5.a.20200110.1421 and earlier: High CPU usage from pfctl:

Main thing we're waiting on now is internal testing of the release images.

Any way we could help with testing an "RC" kinda version?

jimp

Not in this case since there aren't many changes and we were able to confirm the original issue and the fix internally. We're not going to have a long RC period and if testing goes well, it should be out next week sometime.

If it was going to be in RC for a while we might have made public snapshots but in this case a short cycle is warranted.

JeGr

Thought so but wanted to offer the help nonetheless :)

jimp

https://forum.netgate.com/topic/154337/pfsense-2-4-5-release-p1-now-available

mjh_ca

~~2.4.5-p1 did not fix the issue for me. Or it is a different issue with very similar symptoms?~~

Netgate C2758 hardware, HA configuration. LAGG to switches. Configuration has been rock solid for years and unchanged, since upgrading to 2.4.5 I have had issues with unexpected CARP failovers. Thought the L2 switches had gone bad so I replaced them with Cisco switches, no improvement.

Correction - the 2.4.5-p1 high CPU fix does fix my issue.

Somehow both units were incorrectly in "Persistent CARP Maintenance Mode" (likely that way before the upgrade). Taking them out of maintenance mode, and the upgrade to 2.4.5-p1 for high CPU fix, seems to have resolved my CARP state change issues. Thank you Netgate!

Cool_Corona

Disabling promiscious mode triggers the CARP failover since it talks to the NIC?

Can you adjust failover latency?

Krisbe

2.4.5-RELEASE-p1 solved this problem for me.
Thanks!

Gektor

Hyper-V 2 CPU cores with pfBlockerNG and Table Usage Count: 24691 is every 2 seconds unbound using 1CPU at 100%. When pfBlockerNG is disabled, all ok. With same lists on 2.4.4 there is no noticeable CPU usage at all. Problem still there. but not so critical as it was.
p.s.
And memory usage with pfBlockerNG is increased twice compare to 2.4.4.

daNutz

been running 2.4.5-RELEASE-p1 (amd64) since release and all ok however since a recent reboot i now have unbound causing 100%+ CPU spikes. This was present in 2.4.5-RELEASE (amd64) but not in 2.4.4-RELEASE-p3 (amd64)

daNutz

this causes DNS outages frequently for 10-15 seconds at a time.

daNutz

unbound-c

Krisbe

What do you see in the logs?
System logs, Resolver log ...

Cool_Corona

@Krisbe said in 2.4.5.a.20200110.1421 and earlier: High CPU usage from pfctl:

What do you see in the logs?
System logs, Resolver log ...

jimp

That has nothing to do with this thread. Start your own thread for that issue. Locking.