Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Zombie processes after adding VLAN.

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nathan.vorhees
      last edited by

      I recently added a VLAN to handle our public Wireless network. After adding the VLAN, adding the outbound NAT rule, and setting up DHCP on the vlaned interface CPU utilization soared to 100% i SSHd into the box and saw that all the CPU is taken up by a handful of zombie processes and the Syslog process.

      
      USER     PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
      root   36583 85.7  0.4  1440  1032  ??  Rs   Tue09AM 3588:45.05 /usr/sbin/syslogd -ss -f /var/etc/syslog.conf
      root   19455 56.9  0.0     0     0  ??  ZN   10:43AM   0:01.30 <defunct>root   29377 42.0  0.0     0     0  ??  ZN   11:09AM   0:01.02 <defunct>root   91036 28.0  0.0     0     0  ??  ZN    4:27AM   0:00.54 <defunct>root   31321 23.0  0.0     0     0  ??  ZN   11:15AM   0:00.88 <defunct>root   31576 12.4  8.4 23852 21140  ??  DN   11:17AM   0:00.87 /usr/local/bin/php /etc/rc.filter_configure_sync
      root   69561  3.4  7.1 19292 17872  ??  S    10:22PM   0:14.23 /usr/local/bin/php</defunct></defunct></defunct></defunct> 
      

      Everything else is working fine except for the new VLAN which is really unresponsive, sometimes DHCP will bless me with an IP and sometimes i can even NAT out to the internet. most of the time i get nothing.

      Is it safe to kill the zombie processes, anyway to see why syslog is taking up all my CPU? All the logs aren't showing more traffic than normal.

      I really want to avoid a reboot.

      1 Reply Last reply Reply Quote 0
      • N
        nathan.vorhees
        last edited by

        looks like the zombies were all from bandwidthd, uninstalled and they all went away. looks like syslog is my problem now, and in particular the IPSEC log is really getting hammered.

        
        Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9c%em0[500] used as isakmp port (fd=21)
        Nov 4 14:02:54 	racoon: [Self]: INFO: 66.193.100.234[500] used as isakmp port (fd=20)
        Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9d%em1[500] used as isakmp port (fd=19)
        Nov 4 14:02:54 	racoon: INFO: fe80::203:47ff:fe40:2bb1%fxp0[500] used as isakmp port (fd=18)
        Nov 4 14:02:54 	racoon: [Self]: INFO: 192.168.1.1[500] used as isakmp port (fd=17)
        Nov 4 14:02:54 	racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=16)
        Nov 4 14:02:54 	racoon: INFO: ::1[500] used as isakmp port (fd=15)
        Nov 4 14:02:54 	racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=14)
        Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9c%vlan0[500] used as isakmp port (fd=13)
        Nov 4 14:02:54 	racoon: [Self]: INFO: 10.10.0.1[500] used as isakmp port (fd=12)
        Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9c%em0[500] used as isakmp port (fd=21)
        Nov 4 14:02:54 	racoon: [Self]: INFO: 66.193.100.234[500] used as isakmp port (fd=20)
        Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9d%em1[500] used as isakmp port (fd=19)
        Nov 4 14:02:54 	racoon: INFO: fe80::203:47ff:fe40:2bb1%fxp0[500] used as isakmp port (fd=18)
        Nov 4 14:02:54 	racoon: [Self]: INFO: 192.168.1.1[500] used as isakmp port (fd=17)
        Nov 4 14:02:54 	racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=16)
        Nov 4 14:02:54 	racoon: INFO: ::1[500] used as isakmp port (fd=15)
        Nov 4 14:02:54 	racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=14)
        Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9c%vlan0[500] used as isakmp port (fd=13)
        Nov 4 14:02:54 	racoon: [Self]: INFO: 10.10.0.1[500] used as isakmp port (fd=12)
        Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9c%em0[500] used as isakmp port (fd=21)
        Nov 4 14:02:54 	racoon: [Self]: INFO: 66.193.100.234[500] used as isakmp port (fd=20)
        Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9d%em1[500] used as isakmp port (fd=19)
        Nov 4 14:02:54 	racoon: INFO: fe80::203:47ff:fe40:2bb1%fxp0[500] used as isakmp port (fd=18)
        
        

        Do i need to force racoon to only use one interface? kind of at a loss now.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.