Diagóstico de falha no Kernel no pfsense 2.2.2



  • Prezados amigos e colegas do grupo, Bom dia!

    Meu Firewall pfsense apresenta um comportamento estranho com travamentos súbitos após algumas semanas de pleno funcionamento. O hardware falha por completo (trava literalmente) sendo necessário um boot para normalização.

    Eu já pensei em diversas possibilidades e em nenhuma delas consegui êxito :(

    • Alteração da QTD de MBUF (Antes estava muito alta)

    • Separar Firewall e Proxy em Máquinas diferentes ;

    • Configurar melhor as opções de Logs de sistema (Não consigo ver o momento da falha)

    PS.: Após o boot notei que o squid tava consumindo quase toda CPU (80%) fiz a limpeza de cache "clear cache in disk" e normalizou.

    Segue o LOG momentos antes e após travamentos.

    Nov 18 06:09:47	kernel: TSC: P-state invariant, performance statistics
    Nov 18 06:09:47	kernel: AMD Features2=0x1 <lahf>Nov 18 06:09:47	kernel: AMD Features=0x20100800 <syscall,nx,lm>Nov 18 06:09:47	kernel: Features2=0x40e31d <sse3,dtes64,mon,ds_cpl,tm2,ssse3,cx16,xtpr,pdcm,movbe>Nov 18 06:09:47	kernel: Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Nov 18 06:09:47	kernel: Origin = "GenuineIntel" Id = 0x106ca Family = 0x6 Model = 0x1c Stepping = 10
    Nov 18 06:09:47	kernel: CPU: Intel(R) Atom(TM) CPU D525 @ 1.80GHz (1800.04-MHz K8-class CPU)
    Nov 18 06:09:47	kernel: FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
    Nov 18 06:09:47	kernel: root@pfs22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10 amd64
    Nov 18 06:09:47	kernel: FreeBSD 10.1-RELEASE-p9 #0 57b23e7(releng/10.1)-dirty: Mon Apr 13 20:30:25 CDT 2015
    Nov 18 06:09:47	kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
    Nov 18 06:09:47	kernel: The Regents of the University of California. All rights reserved.
    Nov 18 06:09:47	kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    Nov 18 06:09:47	kernel: Copyright (c) 1992-2014 The FreeBSD Project.
    Nov 18 06:09:47	syslogd: kernel boot file is /boot/kernel/kernel
    Nov 17 17:04:56	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:04:55	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:04:54	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:02:53	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:02:53	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:02:53	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:02:23	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:02:23	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:02:23	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:01:52	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:01:52	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:01:52	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:01:23	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:01:22	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:01:22	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:00:52	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:00:52	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:00:52	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:00:34	lighttpd[96835]: (request.c.1125) POST-request, but content-length missing -> 411
    Nov 17 17:00:23	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:00:22	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:00:22	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 17:00:03	lighttpd[96835]: (request.c.1125) POST-request, but content-length missing -> 411
    Nov 17 16:59:53	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 16:59:52	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 16:59:52	lighttpd[96835]: (request.c.1113) GET/HEAD with content-length -> 400
    Nov 17 16:59:33	lighttpd[96835]: (request.c.1125) POST-request, but content-length missing -> 411</fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe></sse3,dtes64,mon,ds_cpl,tm2,ssse3,cx16,xtpr,pdcm,movbe></syscall,nx,lm></lahf>
    


  • Esta na hora de atualizar isso.



  • Bom dia Tomas,

    Eu já estou planejando essa atualização porém antes, preciso ver se não haverá problemas com as pontas remotas já que tenho VPN S2S!


Log in to reply