Firewall Crashes on Rule Updates



  • My brand-new SG-3100 is crashing whenever the Suricata or Snort rules updates. I managed to get some logs right as it was dying one time. Here is some kernel output (while the ET Rules file was being extracted):
    g_vfs_done():md0[WRITE(offset=171311104, length=131072)]error = 28
    Jul 20 08:28:30 kernel g_vfs_done():md0[WRITE(offset=5070848, length=8192)]error = 28
    Jul 20 08:28:30 kernel g_vfs_done():md0[WRITE(offset=211779584, length=32768)]error = 28
    Jul 20 08:28:08 kernel g_vfs_done():md0[WRITE(offset=171114496, length=131072)]error = 28
    Jul 20 08:28:08 kernel g_vfs_done():md0[WRITE(offset=170983424, length=131072)]error = 28
    Jul 20 08:28:08 kernel g_vfs_done():md0[WRITE(offset=170852352, length=131072)]error = 28
    Jul 20 08:28:08 kernel g_vfs_done():md0[WRITE(offset=170721280, length=131072)]error = 28
    Jul 20 08:28:08 kernel g_vfs_done():md0[WRITE(offset=170590208, length=131072)]error = 28
    Jul 20 08:28:08 kernel g_vfs_done():md0[WRITE(offset=170459136, length=131072)]error = 28
    Jul 20 08:28:08 kernel g_vfs_done():md0[WRITE(offset=170328064, length=131072)]error = 28
    Jul 20 08:28:08 kernel g_vfs_done():md0[WRITE(offset=170196992, length=131072)]error = 28

    Do I have bad hardware? Or is there something else I should be doing?



  • I googled that error and came across the following FreeBSD thread. It appears Error code 28 means out of space.

    http://freebsd.1045724.x6.nabble.com/g-vfs-write-error-28-bad-memory-td3769622.html

    #define ENOSPC 28 /* No space left on device */

    Did you fill up your storage device with other package installs?



  • My device says:
    memory usage 9% of 2028 MiB
    disk usage
    / 13% of 6.9 GiB - ufs
    /tmp 0% of 248MiB - ufs in RAM
    /var 14% of 248 MiB - ufs in RAM

    How can I be out of space?!?



  • Disabling /tmp and /var in RAM fixed it. Not sure exactly what is happening, but I still call this a bug in pfSense.... Rule updates should not lock-up the device.


  • Rebel Alliance Developer Netgate

    If you enabled /tmp and /var in RAM then you need to specify their size. If your rule updates ran the RAM disks out of space, you need to increase the size of those. They can't be sized dynamically, and there isn't a way for pfSense to know how much space you need there, so the burden is on the admin to set the proper sizes.