please help



  • Crash report begins. Anonymous machine information:

    amd64
    11.2-RELEASE-p10
    FreeBSD 11.2-RELEASE-p10 #9 4a2bfdce133(RELENG_2_4_4): Wed May 15 18:54:42 EDT 2019 root@buildbot1-nyi.netgate.com:/build/ce-crossbuild-244/obj/amd64/ZfGpH5cd/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense

    Crash report details:

    PHP Errors:
    [06-Jan-2020 13:37:47 Africa/Cairo] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 268435464 bytes) in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 3367

    No FreeBSD crash data found.





  • @mohamed8080 Try setting
    System\Advanced\Firewall & NAT\Firewall Maximum Table Entries
    to at least 2000000 or higher.


  • Moderator

    @mohamed8080

    I assume you are using pfBlockerNG-devel? Do you have a lot of DHCP leases being used?

    Run this command and post the output pls:

    wc -l /var/dhcpd/var/db/dhcpd.leases
    


  • This post is deleted!


  • @mohamed8080 another error line 3363 anyway thanks for your help



  • @provels i try on this setting and same of error
    CPU Type Intel(R) Xeon(R) CPU E5-1603 0 @ 2.80GHz
    4 CPUs: 1 package(s) x 4 core(s)
    AES-NI CPU Crypto: Yes (inactive)

    State table size
    0% (2173/1624000) Show states
    MBUF Usage
    0% (3296/1000000)
    Temperature
    27.0°C
    Load average
    0.72, 0.66, 0.68
    CPU usage
    26%
    Memory usage
    24% of 16249 MiB
    SWAP usage
    0% of 4096 MiB
    Disk usage:
    /
    8% of 111GiB - ufs
    /var/run
    4% of 3.4MiB - ufs in RAM



  • Is this :

    @mohamed8080 said in please help:

    Line 1 appears to have generated an error, and has been highlighted. The full response is below.
    Note that the line number in the full PHP response will be 6 lines too large. Nested code and eval() errors may incorrectly point to "line 1".

    what is returned from this

    wc -l /var/dhcpd/var/db/dhcpd.leases
    

    ?



  • @mohamed8080 4722819 /var/dhcpd/var/db/dhcpd.leases



  • @mohamed8080 said in please help:

    @mohamed8080 4722819 /var/dhcpd/var/db/dhcpd.leases

    A lease file that huge, that definitely a problem.
    4722819 lines, or give or take 20 chars a line, that's 90 MBytes, probably more.

    How many devices are connected to your pfSense ? Thousands ?? Tens of thousands ?

    Shut down your system properly, reboot, go to single user mode using the console access, and run several "fsck" (see pfSense manual how to do). This will check and clean/ repair the file system if needed.



  • @Gertjan Seventy users



  • Ok, that 's a very reasonable number. I have the same number of users.

    But : look at my /var/dhcpd/var/db/dhcpd.leases file :

    [2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/var/dhcpd/var/db: ls -al dhcpd.leases
    -rw-r--r--  1 dhcpd  _dhcp  73805 Jan  8 10:57 dhcpd.leases
    

    = 74 KBytes.

    As the first several lines of this file tells you (it's a readable ASCI file) generated and maintained by the dhcp daemon.

    Check also this file :

    [2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/var/dhcpd/etc: ls -al dhcpd.conf
    -rw-r--r--  1 dhcpd  _dhcp  5520 Jan  7 10:55 dhcpd.conf
    

    It's the dhcp server (daemon) config file.
    It should have a coupe of hundred lines, size several KBytes (mine is 5KB, 200 lines).

    Check also your DHCP log (in the GUI).
    Is your server handing out a huge number of leases ? What frequency ?



  • @Gertjan

    My network
    Domain controller at windows server 2016
    services run on it (dhcp-dns)
    making forward to dns from windows server to pfsense

    pfsense Services is
    c-icap ICAP Inteface for Squid and ClamAV integration
    clamd ClamAV Antivirus
    dpinger Gateway Monitoring Daemon
    lightsquid_web Lightsquid Web Server
    ntopng ntopng Network Traffic Monitor
    ntpd NTP clock sync
    pfb_dnsbl pfBlockerNG DNSBL service
    pfb_filter pfBlockerNG firewall filter service
    snort Snort IDS/IPS Daemon
    squid Squid Proxy Server Service
    squidGuard Proxy server filter Service
    syslogd System Logger Daemon
    unbound DNS Resolver



  • @BBcan177 4722819 /var/dhcpd/var/db/dhcpd.leases



  • @mohamed8080 said in please help:

    My network
    Domain controller at windows server 2016
    services run on it (dhcp-dns)
    making forward to dns from windows server to pfsense

    DHCP is served by pfSense or the domain controller ?

    @mohamed8080 said in please help:

    @BBcan177 4722819 /var/dhcpd/var/db/dhcpd.leases

    @BBcan177 will say :
    Yes, pfBlocker-ng will read in, and parse the current active DHCP lease file.
    That file with that size will 'explode' any system - not only yours.
    This file can't be that big. For short : it's not a "pfBlocker-ng", the problems is something else.

    Let's try to understand why this file "/var/dhcpd/var/db/dhcpd.leases" is that big.

    Did you ran your "fsck" checks ?



  • @Gertjan said in please help:

    fsck

    DHCP is served by Domain Controller (windows server 2016) .

    i was try that command touch /root/force_fsck on GUI and reboot pfSense

    first error view like http page and The second error on Crash Reporter

    Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 134217736 bytes) in /usr/local/www/status_dhcp_leases.php on line 59 PHP ERROR: Type: 1, File: /usr/local/www/status_dhcp_leases.php, Line: 59, Message: Allowed memory size of 536870912 bytes exhausted (tried to allocate 134217736 bytes)

    and

    PHP Errors:
    [09-Jan-2020 10:06:24 Africa/Cairo] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 134217736 bytes) in /usr/local/www/status_dhcp_leases.php on line 59
    [09-Jan-2020 10:18:53 Africa/Cairo] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 268435464 bytes) in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 3367

    how can allow memory size to PHP i have 16GB of ram and SSD HDD in pfSense

    sorry for bazaring you and thanks for support



  • This error :
    @mohamed8080 said in please help:

    [09-Jan-2020 10:06:24 Africa/Cairo] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 134217736 bytes) in /usr/local/www/status_dhcp_leases.php on line 59

    show clearly that not only pfblockerng has severe difficulties reading the lease file, but also others, like the DHCP status page from pfSense itself.

    This file shouldn't even exists, because, if pfSense isn't even serving leases - some other device (your DC does that).

    Goto console mode (not the GUI Diagnostics > Command Prompt) and move this file out of the way :

    mv /var/dhcpd/var/db/dhcpd.leases /var/dhcpd/var/db/dhcpd.leases.backup
    touch /var/dhcpd/var/db/dhcpd.leases
    

  • LAYER 8 Moderator

    normally /var/dhcpd/var/db/dhcpd.leases is simple ASCII textfile so you should be able to read it on the shell/via SSH with a simple

    less /var/dhcpd/var/db/dhcpd.leases
    

    Have a look at it and check if it makes sense. If you haven't pfSense configured as your DHCP server on any network segment/VLAN then that file shouldn't be even a few kB big.



  • @JeGr said in please help:

    Have a look at it and check if it makes sense.

    Was asking that already several posts above.
    Nothing came back ....

    I guess he saw the ....

    # The format of this file is documented in the dhcpd.leases(5) manual page.
    # This lease file was written by isc-dhcp-4.3.6-P1
    
    # authoring-byte-order entry is generated, DO NOT DELETE
    authoring-byte-order little-endian;
    
    lease 192.168.2.6 {
      starts 1 2019/12/02 03:50:37;
      ends 1 2019/12/02 09:50:37;
      tstp 1 2019/12/02 09:50:37;
      cltt 1 2019/12/02 03:50:37;
      binding state free;
      hardware ethernet 00:16:7f:25:43:d4;
      uid "\001\000\026\177%C\324";
      set vendor-class-identifier = "android-dhcp-7.1.2";
    }
    ....
    ....
    

    and thought that was normal. Which is the case.

    The fact that he shut down the pfSense DHCP server because he was using another one explains why the file isn't 'maintained' any more - the dhcp daemon isn't running any more (this is to be confirmed) : the file stays in place.
    Why the file became this big, under what circumstances, and when, puzzles me.

    Like he had running the DHCP server on pfSense and his AD at the same comment ?
    Did he use pfBlocker for a long time ?
    What is the end of the /var/dhcpd/var/db/dhcpd.leases file ? It's only the DHCP daemon that's maintaining this file - leases are dumped to it.



  • @Gertjan said in please help:

    touch /var/dhcpd/var/db/dhcpd.leases

    thanks the problem is ended with your advice 👏 👏



  • Good !

    So it was a matter of emptying this huge file , which has no meaning because the local DHCP server wasn't running anyway.

    Still, I still don't get why this file became this big. I guess we will never know.
    Keep an eye on it, though - it should stay at a zero byte file if local pfSense DHCP isn't used. If you decide to use local DHCP, it could become several KB, that's ok.



  • @Gertjan i will keep watching
    thanks again


Log in to reply