patch to speed up the dashboard (tested on 2.7.2 only)
-
Hi, I've noticed that pfSense 2.7.2 dashboard is extremely slow on my PC Engines APU. It takes over 6 seconds, also some widgets (particularly the firewall logs) are taking several seconds. I've never looked into the pfSense code before, but I've noticed extensive use of external commands launched with exec(), mwexec(), shell_exec() or simply backticks. Many commands are piped with other commands (e.g., grep or awk), and these command chains are repeated countless times for each dashboard or widget load. I've therefore made and released some simple patches addressing the slowest functions, reviewing the code using design patterns (e.g., singletons). I've gain from 6 seconds to about 1 second for the dashboard. And for the firewall logs widget from 3 seconds to less than 500ms. I think it can be further improved, and I'm wondering why in pfSense are still run external commands instead of using the dedicated PHP extension (php-pfSense-module). I'm also wondering why this extension seems to be unfinished; in my opinion, it could be further improved (e.g., missing interface media detection, the entire Wi-Fi and bridge part, and a function to get pfSense rules)...
https://github.com/wildstray/pfSense-speedup
I'm releasing these patches "as is" and I take no responsibility!
Any suggestions are welcome! By the way, I'd like to know if these patches also apply to 2.8.x. I haven't upgraded yet because I've read about issues with the serial console, so I preferred to stick with 2.7.2 on hardware that has only a serial console.
-
@wildstray To link them, there have been a couple recent threads that may be of interest:
https://forum.netgate.com/topic/200216/webgui-performance-related-to-password-hash-strength-improved-webgui-speed-by-lowering-hash.-why
...which led to:
https://forum.netgate.com/topic/200280/dashboard-performance-related-to-the-number-of-widgets/The former fix is in 26.03 already and per the Redmine is scheduled for 2.9.
https://docs.netgate.com/pfsense/en/latest/releases/26-03.html#web-interfaceBut the more the merrier!
-
Thanks for this.
@wildstray said in patch to speed up the dashboard (tested on 2.7.2 only):
Hi, I've noticed that pfSense 2.7.2 dashboard is extremely slow on my PC Engines APU. It takes over 6 seconds, also some widgets (particularly the firewall logs) are taking several seconds. I've never looked into the pfSense code before, but I've noticed extensive use of external commands launched with exec(), mwexec(), shell_exec() or simply backticks. Many commands are piped with other commands (e.g., grep or awk), and these command chains are repeated countless times for each dashboard or widget load. I've therefore made and released some simple patches addressing the slowest functions, reviewing the code using design patterns (e.g., singletons). I've gain from 6 seconds to about 1 second for the dashboard. And for the firewall logs widget from 3 seconds to less than 500ms. I think it can be further improved, and I'm wondering why in pfSense are still run external commands instead of using the dedicated PHP extension (php-pfSense-module). I'm also wondering why this extension seems to be unfinished; in my opinion, it could be further improved (e.g., missing interface media detection, the entire Wi-Fi and bridge part, and a function to get pfSense rules)...
history. lots and lots of history.
execet al. is fine for an initial MVP, but it takes a different class of developer to convert these calls into systems-level (C) calls. It's something we are certainly doing for the next-gen product because you are corrrect, there is significant overhead in the fork/exec pattern.https://github.com/wildstray/pfSense-speedup
I'm releasing these patches "as is" and I take no responsibility!
Any suggestions are welcome! By the way, I'd like to know if these patches also apply to 2.8.x. I haven't upgraded yet because I've read about issues with the serial console, so I preferred to stick with 2.7.2 on hardware that has only a serial console.
Need help fast? https://www.netgate.com/support
-
@wildstray said in patch to speed up the dashboard (tested on 2.7.2 only):
I haven't upgraded yet because I've read about issues with the serial console,
On the APU1 one you need a loader line to set the uart type to isa. This: https://docs.netgate.com/pfsense/en/latest/troubleshooting/boot-issues.html#isa-serial-console-not-fully-functional
Other than that the serial console should work fine in 2.8.1. -
@cmcdonald yep, history not story
Netgate cannot find developers? I am... and I would be able to deal with C and syscalls but... I'm already employed (and it would be complicated to hire me abroad) and I have little free time, this would be a full time job for a pair of years (for a total and serious refactoring with syscalls, MVC, APIs, etc.)
Anyway, I'm surprised that the community hasn't contributed so far with PR or so... -
@stephenw10 thank you very much! As soon as I have a little free time, I'll happy to upgrade, so I can try the patch on 2.8 too...
-
@wildstray said in patch to speed up the dashboard (tested on 2.7.2 only):
@cmcdonald ... this would be a full time job for a pair of years (for a total and serious refactoring with syscalls, MVC, APIs, etc.)
Anyway, I'm surprised that the community hasn't contributed so far with PR or so...That.
It is a lot of work.
Not really surprising considering it's much easier to develop against exec calls vs standing up a php development environment and build PHP extensions to do same. I have done a few PHP extensions and it isn't particularly ... fun. The documentation is mostly non-existent so you end up studying the in-tree extensions for "examples" and digging through git history for clues on how to do things. To be sure, PHP extension development has gotten better over the years, but the workflow still leaves much to be desired.
Most PHP developers aren't also versed in PHP internals.
For fun, I started a php-sysctl extension over the past few days that we can likely adopt. I'll probably get it up on PECL/PIE at some point.
Need help fast? https://www.netgate.com/support
-
@cmcdonald said in patch to speed up the dashboard (tested on 2.7.2 only):
I have done a few PHP extensions and it isn't particularly ... fun.
I'm with you.
-
@cmcdonald I thought the hard part were the FreeBSD syscalls... PHP extensions are well documented, obviously the dev environment has to be created under FreeBSD...
https://www.zend.com/resources/writing-php-extensions
Honestly, the worst part I see here is the time... it cannot be a voluntary activity but a paid job...
May I ask... no offence to any... isn't there an enterprise version and other licensed products of Netgate? Wouldn't this development be due in some way?
-
@wildstray said in patch to speed up the dashboard (tested on 2.7.2 only):
@cmcdonald I thought the hard part were the FreeBSD syscalls... PHP extensions are well documented, obviously the dev environment has to be created under FreeBSD...
https://www.zend.com/resources/writing-php-extensions
Honestly, the worst part I see here is the time... it cannot be a voluntary activity but a paid job...
May I ask... no offence to any... isn't there an enterprise version and other licensed products of Netgate? Wouldn't this development be due in some way?
The sysctl part is orders of magnitude easier. See: https://man.freebsd.org/cgi/man.cgi?sysctl(3)
PHP internals changes much faster than any documentation can keep up with. That Zend resource will get you started, but it's incomplete at this point.
-
@cmcdonald it would be useful also function like the pfctl_show_rules() of pfctl, to be used in find_rule_by_number()... and, obviously, adding the interface media on pfSense_get_ifaddrs() to made a decent review of get_interface_info()... Together with sysctl, it would be a great improvement!
-
It is a shame you on 2.7.2, considerable work was done on the widgets prior to 2.8.0 release, much of it performance related, some of it accuracy related.
I remember reading each redmine report for details, and I think at least some of your stuff is new, it would be great if you could do 2.8.x patches. If not I will see if I can make 2.8.1 versions, and if I succeed and you ok with it, will post them in this thread.
