So many filterdns instances…
-
Should be better on the later snapshots.
Sorry for the noise. -
Seems a bit better so far, copied a binary off the builder to my box and it isn't constantly using that much cpu now, though it did still spike up and use 100% total for about 20-30 sec it did eventually slow down and fall off the first screen of top output.
-
Latest snap v1.2 seems better (no more out-of-swap issues) but is still exits and dumps core:
Jan 28 06:34:45 fw kernel: pid 18434 (filterdns), uid 0: exited on signal 11 (core dumped)
Jan 28 06:34:53 fw kernel: pid 26566 (filterdns), uid 0: exited on signal 11 (core dumped)
Jan 28 06:35:23 fw kernel: pid 21538 (filterdns), uid 0, was killed: out of swap space
Jan 28 08:25:37 fw kernel: pid 49708 (filterdns), uid 0: exited on signal 11 (core dumped)
Jan 28 08:25:50 fw kernel: pid 71990 (filterdns), uid 0: exited on signal 11 (core dumped)
Jan 28 08:25:52 fw kernel: pid 81465 (filterdns), uid 0: exited on signal 11 (core dumped)
Jan 28 18:26:29 fw kernel: pid 10297 (filterdns), uid 0: exited on signal 11 (core dumped) <– updated to latest snapMD5 (/usr/local/sbin/filterdns) = aea0850239de6ab9817f9330f1807cec
SHA256 (/usr/local/sbin/filterdns) = f2c43ff8e8d6f21047c351e071a203df48bc2899ca7f1564a9cd1998e690081dOn my system there is currently only one filterdns process, whereas there should be a second one handling ipsec hostname(s) – at least that was the case until ~2 months ago.
Edit: There are only two filterdns-related files on my system:
/var/etc/filterdns.conf
pf www.google.com www_google_com
pf www.paypal.com www_paypal_comand
/var/etc/ipsec/filterdns-ipsec.hosts
cmd vpn.example.com '/usr/local/sbin/pfSctl -c "service reload ipsecdns"'
(whereas vpn.example.com is the name used in P1 remote gw)Finally /var/run/filterdns-ipsec.pid shows 10297 and timestamp 18:26 which is the process that had crashed earlier (see syslog extract copied above)
-
Found the issue the ipsec instance is crashing for you.
Should be fixed on next coming snapshot. -
I'm afraid that even the latest snap is still crashing on my system, same symptoms as in my last post.
-
Some more protections put on the next snapshots.
Though it runs happily here. -
Sorry latest snap filterdns v1.2 still bombs out on my VM:
MD5 (/usr/local/sbin/filterdns) = feb00f677248ba323cfdf6398660653a
syslog:
Jan 29 23:56:14 fw kernel: pid 48762 (filterdns), uid 0: exited on signal 11 (core dumped)
Jan 29 23:56:30 fw kernel: pid 80109 (filterdns), uid 0: exited on signal 11 (core dumped)ls -lR /var | fgrep filterdns:
-rw-r–r-- 1 root wheel 66 Jan 29 23:56 filterdns.conf
-rw-r--r-- 1 root wheel 75 Jan 29 23:56 filterdns-ipsec.hosts
-rw-r--r-- 1 root wheel 6 Jan 29 23:56 filterdns-ipsec.pid
-rw-r--r-- 1 root wheel 6 Jan 29 22:24 filterdns.pid <–-- strange time-stampps:
22425 ?? Is 0:00.03 /usr/local/sbin/filterdns -p /var/run/filterdns.pid -filterdns.pid:
22425filterdns-ipsec.pid:
80109But if filterdns works fine for everyone else, maybe I should re-install my pfsense from scratch, or I can send you my /filterdns.core file (3.4MB) …
-
Probably that's teh best choice i guess!
-
For the record, my filterdns is working OK on 3 systems running 2.1-BETA1 (i386) built on Tue Jan 29 16:42:56 EST 2013
My 11-entry table now has 12 entries, I guess one of the names in the list has changed its IP address, and the old value is also left in the table.
I only have the 1 ordinary filterdns for pf. -
I only have the 1 ordinary filterdns for pf.
Phil: Well, that might be difference, since in my test-VM I (should) have 2 filterdns processes (one for pf-fw-aliases and another for ipsec). The "ordinary" filterdns seems to work for me too, it's the ipsec-related one that bombs out …
Ermal: I don't see what good a full re-install from sceatch will do (I guess in IT it's standard procedure LOL), but I'll try it anyway.
Update: I'm happy to report that I just upgraded the existing VM to the very latest snap (from 29-Jan to 30-Jan-2013 04:20:11 EST) and filterdns now seems to work correctly for ipsec too! Only odd thing I've noticed is that the /var/run/filterdns*.pid files seem to have old time-stamps.
