PF was wedged/busy and has been reset



  • I'm using pfSense 2.1.4-RELEASE (amd64) + pfblocker + snort.

    I'm getting the message PF was wedged/busy and has been reset

    when using AirVPN from a Win7-64bit machine inside my LAN network (I'm using the official OpenVPN client v. 2.3.4-I001).

    pfSense stops working and displays that message in the notification area. I didn't setup no other rules beside those automatically created by pfblocker.

    If I look in Services –> Snort --> Blocked tab I can see that Snort isn't blocking anything so, at first glance, the problem seems not related here.

    my setup:
    pfSense firewall 2.1.4-RELEASE (amd64)
    motherboard: MSI C847MS-E33 Micro ATX (with Intel Celeron CPU 847 @ 1.10 GHz) ~ PSU: Corsair VS350 ~ RAM: Kingston KVR1333D3E9S 4096 MB 240-pin DIMM DDR3 SDRAM 1.5 volt ~ Hard Disk: Western Digital WD10JFCX Red.



  • The only other forum post I could find related to this error was to do with bad rules.  Do you happen to have anything like [ There were error(s) loading the rules: - The line in question reads…[/b] in your logs?



  • Yes, there was that message, but I can't remember the exact content. The strange thing is that this setup worked flawlessly for months and no rules are setup except for the "standard" ones.



  • If I remember, there have been some updates to the Snort site and some strange behaviour with them moving some files around.  I'm wondering if maybe you've got a corrupted ruleset somehow.


  • Moderator

    In filter.inc

    https://github.com/pfsense/pfsense/blob/master/etc/inc/filter.inc

    It contains the code that produced the log message:

    
    $_grbg = exec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.debug 2>&1", $rules_error, $rules_loading);
    
    
    
    /* Brutal ugly hack but required -- PF is stuck, unwedge */
    		if (strstr("$rules_error[0]", "busy")) {
    			exec("/sbin/pfctl -d; /sbin/pfctl -e; /sbin/pfctl -f {$g['tmp_path']}/rules.debug");
    			$error_msg = gettext("PF was wedged/busy and has been reset.");
    			file_notice("pf_busy", $error_msg, "pf_busy", "");
    
    

    pfctl -o basic -f /tmp/rules.debug

    You might want to try running this command in the shell to see if it reports any errors? or look at the /tmp/rules.debug for anything out of the ordinary? As always make a Full Backup of the config file before proceeding.



  • I've just reinstalled Snort keeping the Preferences. Tomorrow I'm going to test it again.



  • No luck: received this message today

    [ There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads [0]: ]