There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The lin


  • 2nd time I've seen this error message
    02-06-15 09:07:20 [ There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads [ 0 ] : ]

    2.2-RELEASE (amd64)
    built on Thu Jan 22 14:03:54 CST 2015
    FreeBSD 10.1-RELEASE-p4

    Any ideas?

    TIA

    Edit.

    One thought, is could this be related to 3 10/100 usb nics connected to a 4 port usb hub connected into one motherboard usb port, in otherwords could this be due to a bandwith issue in the usb nics? I've only seen this since adding a 3rd usb nic to the usb hub, nothing in the 4th usb port.

    From the system log.
    Feb 6 09:07:20 php-fpm[53408]: /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads [ 0 ] :
    Feb 6 09:07:20 php-fpm[53408]: /rc.filter_configure_sync: New alert found: PF was wedged/busy and has been reset.

    Edit. 2

    Seems to have been triggered by an ISP ip address change, but like the firewall states were not always deleting during the beta test when an ISP ip address occurred, not all ISP ip address changes cause this error to appear either.

  • Banned

    @firewalluser:

    3 10/100 usb nics connected to a 4 port usb hub connected into one motherboard usb port


  • Whats the danger of increasing the timeout that causes pfsense/freebsd to throw the error message New alert found: PF was wedged/busy and has been reset.

    I see this in windows alot with large sections of code or multiple record processing that doesnt respond to the events put out by the windows core, so, windows times out the app and throws an error message saying something along the lines of the app is not responding, do I want to Wait or Close the app?

    The Windows time out can be increased by altering a reg setting, does something exist in pfsense and/or freebsd that you know of?

  • Netgate Administrator

    Subtle response from Doktornotor there.  :D

    You've already heard all the arguments about USB NICs so I'll not go into that, but….. USB NICs are my first thought here.

    So this coincided with the filter being reloaded due to a WAN address change?

    Steve

  • Banned

    I'd much rather run a "router on a stick" with a single NIC and VLANs if nothing else is possible. 3 USB NICs in a hub, eeeeeeeeeeeew yuck!


  • @stephenw10:

    Subtle response from Doktornotor there.  :D

    You've already heard all the arguments about USB NICs so I'll got into that, but….. USB NICs are my first thought here.
    So this coincided with the filter being reloaded due to a WAN address change?

    Steve

    Yep, havent seen it with 2 usb nics on a 4port usb hub, but adding the 3rd usb nic seems to trigger this error from time to time and knowing there is limited bandwith with usb hubs my thinking is something is timing out in freebsd or pfsense.

    The wan usb nic is plugged directly into the 2nd mother board usb nic, so the wan ip change despite being on its own dedicated usb motherboard port is still affecting the whole machine.

    On the point of not using usb nics, the biggest hassle I have seen so far is the addition or removal of a usb nic means pfsense/freebsd reorders the usb nics in relation to the interface order in pfsense.

    This is easily overcome and resolved if a motherboard or non usb nic is used as the lan interface regardless, and then going into pfsense, interfaces, assign and then correcting the order of the USB nics, gets things back and working.

    Going through this https://calomel.org/freebsd_network_tuning.html as some comments made are pertinent, like
    "the built in network port on motherboards. The chipset may negotiate at one gigabit, but will not perform well under stress." oh and the comment "daft to build a castle in a swamp".

    I also see things like its worth disabling intel cpu hyperthreading in the bios as it has an unpredictable affect on latency, cache misses and load and optimising freebsd improved performance by 35%, so dont know how the calomel compares to the default settings in pfsense2.2/freebsd 10.1 but a paper on cpu cache misses suggest they add 15% to the wait time.

    So will experiment with these as I know my sip server doesnt run well on a dual core intel cpu in windows compared to an older amd single core cpu where the sound is perfect, but I can also bind the sip server to a single core of my choosing in windows which might remove the problem but dont know for sure as yet to test.

  • Netgate Administrator

    Are you running pfblocker?
    Adding the extra interface could add a lot more rules if you are. I assume the interface has to be enabled before you see the error?

    https://forum.pfsense.org/index.php?topic=60146.0

    Steve


  • As this is the first hit on google I figured I would update this thread.

    Getting the same DIOCXCOMMIT errors as well as "pfsense wedged/busy"

    Turned out to be hardware - one of the VDSL modems was faulty - replacing seems to have fixed it.

  • Netgate Administrator

    Was that a PPPoE connected modem out of interest?

    Steve


  • It was indeed Stephen.
    Am in the UK and it was a standard (Huawei) BT modem feeding an FTTC ISP connection via DSL to ethernet to the NIC.

    Sorry for the delay I don't appear to have notifications on my posts….