Error in the Aliases -> Diagnostics

Started by hushcoden, February 21, 2022, 10:37:28 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 21, 2022, 10:37:28 AM
I was searching for an IP address in Diagnostics/Aliases tab of the Firewall and I've got the attached error, any idea of what it is?

Tia.
February 21, 2022, 06:06:51 PM #1
may be related to https://forum.opnsense.org/index.php?topic=27096.0
may disappear after increasing max table size value
February 22, 2022, 09:44:09 AM #2
Unfortunately not, I've submitted an error report
February 22, 2022, 12:54:51 PM #3
what
Code Select
configctl filter list table Block_Malicious_IPs json
returns?
February 22, 2022, 02:21:11 PM #4 Last Edit: February 22, 2022, 02:40:12 PM by hushcoden
Code Select
error in configd communication %s, see syslog for details
February 22, 2022, 03:45:24 PM #5
got it, thanks
What the records count for this alias and what
Code Select
/usr/local/opnsense/scripts/filter/list_table.py Block_Malicious_IPs json
returns?
February 22, 2022, 06:29:33 PM #6
Quote from: Fright on February 22, 2022, 03:45:24 PM
What the records count for this alias
812356

Quote
and what
Code Select
/usr/local/opnsense/scripts/filter/list_table.py Block_Malicious_IPs json
returns?
See attachment
February 22, 2022, 09:35:06 PM #7
it really looks like resource depletion. though on a very resource constrained vm (but with IDPS disabled) I needed a 2M-row alias to reproduce this behavior.
please keep in mind that when you start typing something in the search field, in response to each entered character, a request is sent to the server to search for the resulting string in the alias table. thus, for large aliases and with limited resources, this can create a some race condition effect.

I would try to use the Find References button to search for occurrences of an address in aliases in this case - it works with a different principle, it should work much faster and takes data directly from the pf (taking into account optimization when loading tables into memory)
February 22, 2022, 09:59:56 PM #8 Last Edit: February 22, 2022, 10:03:30 PM by hushcoden
I suspected so, one of the limits of the APU2 board  :-\

Can this increase of the firewall max table entries being the culprit for the swap file being used? Or perhaps more related with the new version 22.1?

And many thanks for your assistance.
February 23, 2022, 07:05:02 AM #9 Last Edit: February 23, 2022, 07:11:22 AM by Fright
imho this very much depends on the system config: whether IDPS is used, how many sets of rules are used, whether unbond and blocklists are used in it, the volume of blocklists, the schedule for updating rules and lists, logging settings, and so on and so on...
all this affects system performance and there are services and tasks that consume significant resources.
and if the system is running at the limit of resources, then the slightest change in settings and even an action in the system can lead to a sharp increase in the operation time and errors.
for example, if on the same vm (1core 1thread cpu, 4GB RAM) that works well with 1.5M rows alias, I turn on IDPS, unbound with blocklists, turn on default firewall rules logging, and then start loading unbound blocklists, then even searching in an alias with only 70 thousand lines starts to take a huge amount of time and may lead to errors.
so imho optimizing settings and scheduling can greatly help in performance optimizing
and of course, the same tasks can sometimes be performed in different ways and they can differ in efficiency. as i said: if you know the address exactly, then it is much more efficient to use a Find Refernces button than a search bar
Print
Go Up Pages1
User actions