Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
HBSD SEGVGUARD errors on filterdns
« previous
next »
Print
Pages:
1
[
2
]
3
Author
Topic: HBSD SEGVGUARD errors on filterdns (Read 17111 times)
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #15 on:
December 06, 2017, 06:58:00 am »
Hi Stefan,
NTP being deferred is normal, Suricata should not be able to print "deferred", because NTP is the only thing that does that as far as I know.
G620 is around 2011 - 2013, it should run amd64, but if it's not it (or the mainboard) may be damaged... it's hard to tell.
Filterdns is an old daemon that resolves host aliases to IP addresses for firewall operation. How many aliases do you have in terms of hosts in them?
From what I can see being added by Ad in the development version, filterdns will be removed for this particular use case with 18.1.
Cheers,
Franco
Logged
Stefan
Newbie
Posts: 42
Karma: 4
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #16 on:
December 06, 2017, 03:28:57 pm »
Well then I look forward to 18.1!
«
Last Edit: December 06, 2017, 03:51:51 pm by Stefan
»
Logged
Stefan
Newbie
Posts: 42
Karma: 4
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #17 on:
December 06, 2017, 03:56:00 pm »
I have 31 aliases. Though the worst offenders are trouble no matter how you add then into the filter.
I use feeds where ever possible but a few of the biggest trouble makers mutate daily, so to speak. For example Tor exits and Linode (both are common visitors to my systems and websites). Both have a hand full of ASN's. But each of their ASNs will have 1400+ CIDRs all of which are /29, /30, and /31 networks (note that each those networks only have between 1 and 4 IP addresses each). There are about a dozen major trouble makers running thousands of small networks (/24 or smaller). These are the ones that are hard to handle.
Logged
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #18 on:
December 07, 2017, 03:51:19 pm »
Hi Stefan,
Ok it would make sense that there is considerable pressure on filterdns to keep up to date which may cause this. I'm assuming that when ASLR triggers, it could be a latent bug in the filterdns code. I can ping this thread when we have confidence in the replacement if you are interested in trying the newer model before 18.1 is out officially.
Thank you,
Franco
Logged
Stefan
Newbie
Posts: 42
Karma: 4
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #19 on:
December 07, 2017, 04:28:00 pm »
Thanks Franco,
Yes, I would be interested in being an early adopter. Other software companies even offer "nightly" builds to early adopters, including AutoDesk and an Austrian Mac based rules engine developer. Adding OPN into the fold would be something that I would enjoy doing.
Cheers,
Stefan
Logged
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #20 on:
December 07, 2017, 05:34:57 pm »
Hi Stefan,
We do have a parallel development track and a private nightly build system (
https://nightly.opnsense.org/
) ... but we are not confident it helps people to upgrade into untested packages and code, so we instead build one development package per release, which has a more consistent state.
Switching is easy:
# opnsense-update -t opnsense-devel
And switching back...
# opnsense-update -t opnsense
From both packages, you can use the latest code safely most of the time also:
# opnsense-code core
# cd /usr/core
# make upgrade
I've added a ping reminder in the ticket for the alias rework for later, see:
https://github.com/opnsense/core/issues/1971
Cheers,
Franco
Logged
Stefan
Newbie
Posts: 42
Karma: 4
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #21 on:
December 07, 2017, 06:09:57 pm »
Thank you, Franco
Logged
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #22 on:
December 19, 2017, 07:45:47 am »
FYI: The opnsense-devel update going out with 17.7.11 tomorrow will no longer use filterdns at all.
Cheers,
Franco
Logged
Stefan
Newbie
Posts: 42
Karma: 4
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #23 on:
December 19, 2017, 02:34:09 pm »
Fantastic, thank you! I look forward to the update.
Logged
Stefan
Newbie
Posts: 42
Karma: 4
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #24 on:
December 19, 2017, 07:59:11 pm »
17.7.11 the same as 18.1.b_199?
Logged
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #25 on:
December 19, 2017, 08:36:18 pm »
Hi Stefan,
We don't keep track of the pre RC builds, but 17.7.11's development version translates to 18.1.b_273. It just counts the commits on this track.
Cheers,
Franco
Logged
Stefan
Newbie
Posts: 42
Karma: 4
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #26 on:
December 19, 2017, 10:33:40 pm »
Okay I'm in sync with things now.
Logged
Stefan
Newbie
Posts: 42
Karma: 4
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #27 on:
December 20, 2017, 03:55:38 pm »
Switched to opnsense-devel. Much improved filter stability.
Now running LibreSSL, showed marked improvement in system wide performance when using high level cryptography. No loss of GUI accessibility.
Logged
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #28 on:
December 20, 2017, 03:59:12 pm »
That's a good start. Thank your for testing!
Logged
Stefan
Newbie
Posts: 42
Karma: 4
Re: HBSD SEGVGUARD errors on filterdns
«
Reply #29 on:
December 20, 2017, 10:42:12 pm »
Saw attempted DDOS attack. The system held, no HBSD SEGVGUARD error. Although filterdns dumped to the console screen.
Updating to b_273 and will wait for next attack.
«
Last Edit: December 20, 2017, 10:48:07 pm by Stefan
»
Logged
Print
Pages:
1
[
2
]
3
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
HBSD SEGVGUARD errors on filterdns