Date: Wed, 17 Oct 2007 12:46:47 GMT From: Emile Coetzee <emilec@clarotech.co.za> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/117271: OpenVPN TAP uses 99% CPU on releng_6 when if_tap is in /boot/loader.conf Message-ID: <200710171246.l9HCkljc024691@www.freebsd.org> Resent-Message-ID: <200710171250.l9HCo1fa077638@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 117271 >Category: misc >Synopsis: OpenVPN TAP uses 99% CPU on releng_6 when if_tap is in /boot/loader.conf >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 17 12:50:01 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Emile Coetzee >Release: RELENG_6 >Organization: Clarotech Consulting >Environment: FreeBSD x 6.2-STABLE FreeBSD 6.2-STABLE #36: Thu Oct 11 02:46:55 SAST 2007 root@x:/usr/obj/usr/src/sys/X i386 >Description: Tracking RELENG_6 with if_tap_load="YES" in /boot/loader.conf. When you start openvpn (/usr/local/sbin/openvpn --cd /usr/local/etc/openvpn --config /usr/local/etc/openvpn/tapsvr.conf) top will list openvpn on 99% CPU usage and the system will become non-responsive. If you remove if_tap_load="YES" from /boot/loader.conf boot the system, run kldload if_tap and start openvpn, the problem does not occur. Compiling tap into the kernel as a pseudo device works correctly as well. If I track RELENG_6_2 I can load if_tap from loader.conf and start openvpn tap service without experiencing any high CPU usage problems as decribed above. So it would seem there is a difference loading the tap device at boot time using loader.conf than loading it from the command line or as part of the kernel in RELENG_6 I first reported this on the mailing lists in March 2007. At that time I did notice some very recent changes for if_tap in the source tree which might be the cause of the problem. http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2007-03/msg00445.html >How-To-Repeat: Track RELENG_6 Install openvpn from ports (/usr/ports/security/openvpn) Configure a VPN server using the tap device (the defaults will do). set if_tap_load="YES" in /boot/loader.conf start openvpn: /usr/local/sbin/openvpn --cd /usr/local/etc/openvpn --config /usr/local/etc/openvpn/tapsvr.conf >Fix: The workaround is to remove if_tap from loader.conf and load it after boot time or compile it into the kernel. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710171246.l9HCkljc024691>