misc/117271: OpenVPN TAP uses 99% CPU on releng_6 when if_tap is in
/boot/loader.conf
Emile Coetzee
emilec at clarotech.co.za
Wed Oct 17 05:50:02 PDT 2007
>Number: 117271
>Category: misc
>Synopsis: OpenVPN TAP uses 99% CPU on releng_6 when if_tap is in /boot/loader.conf
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Oct 17 12:50:01 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator: Emile Coetzee
>Release: RELENG_6
>Organization:
Clarotech Consulting
>Environment:
FreeBSD x 6.2-STABLE FreeBSD 6.2-STABLE #36: Thu Oct 11 02:46:55 SAST 2007 root at x:/usr/obj/usr/src/sys/X i386
>Description:
Tracking RELENG_6 with if_tap_load="YES" in /boot/loader.conf. When you start openvpn (/usr/local/sbin/openvpn --cd /usr/local/etc/openvpn --config /usr/local/etc/openvpn/tapsvr.conf) top will list openvpn on 99% CPU usage and the system will become non-responsive.
If you remove if_tap_load="YES" from /boot/loader.conf boot the system, run kldload if_tap and start openvpn, the problem does not occur. Compiling tap into the kernel as a pseudo device works correctly as well.
If I track RELENG_6_2 I can load if_tap from loader.conf and start openvpn tap service without experiencing any high CPU usage problems as decribed above.
So it would seem there is a difference loading the tap device at boot time using loader.conf than loading it from the command line or as part of the kernel in RELENG_6
I first reported this on the mailing lists in March 2007. At that time I did notice some very recent changes for if_tap in the source tree which might be the cause of the problem.
http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2007-03/msg00445.html
>How-To-Repeat:
Track RELENG_6
Install openvpn from ports (/usr/ports/security/openvpn)
Configure a VPN server using the tap device (the defaults will do).
set if_tap_load="YES" in /boot/loader.conf
start openvpn: /usr/local/sbin/openvpn --cd /usr/local/etc/openvpn --config /usr/local/etc/openvpn/tapsvr.conf
>Fix:
The workaround is to remove if_tap from loader.conf and load it after boot time or compile it into the kernel.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list