Author: mkj

Exposing pfSense uplink information to LAN hosts

Sometimes, it’s beneficial to be able to programatically tell from a client which uplink connection is being used by pfSense to route traffic, or simply have access to the current value of some property that maps to each respective uplink. This can be the case if, for example, there is a desire to pause certain network-intense activities running on a client when a metered, data-capped or lower-bandwidth uplink (for example mobile broadband) is in use.

Unfortunately, this information is not readily exposed in any way I have been able to find. However, it also isn’t that difficult to get at.

This post is aimed mainly at simple primary/backup multi-homed configurations, not load-balancing configurations or primary/backup load-balanced configurations. Some adjusting may be required if your multi-homed pfSense configuration includes load-balancing.

On FreeBSD (on which pfSense is based), the way to print the routing table is netstat -r -n. Add an additional either -4 or -6 to print only the IPv4 or IPv6 routing table, respectively; by default, it prints both.

The uplink that at each time is being used by pfSense will typically be the default IP route. The default route, when printing the routing table through netstat -r -n, will have a first field with the value default.

To view the full output through the web interface, use Diagnostics > Command Prompt > Execute Shell Command. Be very careful; a typo or errant whitespace can be critical!

pfSense also includes awk, which is quite handy for filtering table-like text output such as that produced by netstat. We are primarily interested in the “Netif” (network interface) column of the output, for the line where the “Destination” field (the first one) has the value default.

Log in to the administration interface. If you haven’t already installed the Cron package, do so first through System > Package Manager.

Once Cron is installed, go to Services > Cron > Settings, and add a new entry. The command to be executed should be something very similar to:

/usr/bin/netstat -rn4 | /usr/bin/awk '($1 == "default" && $4 == "mvnetaMM") { print "ONE" } ($1 == "default" && $4 == "mvnetaNN") { print "OTHER" }' >/usr/local/www/uplink.local.txt

This will write ONE to /usr/local/www/uplink.local.txt if the default route is through the interface mvnetaMM, and will write OTHER if the default route is through mvnetaNN. The directory /usr/local/www, in turn, is exposed to local clients as / by the built-in administration interface web server.

You can add additional mappings (from physical interface name to an arbitrary value) on the same form if you have additional uplink interfaces. Look at Interfaces > Assignments in the administration web interface to see which physical interface name maps to which mnenomic name, and then from there decide what to expose if the default route is through that interface.

To avoid issues with quoting and encoding, I suggest only using US-ASCII alphanumeric characters in the awk print statements.

Do note that because Cron can only be configured to execute commands at a minute granularity, there will be a slight delay before a change in the default route is reflected in the file that is accessible from clients.

With the cron job in place, make the client request /uplink.local.txt from the firewall (no authentication required!) and take whatever action is desired based on its contents, or the change in its contents. For example, on Linux, you might do:

wget -q -O - --no-check-certificate https://pfsense.home.arpa/uplink.local.txt

or

curl -s --insecure https://pfsense.home.arpa/uplink.local.txt

The --no-check-certificate or --insecure respectively is needed if the respective tool does not trust the TLS certificate for the pfSense host. If your client trusts the certificate, it’s better to remove that part.

Why “How much should I feed my dog?” is the wrong question

I have lost count of how many times I’ve seen people ask some variation of “how much should I feed my dog?”, or “I think / someone said that my dog is overweight / too skinny, how much do you feed yours?”.

It’s generally a well-meaning question from an owner who wants to do the right thing, realizing that a dog who is either underweight or overweight is at much greater risk of a wide variety of ailments.

Usually, the question includes some information on the dog’s breed, age, gender and current weight. In the best of cases, it might even include some mention of the dog’s activity level, how much the dog is currently being fed, size (usually as height at the withers), and some pictures of the dog.

Unfortunately, even then, as asked, it’s also typically impossible to answer objectively in any manner that is actually useful to the individual dog owner.

Every dog is different. Even assuming that there are no underlying medical conditions that contribute to weight loss or obesity, a few of the things that are going to influence how much food a dog needs are:

  • The dog’s metabolism. Like humans, some dogs burn through more energy than others even given the exact same living conditions and activity levels, and this needs to be accounted for.
  • The qualities of the dog’s coat. Especially in the winter, whether or not the dog has a coat adapted for cold weather can make a huge difference in energy requirement, translating to a similar difference in dietary requirements.
  • The dog’s activity level. Unfortunately, a general label like “couch potato at home” or “very active” doesn’t help much at all, because different people have different ideas of what various activity levels mean. A sled dog enthusiast who regularly enters into competitions is going to have a rather different idea of what it means for a dog to be “moderately active”, compared to someone who spends a few hours each weekend walking in a forest.
  • The exact kind of food that the dog is being fed, or that one is considering feeding. This needs to go beyond specifying the manufacturer and, at an absolute minimum, specify the exact variety, because different foods have very different compositions and thus different energy content for the same volume, let alone weight.
  • The dog’s living conditions. A dog who spends a lot of time outdoors in extreme winter weather is going to have rather different needs compared to one who spends most of its time in a heated house, even if everything else about their lives is identical (which it usually won’t be).

And that’s just to begin with.

Consequently, such questions tend to get a huge range of answers, not uncommonly a difference of a factor 2-3 or even more than that even for dogs of the same breed and similar weight.

That doesn’t help anyone, least of which the owner who just wants to make sure they are keeping their dog at a healthy weight!

At best, a person can look at the pictures and try to determine if the dog looks like it is overweight, underweight, or at an appropriate weight and, from there, suggest to either decrease, increase, or maintain its food intake, respectively, or to make the opposite adjustment to the dog’s activity level. But this, too, is fraught with issues; for example, a thick coat can easily obscure the dog’s condition, particularly in a situation where one can’t actually physically feel the dog.

Instead, learn how to tell whether the dog is at an appropriate weight. This varies slightly between breeds because of different body types, but it’s not that difficult, and the general principles transfer well between breeds. Certainly do consider asking for a second opinion from your veterinarian, the dog’s breeder, or even just a local person who is knowledgeable about dogs; or even to show you how. If their opinion about your dog’s weight differs from yours, ask them to explain what they base theirs on. It’s not about the number displayed on the scale; it’s about how the dog is carrying that weight.

Once you know what your particular dog is supposed to look and feel like when it is at an appropriate weight, you can adjust the amount of food and/or the dog’s activity level continuously in order to maintain that appropriate weight; and you won’t need to rely on strangers on the Internet to do it.

Trust me. Long term, if it could, your dog would thank you for it.

Sound “clicks” on Debian 10, 11 Linux with ALSA and PulseAudio

Under some conditions, there can be repeated, clearly audible “clicks” in sound on at least Debian 10 and 11 (Buster and Bullseye) GNU/Linux, accompanied by momentary audio output device switches. Web searches indicate that other distributions (at least Debian derivatives) are affected as well; I have been able to locate cases where Ubuntu and Mint users have both been affected by this type of issue.

I haven’t dug very deeply into exactly why this happens, but it seems to be somehow related to ALSA port availability changes; which is kind of odd when it happens without any changes in what hardware is available.

The fix, however, is actually quite simple. Open /etc/pulse/default.pa in an editor running as root:

$ sudo nano /etc/pulse/default.pa

Locate the line

load-module module-switch-on-port-available

Prepend a # to comment it out:

#load-module module-switch-on-port-available

Save the file and exit the editor (in nano, by pressing Ctrl+O, confirm saving, then Ctrl+X to exit), then under the user account suffering from this problem, stop the running PulseAudio daemon.

$ pulseaudio --kill

A new PulseAudio instance should start as soon as it is needed, reading the new configuration as it does so.

This should resolve the issue.

Turning off fwupdmgr and lvfs automatic updates on Debian 11/Bullseye

Debian Bullseye ships with the Linux Vendor Firmware Service (LVFS) fwupdmgr enabled by default.

There are many situations in which that’s a good thing; firmware is a central part of today’s hardware and software ecosystem, and you generally want to use the latest version available.

However, even though (supposedly; I haven’t yet been in a situation to actually experience this) actual updates need to be triggered manually, there are situations in which you want to reduce polling of external systems – especially when such polling could be used to deduce whether you have a particular piece of hardware or not.

Fortunately, it’s easy to disable the automatic checks in Debian. Simply enough:

sudo systemctl mask fwupd-refresh.timer

(For some reason, it is insufficient to simply disable the timer.)

You can still perform a manual check when appropriate by simply starting the unit that would normally be started by the timer:

sudo systemctl start fwupd-refresh.service

To see the result of the check, look at the unit log:

sudo journalctl --unit=fwupd-refresh.service

Powered by WordPress & Theme by Anders Norén