Hello,
since yesterday Core Update 123 is running on one of my firewall systems. After a reboot, I noticed average load has decreased a little bit (RAM consumption stays the same).
Further, CPU frequency graphs are now working again (Thanks to Arne) and show some flapping freqs between 1.2kHz and 2.0kHz for each core. Before Core Update 121/122, idle frequencies were about 700MHz - not sure what this means.
IDS, squid proxy (with URL filter and upstream proxy enabled), fireinfo and IPsec (N2N connections only) work fine.
The OpenVPN WebUI page now displays a warning about a host certificate being not compliant to RFC3280, saying all host and root certificates should be replaced as soon as possible. This is probably related to https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=400c8afd9841bed350c19209... .
GeoIP database results in WebUI are now as expected.
A check script for CPU vulnerabilities (Spectre, Meltdown, ...) claims system is still vulnerable against CVE-2018-3640 (Spectre v3a), which requires up-to-date µ-codes. The overall results do not differ from a system running 121/122, which surprises me as new microcodes are shipped with this update.
[root@firewall ~]# grep "." /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB, IBRS_FW
Besides of the microcode issue, I did not notice any issues. Output of "uname -a" is:
Linux firewall 4.14.50-ipfire #1 SMP Fri Jun 29 16:40:29 GMT 2018 x86_64 Intel(R) Celeron(R) CPU N3150 @ 1.60GHz GenuineIntel GNU/Linux
Thanks, and best regards, Peter Müller