Project

General

Profile

Actions
Copy link

Regression #11945

closed

Incorrect VTI interface creation

Added by Viktor Gurov over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Very High
Assignee:
Viktor Gurov
Category:
IPsec
Target version:
2.5.2
Start date:
05/21/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Force Exclusion
Affected Version:
Affected Architecture:

Description

How to reproduce:

1) Clean install
2) Create IPsec with VTI Phase 2
3) Check config.xml - you'll see:

<vtimaps>
 <item>
  <reqid>1</reqid>
  <index>0</index>
  <ifnum>1</ifnum>
</item>
</vtimaps>

4) Try to create another IPsec VTI - you'll see:
<vtimaps>
 <item>
  <reqid>1</reqid>
  <index>0</index>
  <ifnum>1</ifnum>
 </item>
 <item></item>
</vtimaps>

This is regression of #11794, `ipsec_create_vtimap()` returns empty value
https://github.com/pfsense/pfsense/blob/2ac5f4ae7424349dd977a806ebc84d56affc2f17/src/etc/inc/interfaces.inc#L1447-L1471:

    if (count($config['ipsec']['vtimaps']['item']) == 0) {
        return array(
            "reqid" => $ikeid,
            "index" => $idx,
            "ifnum" => 1
        );
    }

    $assigned = array_column($config['ipsec']['vtimaps']['item'], 'ifnum');
    asort($assigned, SORT_NUMERIC);
    $new = 1;
    foreach($assigned as $ipsecifnum) {
        if ($ipsecifnum != $new) {
            return array(
                "reqid" => $ikeid,
                "index" => $idx,
                "ifnum" => $new
            );
        }
        if ($new++ > 32767) {
            log_error(gettext("All 32767 ipsec interface numbers " .
                "have been assigned!"));
            return(NULL);
        }
    }

$new 1 and first `ifnum` 1

Related issues

Related to Regression #11794: IPsec VTI interface names are not properly formed for more than 32 interfacesClosedRenato Botelho04/09/2021

Actions
Actions
Copy link

Also available in: Atom PDF