Bug #13102
openDeleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php
100%
Description
- Running 22.05.a.20220426.1313 on a Netgate 6100
- Not sure if this is a regression in 22.05 or an old bug.
Today I deleted an IKEv2 P1 (legacy, not VTI) that was active. I expected this to tear down the tunnel. It did not, so when I went to Status -> IPsec, I saw that there was still an active connection and SAs showing there. I believe at some point one of the scripts on that page (or the dashboard IPsec widget) caused this crash in PHP:
Crash report begins. Anonymous machine information: amd64 12.3-STABLE FreeBSD 12.3-STABLE plus-devel-12-n202664-041fc0bc0fd pfSense Crash report details: PHP Errors: [26-Apr-2022 16:29:11 America/New_York] PHP Warning: array_key_first() expects parameter 1 to be array, null given in /usr/local/www/status_ipsec.php on line 345 [26-Apr-2022 16:29:11 America/New_York] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/status_ipsec.php on line 347 [26-Apr-2022 16:29:16 America/New_York] PHP Warning: array_key_first() expects parameter 1 to be array, null given in /usr/local/www/status_ipsec.php on line 345 [26-Apr-2022 16:29:16 America/New_York] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/status_ipsec.php on line 347 [26-Apr-2022 16:29:22 America/New_York] PHP Warning: array_key_first() expects parameter 1 to be array, null given in /usr/local/www/status_ipsec.php on line 345 [26-Apr-2022 16:29:22 America/New_York] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/status_ipsec.php on line 347 [26-Apr-2022 16:29:22 America/New_York] PHP Warning: array_key_first() expects parameter 1 to be array, null given in /usr/local/www/status_ipsec.php on line 345 [26-Apr-2022 16:29:22 America/New_York] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/status_ipsec.php on line 347 No FreeBSD crash data found.
Files
Related issues
Updated by Viktor Gurov 2 months ago
- Assignee set to Viktor Gurov
Updated by Jim Pingle 2 months ago
- Status changed from Confirmed to Pull Request Review
- Target version set to 2.7.0
- Plus Target Version set to 22.05
Updated by Viktor Gurov 2 months ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset d90552c59e51fb13c712b6a96a51ca2462424156.
Updated by Georgiy Tyutyunnik 2 months ago
- File liveIPSec.png liveIPSec.png added
tested on
22.05-DEVELOPMENT (amd64)
built on Fri Apr 22 06:22:18 UTC 2022
FreeBSD 12.3-STABLE
bug reproduced, picture attached.
After the patch IPSec tunnel is teared down correctly, no unusual behavior
Updated by Jim Pingle about 1 month ago
- Status changed from Resolved to New
- Plus Target Version changed from 22.05 to 22.09
I had to back the change in d90552c59e51fb13c712b6a96a51ca2462424156 out for now. On systems with a lot of tunnels it was causing a pileup of swanctl processes any time that code path was triggered.
We can revisit it for the next release.
Updated by Jim Pingle about 1 month ago
- Status changed from New to Feedback
Applied in changeset bfb06f9a27785f3c5164b44e004c3be9165f764e.
Updated by Jim Pingle about 14 hours ago
- Plus Target Version changed from 22.09 to 22.11