Bug #13102
open
Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php
100%
Description
- Running 22.05.a.20220426.1313 on a Netgate 6100
- Not sure if this is a regression in 22.05 or an old bug.
Today I deleted an IKEv2 P1 (legacy, not VTI) that was active. I expected this to tear down the tunnel. It did not, so when I went to Status -> IPsec, I saw that there was still an active connection and SAs showing there. I believe at some point one of the scripts on that page (or the dashboard IPsec widget) caused this crash in PHP:
Crash report begins. Anonymous machine information: amd64 12.3-STABLE FreeBSD 12.3-STABLE plus-devel-12-n202664-041fc0bc0fd pfSense Crash report details: PHP Errors: [26-Apr-2022 16:29:11 America/New_York] PHP Warning: array_key_first() expects parameter 1 to be array, null given in /usr/local/www/status_ipsec.php on line 345 [26-Apr-2022 16:29:11 America/New_York] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/status_ipsec.php on line 347 [26-Apr-2022 16:29:16 America/New_York] PHP Warning: array_key_first() expects parameter 1 to be array, null given in /usr/local/www/status_ipsec.php on line 345 [26-Apr-2022 16:29:16 America/New_York] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/status_ipsec.php on line 347 [26-Apr-2022 16:29:22 America/New_York] PHP Warning: array_key_first() expects parameter 1 to be array, null given in /usr/local/www/status_ipsec.php on line 345 [26-Apr-2022 16:29:22 America/New_York] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/status_ipsec.php on line 347 [26-Apr-2022 16:29:22 America/New_York] PHP Warning: array_key_first() expects parameter 1 to be array, null given in /usr/local/www/status_ipsec.php on line 345 [26-Apr-2022 16:29:22 America/New_York] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/status_ipsec.php on line 347 No FreeBSD crash data found.
Files
Related issues
Updated by Viktor Gurov 11 months ago
- Assignee set to Viktor Gurov
Updated by Jim Pingle 11 months ago
- Status changed from Confirmed to Pull Request Review
- Target version set to 2.7.0
- Plus Target Version set to 22.05
Updated by Viktor Gurov 11 months ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset d90552c59e51fb13c712b6a96a51ca2462424156.
Updated by Georgiy Tyutyunnik 11 months ago
- File liveIPSec.png liveIPSec.png added
tested on
22.05-DEVELOPMENT (amd64)
built on Fri Apr 22 06:22:18 UTC 2022
FreeBSD 12.3-STABLE
bug reproduced, picture attached.
After the patch IPSec tunnel is teared down correctly, no unusual behavior
Updated by Jim Pingle 10 months ago
- Status changed from Resolved to New
- Plus Target Version changed from 22.05 to 22.09
I had to back the change in d90552c59e51fb13c712b6a96a51ca2462424156 out for now. On systems with a lot of tunnels it was causing a pileup of swanctl processes any time that code path was triggered.
We can revisit it for the next release.
Updated by Jim Pingle 10 months ago
- Status changed from New to Feedback
Applied in changeset bfb06f9a27785f3c5164b44e004c3be9165f764e.
Updated by Jim Pingle 9 months ago
- Plus Target Version changed from 22.09 to 22.11
Updated by Jim Pingle 5 months ago
- Plus Target Version changed from 22.11 to 23.01
Updated by Jim Pingle 4 months ago
- Plus Target Version changed from 23.01 to 23.05
Can move this forward, previous attempts were too disruptive to risk given all the other changes going on for the 23.01 release already.