Bug #14128
openInput validation does not prevent limiter bandwidth values that are too large
0%
Description
There exists a limit to the bandwidth value within Limiters:
https://github.com/pfsense/FreeBSD-src/blob/bd5b6c0d6ccaa6b8316669d745c407a1260f453a/sbin/ipfw/dummynet.c#L833
The highest supported bw
value and type in pfSense is 4294 Mbit/s
which results in the following /tmp/rules.limiter
:
pipe 1 config bw 4294Mb queue 3000 codel target 5ms interval 100ms ecn sched 1 config pipe 1 type fq_codel target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 ecn pipe 2 config bw 4294Mb queue 3000 codel target 5ms interval 100ms ecn sched 2 config pipe 2 type fq_codel target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 ecn
Higher values will fail to create the pipes and show the following in system logs:
Mar 19 17:33:31 php-fpm 14018 /rc.filter_configure_sync: The command '/sbin/dnctl /tmp/rules.limiter' returned exit code '65', the output was 'Line 2: bandwidth too large'
However, the pfSense GUI does not warn about the limit, and allows rules to be created using the invalid configuration. Traffic that is placed into the invalid pipes/queues fails.
No data to display