Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Regression #14525

closed

PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration

Added by Christopher Cope over 1 year ago. Updated about 1 year ago.

Status:

Resolved

Priority:

Normal

Assignee:

Jim Pingle

Category:

IPsec

Target version:

2.7.1

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

23.09

Release Notes:

Default

Affected Version:

Affected Architecture:

Description

Stack trace:
#0 /usr/local/www/status_ipsec.php(345): array_key_first(NULL)
#1 /usr/local/www/status_ipsec.php(51): print_ipsec_body()
#2 {main}
  thrown in /usr/local/www/status_ipsec.php on line 345
[29-Jun-2023 09:53:43 US/Central] PHP Fatal error:  Uncaught TypeError: array_key_first(): Argument #1 ($array) must be of type array, null given in /usr/local/www/status_ipsec.php:345

A customer hit this on 23.05. I will attempt to reproduce it, but we should add a check for this situation either way.

Files

error.jpg (92 KB) error.jpg

aleksei prokofiev, 10/11/2023 09:14 AM

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Craig Coonrad over 1 year ago

Another instance of this (v23.05):

#0 /usr/local/www/status_ipsec.php(345):array_key_first(NULL)
#1 /usr/local/www/status_ipsec.php(51): print _ipsec _body
#2 {main}
thrown @2023-08-07 18:04:25
• PHP ERROR: Type: 1, File: /usr/local/www/status _ipsec.php, Line: 345, Message:
Uncaught TypeError: array_key_first(: Argument #1 (Sarray) must be of type array,

Actions

Copy link

Updated by Kris Phillips about 1 year ago

Do we know what reproduces this error?

Actions

Copy link

Updated by Filip Bengtsson about 1 year ago

I began getting the same error by doing this:

I had an IPsec connection to a remote site already set up, but the remote site was getting a new ISP and would have both connections for a few days. So I created an IPsec tunnel to the new WAN interface (with two phase 2 entries) and made sure they worked before deleting the old one. At some point during this, I began getting this error every time I visit the dashboard on either the remote or local pfSense servers. Note that it affects both installations the same way.

Crash report begins.  Anonymous machine information:

amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 RELENG_2_7_0-n255866-686c8d3c1f0: Wed Jun 28 04:21:19 UTC 2023     root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_0-main/obj/amd64/LwYAddCr/var/jenkins/workspace/pfSense-CE-snapshots-2_7_0-main/sources/FreeBSD-src-REL

Crash report details:

PHP Errors:
[24-Sep-2023 02:15:25 Europe/Stockholm] PHP Fatal error:  Uncaught TypeError: array_key_first(): Argument #1 ($array) must be of type array, null given in /usr/local/www/status_ipsec.php:345
Stack trace:
#0 /usr/local/www/status_ipsec.php(345): array_key_first(NULL)
#1 /usr/local/www/status_ipsec.php(51): print_ipsec_body()
#2 {main}
  thrown in /usr/local/www/status_ipsec.php on line 345

No FreeBSD crash data found.

Actions

Copy link

Updated by Jim Pingle about 1 year ago

Subject changed from PHP error in status_ipsec.php to PHP error in ``status_ipsec.php``
Assignee changed from Christopher Cope to Jim Pingle
Target version set to 2.8.0
Plus Target Version set to 23.09
Tracker changed from Bug to Regression

Did the error go away if you stopped/started (not restart) the IPsec daemon?

For it to hit the error there, it would have to have a P1 in the connection state data, but no P2 SA, though I can't provoke that here yet. We can certainly at least try to avoid that error, though, but it would be nice to have an easy way to replicate it.

I'll try to re-create your scenario in a lab here to see what happens.

Actions

Copy link

Updated by Filip Bengtsson about 1 year ago

As you suspected; starting and stopping did solve the issue (and restarting it did not). At least on the local router, I rebooted pfSense on the remote site as I would not be able to turn the daemon back on again (already done that mistake once or twice).

Actions

Copy link

Updated by Jim Pingle about 1 year ago

Filip Bengtsson wrote in #note-5:

As you suspected; starting and stopping did solve the issue (and restarting it did not). At least on the local router, I rebooted pfSense on the remote site as I would not be able to turn the daemon back on again (already done that mistake once or twice).

OK, that tells me it may have something to do with some "stale" data in the running IPsec daemon from the old/removed tunnel. Hopefully that makes it easier to reproduce in the lab.

Thanks!

Actions

Copy link

Updated by Jim Pingle about 1 year ago

Status changed from New to In Progress

While I could not reproduce it yet, I checked in what should be a fix for it. I tested the fix on several lab systems including one with ~20 IPsec tunnels of varying types and connection states and it was solid there.

Actions

Copy link

Updated by Jim Pingle about 1 year ago

Status changed from In Progress to Feedback
% Done changed from 0 to 100

Applied in changeset 202e3c1b7d3af019f03bf2545a7f31062f8e8e08.

Actions

Copy link

Updated by Jim Pingle about 1 year ago

Subject changed from PHP error in ``status_ipsec.php`` to PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration

Actions

Copy link

#10

Updated by aleksei prokofiev about 1 year ago

File error.jpg error.jpg added

I can reproduce this error with follow
1. S2S Ipsec
2. With working state, I delete P2 on one side and got this error in status page
3. Restart is not solve it, only stop/start service

Actions

Copy link

#11