Regression #14623
closed
Primary interface address is incorrectly set to the last address on the interface
100%
Description
The fixes for #11545 seem to have introduced another regresssion when finding the primary interface address.
My WAN interface gets both a GUA and a ULA address from the upstream router. In pfSense 2.6.0 the primary interface address shown in the UI would correctly be the GUA. In pfSense 2.7.0 it now always uses the ULA as the primary interface address, breaking things like IPsec. My site-to-site tunnels would only come up again after I had manually removed the ULA from the interface.
I traced the problem to the new get_interface_addresses function. It always returns the last IPv6 address it found for an interface (excluding VIPs). I am not sure by which logic FreeBSD sorts IP addresses, but in my case the GUA is always listed first. Maybe it's just the same order the addresses were specified in the Router Advertisement.
In any case pfSense's previous behaviour should be restored, which is to use the first address returned by the OS as the primary address rather than the last. pfSense_get_interface_addresses, which was deprecated by get_interface_addresses, still does exactly that. In 2.7.0 it still correctly returns the GUA while at the same time get_interface_addresses returns the ULA.
Fixing this should be as easy replacing array_pop with array_shift.
Related issues
Updated by Marcos M 9 months ago
- Tracker changed from Bug to Regression
- Subject changed from Primary interface address is always set to ULA if present to Primary interface address is incorrectly set to the last address on the interface
- Status changed from New to Pull Request Review
- Assignee set to Marcos M
- Target version set to 2.8.0
- Plus Target Version set to 23.09
Updated by Marcos M 9 months ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset baa612e555ba48e1961f03ac54e8f93b078aff48.
Updated by Marcos M 8 months ago
- Related to Bug #14725: Primary IPv6 interface address may be incorrect when a ULA is set added
Updated by Jim Pingle 8 months ago
- Has duplicate Bug #14782: RFC 2136 Dynamic DNS client selects a virtual IPv6 address instead of statically configured WAN Ipv6 address added
Updated by Jim Pingle 8 months ago
M Felden wrote in #note-5:
I am not convinced #14782 is a duplicate of #14623 as the behavior observed in #14782 was all about GUA and involved a VIP no ULA are present on the WAN interfaces of these boxes.
Then test it and provide the data to back up that assertion either way. ULA vs GUA does not matter on this particular issue, it's about the order they appear on the OS interface when there are multiple addresses on an interface. The ULA vs GUA part was handled separately on #14725 and not this issue.
Updated by M Felden 8 months ago
Apologies.
In the original report here and https://github.com/pfsense/pfsense/blob/f106b62cfbed279e8140ffa1edf535defb0221ab/src/etc/inc/interfaces.inc#L7471 seemed to indicate that VIP are handled separately and would not trigger it.
I see it using VIP addresses sort of like in #11545 hence the confusion. I will monitor #14623 :)
Updated by Marcos M 8 months ago
- Related to Bug #14785: Primary IPv6 interface address may be incorrect when a VIP is set added