Todo #16707
open
Improve gateway status consistency
100%
Description
Currently there are several places where the gateway status is checked and each place has its own implementation of those checks. This tends to result in inconsistencies between GUI pages when showing the status of a gateway. For example, the gateway groups page shows "Pending" for a gateway group which has a single gateway that also has monitoring disabled; whereas other pages show that gateway as "Online". Update the code so that the gateway status is consistent across all pages.
Updated by
Updated by Jim Pingle 2 months ago
- Status changed from Feedback to In Progress
Looks like this change introduced a PHP error on one of my test VMs:
PHP ERROR: Type: 1, File: /etc/inc/gwlb.inc, Line: 309, Message: Uncaught TypeError: is_gateway_action_enabled(): Argument #1 ($gateway) must be of type array|string, null given, called in /etc/inc/gwlb.inc on line 1835 and defined in /etc/inc/gwlb.inc:309
Stack trace:
#0 /etc/inc/gwlb.inc(1835): is_gateway_action_enabled(NULL)
#1 /etc/inc/gwlb.inc(1676): get_gwgroup_members_inner(Array, Array, Array, Array)
#2 /etc/inc/gwlb.inc(1936): fixup_default_gateway('inet', Array, Array)
#3 /etc/inc/filter.inc(1732): return_gateway_groups_array(true)
#4 /etc/inc/filter.inc(928): filter_generate_gateways()
#5 /etc/rc.bootup(296): filter_configure_sync()
#6 {main}
thrown
The gateway configuration on this test VM is:
<gateways>
<gateway_item>
<interface>wan</interface>
<gateway></gateway>
<name>WAN_DHCP6</name>
<weight>1</weight>
<ipprotocol>inet6</ipprotocol>
<descr><![CDATA[Interface WAN_DHCP6 Gateway]]></descr>
<gw_down_kill_states></gw_down_kill_states>
</gateway_item>
<gateway_item>
<interface>wan</interface>
<gateway>dynamic</gateway>
<name>WAN_DHCP</name>
<weight>1</weight>
<ipprotocol>inet</ipprotocol>
<descr><![CDATA[Interface WAN_DHCP Gateway]]></descr>
<gw_down_kill_states></gw_down_kill_states>
</gateway_item>
<gateway_item>
<interface>opt2</interface>
<gateway>dynamic</gateway>
<name>WAN2_DHCP</name>
<weight>1</weight>
<ipprotocol>inet</ipprotocol>
<descr><![CDATA[Interface WAN2_DHCP Gateway]]></descr>
<gw_down_kill_states></gw_down_kill_states>
</gateway_item>
<gateway_item>
<interface>opt3</interface>
<gateway>dynamic</gateway>
<name>OPT3_TUNNELV4</name>
<weight>1</weight>
<ipprotocol>inet</ipprotocol>
<descr><![CDATA[Interface OPT3_TUNNELV4 Gateway]]></descr>
<gw_down_kill_states></gw_down_kill_states>
</gateway_item>
<gateway_group>
<name>PreferWAN</name>
<item>WAN_DHCP|1|address</item>
<item>WAN2_PPPOE|2|address</item>
<trigger>down</trigger>
<descr></descr>
</gateway_group>
<defaultgw4>PreferWAN</defaultgw4>
<defaultgw6>WAN_DHCP6</defaultgw6>
</gateways>
Note that the gateway group contains a gateway that does not exist. Removing that item allowed the system to boot.
Updated by Jim Pingle 7 days ago
- Status changed from Feedback to New
I had been hitting an occasional filter reload error and traced it back to this. Sometimes when a gateway isn't online and the gateway cannot be determined, it forms a bad gateway specification.
For example the broken ruleset contains:
GWVTI_CLARA_VTIV4 = " route-to ( ipsec7 ) "
When the gateway is online it contains:
GWVTI_CLARA_VTIV4 = " route-to ( ipsec7 10.6.106.1 ) "
It should be omitting the whole route-to clause in that case.
This seems to correct this error:
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 70a02ce5a7..71bcf1de60 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -1750,7 +1755,7 @@ function filter_generate_gateways() {
}
}
- if (!is_gateway_action_enabled($gateway) || is_gateway_online($gateway)) {
+ if (is_ipaddr($gwip) && (!is_gateway_action_enabled($gateway) || is_gateway_online($gateway))) {
$route = "route-to ( {$gateway['interface']} {$gwip} )";
} else {
$route = '';
In the block just before that, it does check if $gwip is an IP address but it only takes action if the option to skip rules for down gateways is enabled and doesn't handle this case.
Updated by Jim Pingle 6 days ago
That commit fixed the PF error I was hitting, so that part is good at least. The rest of the changes here may still need more evaluation yet.