Project

General

Profile

Bug #3607

apinger misconfigured when using PPPoE link

Added by Gilles Compienne over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Gateways
Target version:
-
Start date:
04/17/2014
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.1
Affected Architecture:
All

Description

When using a PPoE link for a WAN then the script configuring apinger (i.e. /etc/inc/gwlb.inc) will not configure apinger properly (this has been verified on pfSense 2.1.2).

This happens because the IP address for the PPoE link is internally reported as "dynamic" and the configuration script will reject that as not being a valid IP. In practice the "if" test for this was probably wrong because inside the "if" block the IP check is done again (and the code inside the block seems to be careful to handle the "dynamic" scenario). So, all I had to do to fix this was to change the outer if block to check the protocol variant (IPv4 or v6) instead of simply checking the IP address itself.

There was another problem that, if a monitor address was specified, then the script was not checking if that address was local link or not (the script was currently only doing that for the gateway address itself, and it forgot that the monitor address probably should have been checked first).

So, in my case, I got things to work by editing the "gwlb.inc" file and replacing the block:
if (is_ipaddrv4($gateway['gateway'])) {
...
} else if (is_ipaddrv6($gateway['gateway'])) {
...
} else
continue;

BY:

if ($gateway['ipprotocol'] == "inet") {
$gwifip = find_interface_ip($gateway['interface'], true);
if (!is_ipaddrv4($gwifip))
continue; //Skip this target
/*
 * If the gateway is the same as the monitor we do not add a
 * route as this will break the routing table.
 * Add static routes for each gateway with their monitor IP
 * not strictly necessary but is a added level of protection.
/
if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
log_error("Removing static route for monitor {$gateway['monitor']} and adding a new route through {$gateway['gateway']}");
mwexec("/sbin/route change -host " . escapeshellarg($gateway['monitor']) .
" " . escapeshellarg($gateway['gateway']), true);
}
} else if ($gateway['ipprotocol'] "inet6") {
if ($gateway['monitor'] $gateway['gateway']) {
/
link locals really need a different src ip */
if (is_linklocal($gateway['gateway'])) {
$gwifip = find_interface_ipv6_ll($gateway['interface'], true);
} else {
$gwifip = find_interface_ipv6($gateway['interface'], true);
}
} else {
$gwifip = find_interface_ipv6($gateway['interface'], true);
if (is_linklocal($gateway['monitor'])) {
if (!strstr($gateway['monitor'], '%')) {
$gateway['monitor'] .= "%{$gateway['interface']}";
}
} else {
// Monitor is a routable address, so use a routable address for the "src" part
$gwifip = find_interface_ipv6($gateway['interface'], true);
}
}
if (!is_ipaddrv6($gwifip))
continue; //Skip this target
/*
 * If the gateway is the same as the monitor we do not add a
 * route as this will break the routing table.
 * Add static routes for each gateway with their monitor IP
 * not strictly necessary but is a added level of protection.
*/
if (is_ipaddrv6($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
log_error("Removing static route for monitor {$gateway['monitor']} and adding a new route through {$gateway['gateway']}");
mwexec("/sbin/route change -host -inet6 " . escapeshellarg($gateway['monitor']) .
" " . escapeshellarg($gateway['gateway']), true);
}
} else {
continue;
}

Now, I must admit I don't know how to apply these fixes to the source code and I suspect they would have to be validated first. Hence this bug report...

HTH

gwlb.inc (33.1 KB) gwlb.inc Gilles Compienne, 04/17/2014 08:21 AM

Associated revisions

Revision 8c7e38ff (diff)
Added by Gilles Compienne over 4 years ago

[pfSense - Bug #3607] Ensure gateway detection can cope with the gateway being a dynamically assigned PPoE interface.

Revision dd8d9bdc (diff)
Added by Gilles Compienne over 4 years ago

pfSense - Bug #3607: Fix issue whereby the ICMP6 messages sometimes have the wrong source IP when a monitor gateway has been set.

History

#1 Updated by Gilles Compienne over 4 years ago

Posting the source code on the bug report does not seems to have gone well (missing bits and the like, escape issues I suppose). So I am attaching the modified file (note that full file probably still has some of the debug "print" command I used to trace the problem. But the main if block with its changes will be intact).

#2 Updated by Phillip Davis over 4 years ago

Go to https://github.com/pfsense/pfsense and make yourself an account and submit the code change there. It will be much easier to review.

#3 Updated by Gilles Compienne over 4 years ago

Phillip Davis wrote:

Go to https://github.com/pfsense/pfsense and make yourself an account and submit the code change there. It will be much easier to review.

Ok, I have submitted pull request 1098:
https://github.com/pfsense/pfsense/pull/1098

Hope this helps.

Regards,

Gilles.

#4 Updated by Chris Buechler over 4 years ago

  • Subject changed from apinger misconfigured when using PPoE link to apinger misconfigured when using PPPoE link
  • Status changed from New to Resolved

Also available in: Atom PDF