Project

General

Profile

Bug #4674

invalid state table entries after WAN IP change

Added by Daniel Haid over 5 years ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
05/04/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
Affected Architecture:

Description

This is similar to Bug #1629. I have a SIP client behind pfsense 2.2.2. When the WAN IP changes, there is a state table entry with the old IP, and the SIP client can not register anymore.

I suspect that this happens because the SIP client continuously generates packets, so that one could arrive between pfSense_kill_states and filter_configure_sync. My patch reverses the order of the two functions and seems to work, but I do not know whether this will introduce other problems.

states-bug.patch (1.22 KB) states-bug.patch Daniel Haid, 05/04/2015 08:53 AM

Associated revisions

Revision 86e6e0bc (diff)
Added by Jim Pingle 11 months ago

Fix state kill ordering in rc.newwanip. Fixes #4674

Move state kill to after new rules and routing have been setup.
Otherwise there is a race condition where new states could be created
before the new rules and routing are in place.

Revision 5f66269d (diff)
Added by Jim Pingle 11 months ago

Fix state kill ordering in rc.newwanip. Fixes #4674

Move state kill to after new rules and routing have been setup.
Otherwise there is a race condition where new states could be created
before the new rules and routing are in place.

(cherry picked from commit 86e6e0bcffcbb988dc7f80ac0aed25cad28d79eb)

History

#1 Updated by → luckman212 about 5 years ago

Interesting workaround! I will have to try this myself as we've had similar problems with SIP devices & Asterisk.

#2 Updated by Kill Bill over 3 years ago

Can someone look into this? Sounds to me like the ordering here is indeed just wrong.

#3 Updated by slu - over 3 years ago

SIP behind pfSense with changing WAN IP address is with this bug impossible.
I must delete every day the old states.

#4 Updated by Jim Pingle 12 months ago

  • Category set to Rules / NAT
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0

Looking at /etc/rc.newwanip it does appear to make more sense to configure before killing the old states.

#5 Updated by Jim Pingle 11 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#6 Updated by Jim Pingle 8 months ago

  • Target version changed from 2.5.0 to 2.4.5

#7 Updated by Jim Pingle 7 months ago

  • Status changed from Feedback to Resolved

No feedback from OP or previous commenters, and at least with a quick test here it appears to be doing the right thing now compared to the previous code.

Can revisit if people still encounter issues.

Also available in: Atom PDF