Project

General

Profile

Bug #4674

invalid state table entries after WAN IP change

Added by Daniel Haid over 4 years ago. Updated about 2 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
05/04/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
Affected Architecture:

Description

This is similar to Bug #1629. I have a SIP client behind pfsense 2.2.2. When the WAN IP changes, there is a state table entry with the old IP, and the SIP client can not register anymore.

I suspect that this happens because the SIP client continuously generates packets, so that one could arrive between pfSense_kill_states and filter_configure_sync. My patch reverses the order of the two functions and seems to work, but I do not know whether this will introduce other problems.

states-bug.patch (1.22 KB) states-bug.patch Daniel Haid, 05/04/2015 08:53 AM

Associated revisions

Revision 86e6e0bc (diff)
Added by Jim Pingle about 2 months ago

Fix state kill ordering in rc.newwanip. Fixes #4674

Move state kill to after new rules and routing have been setup.
Otherwise there is a race condition where new states could be created
before the new rules and routing are in place.

Revision 5f66269d (diff)
Added by Jim Pingle about 2 months ago

Fix state kill ordering in rc.newwanip. Fixes #4674

Move state kill to after new rules and routing have been setup.
Otherwise there is a race condition where new states could be created
before the new rules and routing are in place.

(cherry picked from commit 86e6e0bcffcbb988dc7f80ac0aed25cad28d79eb)

History

#1 Updated by Luke Hamburg over 4 years ago

Interesting workaround! I will have to try this myself as we've had similar problems with SIP devices & Asterisk.

#2 Updated by Kill Bill over 2 years ago

Can someone look into this? Sounds to me like the ordering here is indeed just wrong.

#3 Updated by slu - over 2 years ago

SIP behind pfSense with changing WAN IP address is with this bug impossible.
I must delete every day the old states.

#4 Updated by Jim Pingle 2 months ago

  • Category set to Rules / NAT
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0

Looking at /etc/rc.newwanip it does appear to make more sense to configure before killing the old states.

#5 Updated by Jim Pingle about 2 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Also available in: Atom PDF