Project

General

Profile

Bug #4674

invalid state table entries after WAN IP change

Added by Daniel Haid almost 5 years ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
05/04/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
Affected Architecture:

Description

This is similar to Bug #1629. I have a SIP client behind pfsense 2.2.2. When the WAN IP changes, there is a state table entry with the old IP, and the SIP client can not register anymore.

I suspect that this happens because the SIP client continuously generates packets, so that one could arrive between pfSense_kill_states and filter_configure_sync. My patch reverses the order of the two functions and seems to work, but I do not know whether this will introduce other problems.

states-bug.patch (1.22 KB) states-bug.patch Daniel Haid, 05/04/2015 08:53 AM

Associated revisions

Revision 86e6e0bc (diff)
Added by Jim Pingle 6 months ago

Fix state kill ordering in rc.newwanip. Fixes #4674

Move state kill to after new rules and routing have been setup.
Otherwise there is a race condition where new states could be created
before the new rules and routing are in place.

Revision 5f66269d (diff)
Added by Jim Pingle 6 months ago

Fix state kill ordering in rc.newwanip. Fixes #4674

Move state kill to after new rules and routing have been setup.
Otherwise there is a race condition where new states could be created
before the new rules and routing are in place.

(cherry picked from commit 86e6e0bcffcbb988dc7f80ac0aed25cad28d79eb)

History

#1 Updated by Luke Hamburg almost 5 years ago

Interesting workaround! I will have to try this myself as we've had similar problems with SIP devices & Asterisk.

#2 Updated by Kill Bill about 3 years ago

Can someone look into this? Sounds to me like the ordering here is indeed just wrong.

#3 Updated by slu - about 3 years ago

SIP behind pfSense with changing WAN IP address is with this bug impossible.
I must delete every day the old states.

#4 Updated by Jim Pingle 7 months ago

  • Category set to Rules / NAT
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0

Looking at /etc/rc.newwanip it does appear to make more sense to configure before killing the old states.

#5 Updated by Jim Pingle 6 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#6 Updated by Jim Pingle 3 months ago

  • Target version changed from 2.5.0 to 2.4.5

#7 Updated by Jim Pingle about 2 months ago

  • Status changed from Feedback to Resolved

No feedback from OP or previous commenters, and at least with a quick test here it appears to be doing the right thing now compared to the previous code.

Can revisit if people still encounter issues.

Also available in: Atom PDF