Project

General

Profile

Actions

Bug #4902

closed

XMLRPC Sync version check ineffective in some cases

Added by Jim Pingle about 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
XMLRPC
Target version:
Start date:
07/29/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.x
Affected Architecture:
All

Description

With an HA setup with XMLRPC sync there is supposed to be a version check to prevent different versions of pfSense from synchronizing due to configuration differences. This does not seem to be functional currently as a 2.1.x primary can still sync to a 2.2.x secondary which breaks various areas such as outbound NAT, captive portal zones, and others that differ based on the configuration revisions between the versions.

Actions #1

Updated by Jim Pingle about 6 years ago

Looks like we only test for "$parsed_response['config_version'] < $config['version']" and not greater than.

https://github.com/pfsense/pfsense/blob/RELENG_2_2/etc/rc.filter_synchronize#L126

Actions #2

Updated by Jim Pingle about 6 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Jim Pingle about 6 years ago

Actions #4

Updated by Jim Thompson about 6 years ago

  • Assignee set to Jim Pingle
Actions #5

Updated by Jim Pingle about 6 years ago

  • Status changed from Feedback to Resolved

Re-tested each possible scenario here. Any time the versions differ, either older or newer, the sync stops as desired.

1: P:11.9 S:11.9 -- Sync worked
2: P:11.9 S:11.8 -- Generated error
3: P:11.9 S:12.0 -- Generated error
4: P:11.8 S:11.9 -- Generated error
5: P:12.0 S:11.9 -- Generated error
6: P:11.9 S:11.9 -- Sync worked again

Tests 4 and 5 were technically redundant (4 the same as 3, 5 the same as 2) but I ran them anyhow for completeness.

Actions

Also available in: Atom PDF