Bug #4902
closedXMLRPC Sync version check ineffective in some cases
100%
Description
With an HA setup with XMLRPC sync there is supposed to be a version check to prevent different versions of pfSense from synchronizing due to configuration differences. This does not seem to be functional currently as a 2.1.x primary can still sync to a 2.2.x secondary which breaks various areas such as outbound NAT, captive portal zones, and others that differ based on the configuration revisions between the versions.
Updated by Jim Pingle almost 10 years ago
Looks like we only test for "$parsed_response['config_version'] < $config['version']" and not greater than.
https://github.com/pfsense/pfsense/blob/RELENG_2_2/etc/rc.filter_synchronize#L126
Updated by Jim Pingle almost 10 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset 33697d18572e8f3f320b0627101e663710fa3dba.
Updated by Jim Pingle almost 10 years ago
Applied in changeset 4379f31869e48e98f73600a166854ab417c3f645.
Updated by Jim Pingle over 9 years ago
- Status changed from Feedback to Resolved
Re-tested each possible scenario here. Any time the versions differ, either older or newer, the sync stops as desired.
1: P:11.9 S:11.9 -- Sync worked
2: P:11.9 S:11.8 -- Generated error
3: P:11.9 S:12.0 -- Generated error
4: P:11.8 S:11.9 -- Generated error
5: P:12.0 S:11.9 -- Generated error
6: P:11.9 S:11.9 -- Sync worked again
Tests 4 and 5 were technically redundant (4 the same as 3, 5 the same as 2) but I ran them anyhow for completeness.