Project

General

Profile

Bug #543

IP alias input validation problem

Added by Chris Buechler over 9 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Low
Assignee:
-
Category:
Virtual IP Addresses
Target version:
Start date:
04/24/2010
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

When you have an interface with IP "none" configured, and have an IP alias on that interface, after adding the IP alias you can no longer edit that IP alias. It triggers input validation "The $interface IP address may not be used in a virtual entry."

Interface config:

                <opt2>
                        <descr>OPT2</descr>
                        <if>em3</if>
                        <enable/>
                        <alias-address/>
                        <alias-subnet>32</alias-subnet>
                        <spoofmac/>
                </opt2>

VIP config:

                <vip>
                        <mode>ipalias</mode>
                        <interface>opt2</interface>
                        <descr/>
                        <type>single</type>
                        <subnet_bits>24</subnet_bits>
                        <subnet>192.168.4.5</subnet>
                </vip>

It's initially added fine, but if you go in and edit it, you cannot save it.

Associated revisions

Revision 62a4abc9 (diff)
Added by Ermal Luçi almost 9 years ago

Ticket #543. Do not allow to change an interface already configured to a type none if it is referenced by VIPs and also do not allow VIPs to be configured on an interface with type none. Maybe the latest should be relaxed to only disallow this for ipaliases?!

History

#1 Updated by Ermal Luçi over 9 years ago

  • Status changed from New to Feedback

I cannot reproduce this on latest snapshots.

#2 Updated by Chris Buechler over 9 years ago

  • Status changed from Feedback to New

Sent you a config to replicate it.

#3 Updated by Ermal Luçi over 9 years ago

I am not sure if there is a solution to this.
I investigated on providing a fix for this but otherwise it will break cases when an openvpn/ppp/gre/gif type interface is assigned.
Not sure if this should be allowed to have an alias for interfaces that do not have an ip address configured at all, since it does not make even sense to have an alias in an interface that has not an ip?!
This alias will be treated as the interface ip. I will look if this can be handled directly in the pfSense php module though i think not.

#4 Updated by Chris Buechler over 9 years ago

It probably really doesn't make sense to add a VIP IP alias on an interface configured without an IP. So the solution can be as simple as not allowing an alias VIP if the interface IP is set to "none". No sense in putting a lot of time into such an unusual situation that people aren't likely to hit anyway.

#5 Updated by Erik Fonnesbeck over 9 years ago

When changing it to none, if there are already existing alias VIPs, it could either not allow changing it to none until they are removed, or warn that they will be deleted when changing it to none.

#6 Updated by Ermal Luçi about 9 years ago

  • Priority changed from Normal to Low

#7 Updated by Ermal Luçi almost 9 years ago

  • Status changed from New to Feedback

#8 Updated by Chris Buechler over 8 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF