Bug #7231
closedWeb UI does not properly remove priq shaping rules when deleting an interface which causes subsequent rule failures without warning in the UI
0%
Description
Reproduce:
1. Provision pfSense 2.3.2 with 1 WAN and multiple LAN's.
2. Configure priq traffic shaper to limit traffic on all 3 LAN's.
3. Delete one of the LAN interfaces
actual Behavior:
The WebUI will allow you to delete the interface without any errors. Additionally it will allow you to create new IP aliases, NAT, and firewall rules. You can apply the rules but they never work leaving the end user to believe that they've mis-configured the new rules.
Expected Behavior:
One would expect the web UI to warn you that there are shaping rules "in use" and to remove them before deleting the interface.
Where I found the error:
I kept putting new rules in the GUI and then checking: pfctl -sr and not seeing my rules getting applied additionally I could not get an NAT translation to take place when checking pfctl -ss. These two things led me to believe that pf was not getting updated.
Upon further digging through system.log I noticed this error:
Feb 7 20:53:46 pfSense php-fpm52875: /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:53: syntax error - The line in question reads [53]: altq on priq bandwidth 157286.4Kb queue { qLink, qACK, qP2P, qOthersHigh, qOthersLow }
Checking:
/tmp/rules.debug on line 53 I found the following:
altq on priq bandwidth 157286.4Kb queue { qLink, qACK, qP2P, qOthersHigh, qOthersLow }
queue qLink on vtnet4 priority 2 qlimit 500 priq ( ecn , default )
queue qACK on vtnet4 priority 6 priq ( ecn )
queue qP2P on vtnet4 priority 1 priq ( ecn )
queue qOthersHigh on vtnet4 priority 4 priq ( ecn )
queue qOthersLow on vtnet4 priority 3 priq ( ecn )
The line that starts with "altq" should have an interface name between 'on' and 'priq'. the UI deleted the interface name but it did not delete the lines altogether. The proper priq config would look like this:
altq on vtnet5 priq bandwidth 157286.4Kb queue { qLink, qACK, qP2P, qOthersHigh, qOthersLow }
queue qLink on vtnet5 priority 2 qlimit 500 priq ( ecn , default )
queue qACK on vtnet5 priority 6 priq ( ecn )
queue qP2P on vtnet5 priority 1 priq ( ecn )
queue qOthersHigh on vtnet5 priority 4 priq ( ecn )
queue qOthersLow on vtnet5 priority 3 priq ( ecn )
To solve:
I went to the web UI and deleted my priority queue shaping rules then re-applied the firewall config. I then re-created my traffic shaping rules.
After recreating the shaping rules I updated my NAT and rules configs and now all NAT and firewall rules work as expected.
Updated by John Barfield over 7 years ago
I think this was accidentally posted in the pkg's section. Could someone move it to the proper area of pfSense?
Updated by Anonymous over 7 years ago
- Project changed from pfSense Packages to pfSense
- Category set to Web Interface
- Status changed from New to Assigned
- Target version set to 2.4.0
- Affected Version set to 2.3.x
Traffic shaper queue test has been added to the validation when deleting an interface. The user must now delete any queues on the interface before it can be deleted.
Updated by Anonymous over 7 years ago
- Status changed from Assigned to Feedback
- % Done changed from 0 to 100
Applied in changeset 85ea9d468ed5ac21a207554a53d4638f4b7547c9.
Updated by Anonymous over 7 years ago
On 2.4.0.b.20170401.1306, when attempting to delete an interface with traffic shaping configured, there is a warning to remove all queues from the interface before continuing and the interface is not deleted.