Bug #8744
closed
Re-configuring an enabled captiveportal cause ipfw to drop all traffic, pfSense_ipfw_tables_list() is to blame (PHP 7 related?)
0%
Description
This happens only on recent dev snapshots, not on stable release.
Steps to follow to reproduce the bug:
1) Create a captiveportal. Enable it/assign it to any interface, with any authentication method. click save
2) go to the captiveportal settings page again and edit any setting. Click save again
3) After clicking "save", GUI connection is dropped ("connection reset"). All traffic going from/to this interface is now blocked
Root cause :¶
Short: the problem come from pfSense_ipfw_tables_list() not returning the correct list of ipfw tables.
Long: The problem come from this line : https://github.com/pfsense/pfsense/blob/master/src/etc/inc/captiveportal.inc#L679
Ipfw does not apply rules and instead reply Line 2: Table creation failed: File exists when updating an already-enabled captivportal.
The line 2 correspond to here https://github.com/pfsense/pfsense/blob/master/src/etc/inc/captiveportal.inc#L584
Ipfw complains here about the table {$cpzone}_pipe_mac not being removed. It's weird, because captiveportal_delete_rules() is supposed to delete it.
captiveportal_delete_rules() is actually using pfSense_ipfw_tables_list() for getting all ipfw tables.
This function is apparently not listing all tables.
Here is an example :
[2.4.4-DEVELOPMENT][root@pfSense.localdomain]/root: ipfw table all list
--- table(cp_ifaces), set(0) ---
em1 2100 3679 534432 1533319636
--- table(mycaptiveportal_auth_up), set(0) ---
--- table(mycaptiveportal_host_ips), set(0) ---
192.168.20.1/32 0 565 88858 1533319634
--- table(mycaptiveportal_pipe_mac), set(0) ---
--- table(mycaptiveportal_auth_down), set(0) ---
--- table(mycaptiveportal_allowed_up), set(0) ---
--- table(mycaptiveportal_allowed_down), set(0) ---
[2.4.4-DEVELOPMENT][root@pfSense.localdomain]/root: php -r "print_r(pfSense_ipfw_tables_list());"
Array
(
[0] => Array
(
[name] => cp_ifaces
[count] => 1
[size] => 448
[set] => 0
[algoname] => iface:array
[type] => interface
)
[1] => Array
(
[name] => $
[count] => 0
[size] => 4294960112
[set] => 4294959960
[limit] => 32767
[algoname] => ▒▒▒▒
[type] => unknown
)
[2] => Array
(
[name] => $
[count] => 0
[size] => 4294960112
[set] => 4294959960
[limit] => 32767
[algoname] => ▒▒▒▒
[type] => unknown
)
[3] => Array
(
[name] => $
[count] => 0
[size] => 4294960112
[set] => 4294959960
[limit] => 32767
[algoname] => ▒▒▒▒
[type] => unknown
)
[4] => Array
(
[name] => $
[count] => 0
[size] => 4294960112
[set] => 4294959960
[limit] => 32767
[algoname] => ▒▒▒▒
[type] => unknown
)
[5] => Array
(
[name] => $
[count] => 0
[size] => 4294960112
[set] => 4294959960
[limit] => 32767
[algoname] => ▒▒▒▒
[type] => unknown
)
[6] => Array
(
[name] => $
[count] => 0
[size] => 4294960112
[set] => 4294959960
[limit] => 32767
[algoname] => ▒▒▒▒
[type] => unknown
)
)
pfSense_ipfw_tables_list() does not reflect the content of ipfw table all list command.
Not sure if it is a PHP7 related bug or not, since pfSense_ipfw_tables_list() is written in C++ in pfsense.c ?
Updated by
Updated by A FL over 5 years ago
Sorry, the two mentioned URL above are not correct anymore due to recent captiveportal.inc changes on master.
Here are updated URL
1st link : https://github.com/pfsense/pfsense/blob/e26b805c92d2454629a8f63ca491c2c3c812d9dc/src/etc/inc/captiveportal.inc#L679
2nd link : https://github.com/pfsense/pfsense/blob/e26b805c92d2454629a8f63ca491c2c3c812d9dc/src/etc/inc/captiveportal.inc#L584
Updated by Anonymous over 5 years ago
- Status changed from In Progress to Feedback
Fix should be in the next snapshot.
Thanks for your detective work. It made finding this issue a great deal easier!
Updated by A FL over 5 years ago
I confirm, it's fixed.
This can be marked as resolved.
Updated by Renato Botelho over 5 years ago
- Status changed from Feedback to Resolved