Project

General

Profile

Bug #8744

Re-configuring an enabled captiveportal cause ipfw to drop all traffic, pfSense_ipfw_tables_list() is to blame (PHP 7 related?)

Added by A FL 11 months ago. Updated 10 months ago.

Status:
Resolved
Priority:
Very High
Assignee:
Category:
Captive Portal
Target version:
Start date:
08/03/2018
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.4
Affected Architecture:
All

Description

This happens only on recent dev snapshots, not on stable release.

Steps to follow to reproduce the bug:
1) Create a captiveportal. Enable it/assign it to any interface, with any authentication method. click save
2) go to the captiveportal settings page again and edit any setting. Click save again
3) After clicking "save", GUI connection is dropped ("connection reset"). All traffic going from/to this interface is now blocked

Root cause :

Short: the problem come from pfSense_ipfw_tables_list() not returning the correct list of ipfw tables.

Long: The problem come from this line : https://github.com/pfsense/pfsense/blob/master/src/etc/inc/captiveportal.inc#L679

Ipfw does not apply rules and instead reply Line 2: Table creation failed: File exists when updating an already-enabled captivportal.
The line 2 correspond to here https://github.com/pfsense/pfsense/blob/master/src/etc/inc/captiveportal.inc#L584

Ipfw complains here about the table {$cpzone}_pipe_mac not being removed. It's weird, because captiveportal_delete_rules() is supposed to delete it.

captiveportal_delete_rules() is actually using pfSense_ipfw_tables_list() for getting all ipfw tables.

This function is apparently not listing all tables.

Here is an example :

[2.4.4-DEVELOPMENT][root@pfSense.localdomain]/root: ipfw table all list
--- table(cp_ifaces), set(0) ---
em1 2100 3679 534432 1533319636
--- table(mycaptiveportal_auth_up), set(0) ---
--- table(mycaptiveportal_host_ips), set(0) ---
192.168.20.1/32 0 565 88858 1533319634
--- table(mycaptiveportal_pipe_mac), set(0) ---
--- table(mycaptiveportal_auth_down), set(0) ---
--- table(mycaptiveportal_allowed_up), set(0) ---
--- table(mycaptiveportal_allowed_down), set(0) ---

[2.4.4-DEVELOPMENT][root@pfSense.localdomain]/root:  php -r "print_r(pfSense_ipfw_tables_list());" 
Array
(
    [0] => Array
        (
            [name] => cp_ifaces
            [count] => 1
            [size] => 448
            [set] => 0
            [algoname] => iface:array
            [type] => interface
        )

    [1] => Array
        (
            [name] => $
            [count] => 0
            [size] => 4294960112
            [set] => 4294959960
            [limit] => 32767
            [algoname] => ▒▒▒▒
            [type] => unknown
        )

    [2] => Array
        (
            [name] => $
            [count] => 0
            [size] => 4294960112
            [set] => 4294959960
            [limit] => 32767
            [algoname] => ▒▒▒▒
            [type] => unknown
        )

    [3] => Array
        (
            [name] => $
            [count] => 0
            [size] => 4294960112
            [set] => 4294959960
            [limit] => 32767
            [algoname] => ▒▒▒▒
            [type] => unknown
        )

    [4] => Array
        (
            [name] => $
            [count] => 0
            [size] => 4294960112
            [set] => 4294959960
            [limit] => 32767
            [algoname] => ▒▒▒▒
            [type] => unknown
        )

    [5] => Array
        (
            [name] => $
            [count] => 0
            [size] => 4294960112
            [set] => 4294959960
            [limit] => 32767
            [algoname] => ▒▒▒▒
            [type] => unknown
        )

    [6] => Array
        (
            [name] => $
            [count] => 0
            [size] => 4294960112
            [set] => 4294959960
            [limit] => 32767
            [algoname] => ▒▒▒▒
            [type] => unknown
        )

)

pfSense_ipfw_tables_list() does not reflect the content of ipfw table all list command.

Not sure if it is a PHP7 related bug or not, since pfSense_ipfw_tables_list() is written in C++ in pfsense.c ?

History

#1 Updated by Steve Beaver 10 months ago

  • Assignee set to Steve Beaver

#2 Updated by Jim Pingle 10 months ago

Possibly related to #8783

#3 Updated by A FL 10 months ago

#4 Updated by Steve Beaver 10 months ago

  • Status changed from New to In Progress

#5 Updated by Steve Beaver 10 months ago

  • Status changed from In Progress to Feedback

Fix should be in the next snapshot.

Thanks for your detective work. It made finding this issue a great deal easier!

#6 Updated by A FL 10 months ago

I confirm, it's fixed.
This can be marked as resolved.

#7 Updated by Renato Botelho 10 months ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF