Project

General

Profile

Actions

Bug #8744

closed

Re-configuring an enabled captiveportal cause ipfw to drop all traffic, pfSense_ipfw_tables_list() is to blame (PHP 7 related?)

Added by A FL over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Very High
Assignee:
-
Category:
Captive Portal
Target version:
Start date:
08/03/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4
Affected Architecture:
All

Description

This happens only on recent dev snapshots, not on stable release.

Steps to follow to reproduce the bug:
1) Create a captiveportal. Enable it/assign it to any interface, with any authentication method. click save
2) go to the captiveportal settings page again and edit any setting. Click save again
3) After clicking "save", GUI connection is dropped ("connection reset"). All traffic going from/to this interface is now blocked

Root cause :

Short: the problem come from pfSense_ipfw_tables_list() not returning the correct list of ipfw tables.

Long: The problem come from this line : https://github.com/pfsense/pfsense/blob/master/src/etc/inc/captiveportal.inc#L679

Ipfw does not apply rules and instead reply Line 2: Table creation failed: File exists when updating an already-enabled captivportal.
The line 2 correspond to here https://github.com/pfsense/pfsense/blob/master/src/etc/inc/captiveportal.inc#L584

Ipfw complains here about the table {$cpzone}_pipe_mac not being removed. It's weird, because captiveportal_delete_rules() is supposed to delete it.

captiveportal_delete_rules() is actually using pfSense_ipfw_tables_list() for getting all ipfw tables.

This function is apparently not listing all tables.

Here is an example :

[2.4.4-DEVELOPMENT][root@pfSense.localdomain]/root: ipfw table all list
--- table(cp_ifaces), set(0) ---
em1 2100 3679 534432 1533319636
--- table(mycaptiveportal_auth_up), set(0) ---
--- table(mycaptiveportal_host_ips), set(0) ---
192.168.20.1/32 0 565 88858 1533319634
--- table(mycaptiveportal_pipe_mac), set(0) ---
--- table(mycaptiveportal_auth_down), set(0) ---
--- table(mycaptiveportal_allowed_up), set(0) ---
--- table(mycaptiveportal_allowed_down), set(0) ---

[2.4.4-DEVELOPMENT][root@pfSense.localdomain]/root:  php -r "print_r(pfSense_ipfw_tables_list());" 
Array
(
    [0] => Array
        (
            [name] => cp_ifaces
            [count] => 1
            [size] => 448
            [set] => 0
            [algoname] => iface:array
            [type] => interface
        )

    [1] => Array
        (
            [name] => $
            [count] => 0
            [size] => 4294960112
            [set] => 4294959960
            [limit] => 32767
            [algoname] => ▒▒▒▒
            [type] => unknown
        )

    [2] => Array
        (
            [name] => $
            [count] => 0
            [size] => 4294960112
            [set] => 4294959960
            [limit] => 32767
            [algoname] => ▒▒▒▒
            [type] => unknown
        )

    [3] => Array
        (
            [name] => $
            [count] => 0
            [size] => 4294960112
            [set] => 4294959960
            [limit] => 32767
            [algoname] => ▒▒▒▒
            [type] => unknown
        )

    [4] => Array
        (
            [name] => $
            [count] => 0
            [size] => 4294960112
            [set] => 4294959960
            [limit] => 32767
            [algoname] => ▒▒▒▒
            [type] => unknown
        )

    [5] => Array
        (
            [name] => $
            [count] => 0
            [size] => 4294960112
            [set] => 4294959960
            [limit] => 32767
            [algoname] => ▒▒▒▒
            [type] => unknown
        )

    [6] => Array
        (
            [name] => $
            [count] => 0
            [size] => 4294960112
            [set] => 4294959960
            [limit] => 32767
            [algoname] => ▒▒▒▒
            [type] => unknown
        )

)

pfSense_ipfw_tables_list() does not reflect the content of ipfw table all list command.

Not sure if it is a PHP7 related bug or not, since pfSense_ipfw_tables_list() is written in C++ in pfsense.c ?

Actions

Also available in: Atom PDF