Netgate SG-1000 microFirewall

Author Topic: gitsync flushes states, as of a few days ago  (Read 3723 times)

0 Members and 1 Guest are viewing this topic.

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1000
  • Karma: +5/-0
    • View Profile
gitsync flushes states, as of a few days ago
« on: September 04, 2013, 01:38:51 pm »
I've noticed that since a few days ago, doing a gitsync (CLI# pfSsh.php playback gitsync RELENG_2_1) seems to kill open states (e.g. I have to restart all my ssh connections everytime I sync to latest webGUI code)

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1434/-26
    • View Profile
Re: gitsync flushes states, as of a few days ago
« Reply #1 on: September 04, 2013, 02:14:37 pm »
Do you have any gateways that are marked as down?

See http://redmine.pfsense.org/issues/3181
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline fragged

  • Sr. Member
  • ****
  • Posts: 402
  • Karma: +27/-1
    • View Profile
Re: gitsync flushes states, as of a few days ago
« Reply #2 on: September 05, 2013, 06:12:21 am »
Either that or some other new change seems to kill states on regular filter reload. I lose SSH connection to pfsense and RDP connection to my home PC when I change a setting that triggers a filter reload.

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +956/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: gitsync flushes states, as of a few days ago
« Reply #3 on: September 05, 2013, 06:14:46 am »
new change seems to kill states on regular filter reload. I lose SSH connection to pfsense and RDP connection to my home PC when I change a setting that triggers a filter reload.

+1
Do NOT PM for help!

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +550/-3
    • View Profile
    • International Nepal Fellowship
Re: gitsync flushes states, as of a few days ago
« Reply #4 on: September 05, 2013, 07:15:50 am »
I had a system on a 3 Sep snapshot, just updating it now to the latest 4 Sep one that has been tagged as "2.1-RC2". While downloading the update file to my netbook the download kept stopping, and I had to pause continue it. I was making other config changes at the time, so I then made and effort to stop pressing "apply" while the download was running. It still kept stopping. This system has a few site-to-site OpenVPN links coming in to it, and I know they go up and down a lot. So probably there were OpenVPN link transitions happening.
Anyway, I suspect that all states are being cleaned out quite often now, after this commit: https://github.com/pfsense/pfsense/commit/c59dd719e0a6d9ee8deecaa7bff0d6ee8c76e4ca
If that is happening whenever a site-to-site OpenVPN goes up or down, then it will be painful for ordinary users of the main WAN.
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +956/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: gitsync flushes states, as of a few days ago
« Reply #5 on: September 05, 2013, 07:20:02 am »
Anyway, I suspect that all states are being cleaned out quite often now, after this commit: https://github.com/pfsense/pfsense/commit/c59dd719e0a6d9ee8deecaa7bff0d6ee8c76e4ca
If that is happening whenever a site-to-site OpenVPN goes up or down, then it will be painful for ordinary users of the main WAN.

No OVPN involved here. Simple, every filter reload seems to flush all states. Things such as cron triggered pfBlocker updates, or whatever. Kaboom, disconnected, go to logs, last thing before that is check_reload_status: Reloading filter. Needless to say, this is extremely annoying.
Do NOT PM for help!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1434/-26
    • View Profile
Re: gitsync flushes states, as of a few days ago
« Reply #6 on: September 05, 2013, 07:32:24 am »
Gitsync again, Ermal just pushed a fix, seems some of the logic went missing on the commit to change the behavior. Should be better now.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +956/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: gitsync flushes states, as of a few days ago
« Reply #7 on: September 05, 2013, 07:44:46 am »
Gitsync again, Ermal just pushed a fix, seems some of the logic went missing on the commit to change the behavior. Should be better now.

Thanks, applied 5aa44e98465dcdb4bde806b5c3cb0a16d30dcb5d and 36fa13a632bad73fb2a8fdc2e9627e3190ea63c6, will watch how's it going.
Do NOT PM for help!

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1000
  • Karma: +5/-0
    • View Profile
Re: gitsync flushes states, as of a few days ago
« Reply #8 on: September 05, 2013, 08:43:55 am »
Gitsync again, Ermal just pushed a fix, seems some of the logic went missing on the commit to change the behavior. Should be better now.

Thanks, the issue reported in the first post seems to be fixed now.

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +550/-3
    • View Profile
    • International Nepal Fellowship
Re: gitsync flushes states, as of a few days ago
« Reply #9 on: September 06, 2013, 02:19:53 am »
I have updated 2 systems to a snap including the fix. I just downloaded a 200MB file that took 35 minutes, with both systems in the download path (One on the main WAN links, and a test box sitting behind it, and the client behind that). It ran at full WAN speed and finished perfectly.
Yesterday the download kept stopping and I had to pause/continue it constantly - presumably because of the state killing.
All is well with the world now.
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +956/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: gitsync flushes states, as of a few days ago
« Reply #10 on: September 06, 2013, 04:55:03 am »
WFM now, sanity restored. :D
Do NOT PM for help!