Bug? in Gateway Group creation screen
-
Hi all,
As I'm pretty sure it's a UI-selection bug, I documented our findings in this redmine ticket:
https://redmine.pfsense.org/issues/14524To summarize it here: The gateway group creation/edit screen has a column for selecting the correct IP that the failover/loadbalancing GW should use. As we tried it on a customer's CARP cluster, the main VIP for WAN1/2 showed up correctly. If one utilizes the "Alias on top of CARP"-style method of adding more then one VIP to the corresponding WAN interface (e.g. having a /29 and utilizing the other 2 IPs left), those Alias IPs won't show up in the dropdown box in this selection screen, only the one that are created with type "CARP" are shown.
Fix: Should include the VIPs that are of type "Alias on top of a CARP interface", too. For screenshots see the attached redmine ticket.
If you need more information I'm happy to supply.
Cheers
\jens -
Problem most certainly stems from
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/util.incand will be present in either CE and Plus versions.I assume it's a problem in
build_vip_list()or better said in the selection ofget_configured_vip_list()below the list function. More specifically, the problem seems to stem fromget_configured_vip_interfacewhich callsget_configured_vip_detailis not reporting back the correct interface (WAN, etc) so the Alias-on-CARP gets filtered out and isn't displayed in the dropdown.function build_vip_list($fif, $family = "all") { $list = array('address' => gettext('Interface Address')); $viplist = get_configured_vip_list($family); foreach ($viplist as $vip => $address) { if ($fif == get_configured_vip_interface($vip)) { $list[$vip] = "$address"; if (get_vip_descr($address)) { $list[$vip] .= " (". get_vip_descr($address) .")"; } } } return($list); } (...) // -> hands over $vip, all, iface function get_configured_vip_detail($vipinterface = '', $family = 'inet', $what = 'ip') { global $config; if (empty($vipinterface) || !is_array($config['virtualip']) || !is_array($config['virtualip']['vip']) || empty($config['virtualip']['vip'])) { return (NULL); } $viparr = &$config['virtualip']['vip']; foreach ($viparr as $vip) { if ($vip['mode'] != "carp" && $vip['mode'] != "ipalias") { continue; } if ($vipinterface != "_vip{$vip['uniqid']}") { continue; } switch ($what) { case 'subnet': if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) return ($vip['subnet_bits']); else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) return ($vip['subnet_bits']); break; case 'iface': return ($vip['interface']); break; case 'vip': return ($vip); break; case 'ip': default: if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { return ($vip['subnet']); } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { return ($vip['subnet']); } break; } break; } return (NULL); } -
I posted a quick patch for that in the redmine issue. You can add it as a custom patch via System Patches like this:
Description: WebUI: missing option to select Alias-on-CARP VIPs in Gateway Group creation
URL: (none)Patch:
--- util.inc +++ util.inc @@ -1487,6 +1487,18 @@ $list[$vip] .= " (". get_vip_descr($address) .")"; } } + else { // MODIFICATION START + // only check Alias VIPs on CARP that return _vip* instead of an interface description + $parentif = get_configured_vip_interface($vip); + if (str_starts_with($parentif, "_vip")) { + if ($fif == get_configured_vip_interface($parentif)) { + $list[$vip] = "$address"; + if (get_vip_descr($address)) { + $list[$vip] .= " (". get_vip_descr($address) .")"; + } + } + } + } // MODIFICATION END } return($list);Base Directory: /etc/inc/
leave everything else as it is.
-
J JeGr referenced this topic on Jul 3, 2023, 11:15 AM
-
As no one official has acknowledged the bug yet - just wanted to report it running like this on a customer's box that needed it urgently and since implementing the fix 2 days ago, it still works without anything bad breaking or anything.