State Killing Buttons on State Table Have Strange Behavior
-
Hello.
I'm on version 2.2.4, though I'm pretty sure this has been happening even in previous versions…
I'm noticing some strange or non-functional behaviour of the buttons on the "Diagnostics > State Table" page that allow you to kill individual states.
Not sure if this is a bug, or just me perceiving things incorrectly.
I went ahead and made a quick YouTube video with a demo to show off the issue. Please do let me know if there's anything else I should test or experiment with to give a better answer, though you might also be able to experiment yourself.
I did search the forums first, and found this thread. It might be related to my issue, but it had no resolution.
https://forum.pfsense.org/index.php?topic=38689.0
Thanks everyone!
-
cmb already said he'll reply to you (he's probably asleep now) but I just wanted to say nice catch and great way to demonstrate a issue you've found! : )
-
AFAICT it won't ever work because you leave the mtr thing running and the code that's selectively killing the states via those buttons is damn ineffective.
-
cmb already said he'll reply to you (he's probably asleep now) but I just wanted to say nice catch and great way to demonstrate a issue you've found! : )
Hopefully, and thank you!
AFAICT it won't ever work because you leave the mtr thing running and the code that's selectively killing the states via those buttons is damn ineffective.
Perhaps, though you're welcome to run this test yourself with something more typical like an HTTP connection to an internet webserver, downloading a file. I've done so with similar results. It occurs to me that the state killing buttons do seem to do something, but it might not be as simple as killing the specific state you select. As I mentioned at the end of the video, sometimes killing a state seems to kill other states going to that same destination IP, affecting other computers on the network too. If this is by design, I'd like to learn a bit more about how it's supposed to work. It wasn't this way in the past though that's for sure.
-
pfctl isn't smart enough to kill just one state by port, when you use the "x" button it kills all states between the IP addresses it lists when you mouseover. If it's a state with NAT applied, the kill is between your public IP address and the remote destination IP address which could catch quite a lot if you have multiple connections going there.
-
Also the "filter" feature has no effect on the "x" behavior. It does not limit that in any way. It only filters the output.
-
It's the "kill" button (versus the 'x') that's being questioned though. But it seems (from my limited knowledge on viewing this) that 'x' and 'kill' call the same thing.
https://github.com/pfsense/pfsense/blob/master/usr/local/www/diag_dump_states.php
edit: Kill is for all states for the 'filtered' IP…. 'x' is for states with the src and dst IP?
-
Yes, kill button kills all states TO and FROM the filtered IP address (or a subnet works there also) – however the filtering and kill behavior would differ slightly since pfctl interprets that as an IP address explicitly while filter would match a substring/partial. So a kill for x.x.x.10 would only kill states to/from x.x.x.10 but filter would also show you states for x.x.x.100, 101, 102, and so on.
The 'x' button will tell you exactly what it will do on mouseover. It lists the IP addresses and it kills all states between those two addresses. Which ones it shows depends on the type of state.
-
You know, I think I have come across this too. I could be wrong.
Every now and then I check my state table for folks trying to hammer my Windows RDP machine. I'll add their IP to an alias rule and kill their table states. This used to work fine on v2.1.x. Now when I kill the table states and hit the filter button, the connections keep showing up like your video shows.
-
Something else to try is enter x.x.x.x/32 and kill that, see if the behavior changes. you'll have to take off the /32 for filtering to work though.
-
Previously I would filter by port using "3389" for RDP. Then hit the X's to kill the connections. I tried using the IP this time so that the "kill" button showed. That seemed to legitimately kill the connections. Hitting the filter button again(and even waiting for a bit) produced no connections popping back up as established. So the X buttons not doing their job?
-
I think I see the source of what you described there. The source and destination are backwards for some states. Ones that look like this:
1.1.1.1:443 <- 10.0.6.20:56835That's source 10.0.6.20, dest 1.1.1.1. When you hover over the X to the right, it shows the opposite of that. Then when you hit the X to kill it, it kills the opposite direction, which doesn't exist. So only states with the direction as -> worked.
I just fixed that.
https://redmine.pfsense.org/issues/4907You know, I think I have come across this too. I could be wrong.
This used to work fine on v2.1.x.It's always had this issue, dating back to the introduction of that feature. You just happened to be getting the states in the other direction instead when it previously worked.
-
Awesome, thanks Chris!
-
Also fixed IPv6 individual state killing, which had never worked at all, while I was there.
https://redmine.pfsense.org/issues/4906
