Upgrade to 2.3 PHP crash report related to snort. snort was uninstalled on 2.1.5



  • This was a 2.1.5 system that only had the snort package installed.  I un-installed snort before the upgrade to 2.3.  After the upgrade the server rebooted without issue except an Load Balancer / VIP IP Alias issue reported in another thread.  Things appear to work though (except Load Balancer / VIP IP Alias) so I am uncertain what this is affecting if anything.

    I got a crash report on 2.3 even though snort was never installed on 2.3 yet.

    10.3-RELEASE
    FreeBSD 10.3-RELEASE #6 05adf0a(RELENG_2_3_0): Mon Apr 11 18:52:07 CDT 2016     root@ce23-amd64-builder:/builder/pfsense-230/tmp/obj/builder/pfsense-230/tmp/FreeBSD-src/sys/pfSense
    
    Crash report details:
    
    PHP Errors:
    [13-Apr-2016 00:27:05 America/New_York] PHP Stack trace:
    [13-Apr-2016 00:27:05 America/New_York] PHP   1\. {main}() /tmp/snort_sync_cmds.php:0
    [13-Apr-2016 00:27:05 America/New_York] PHP Fatal error:  require_once(): Failed opening required '/usr/local/pkg/snort/snort.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form') in /tmp/snort_sync_cmds.php on line 2
    [13-Apr-2016 00:27:05 America/New_York] PHP Stack trace:
    [13-Apr-2016 00:27:05 America/New_York] PHP   1\. {main}() /tmp/snort_sync_cmds.php:0
    [13-Apr-2016 00:27:05 America/New_York] PHP Stack trace:
    [13-Apr-2016 00:27:05 America/New_York] PHP   1\. {main}() /tmp/snort_sync_cmds.php:0
    [13-Apr-2016 00:27:05 America/New_York] PHP Fatal error:  require_once(): Failed opening required '/usr/local/pkg/snort/snort.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form') in /tmp/snort_sync_cmds.php on line 2
    [13-Apr-2016 00:27:05 America/New_York] PHP Stack trace:
    [13-Apr-2016 00:27:05 America/New_York] PHP   1\. {main}() /tmp/snort_sync_cmds.php:0
    [13-Apr-2016 00:27:06 America/New_York] PHP Stack trace:
    [13-Apr-2016 00:27:06 America/New_York] PHP   1\. {main}() /tmp/snort_sync_cmds.php:0
    [13-Apr-2016 00:27:06 America/New_York] PHP Fatal error:  require_once(): Failed opening required '/usr/local/pkg/snort/snort.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form') in /tmp/snort_sync_cmds.php on line 2
    [13-Apr-2016 00:27:06 America/New_York] PHP Stack trace:
    [13-Apr-2016 00:27:06 America/New_York] PHP   1\. {main}() /tmp/snort_sync_cmds.php:0
    [13-Apr-2016 00:27:07 America/New_York] PHP Stack trace:
    [13-Apr-2016 00:27:07 America/New_York] PHP   1\. {main}() /tmp/snort_sync_cmds.php:0
    [13-Apr-2016 00:27:07 America/New_York] PHP Fatal error:  require_once(): Failed opening required '/usr/local/pkg/snort/snort.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form') in /tmp/snort_sync_cmds.php on line 2
    [13-Apr-2016 00:27:07 America/New_York] PHP Stack trace:
    [13-Apr-2016 00:27:07 America/New_York] PHP   1\. {main}() /tmp/snort_sync_cmds.php:0
    
    Filename: /var/crash/minfree
    2048
    


  • Those problems seem to be because a master CARP Sync box is attempting to execute an XMLRPC sync sequence with this box.  Because Snort is not installed, the commands the sync process is trying to run can't work (because the code files it is trying to call are missing).

    Either find and shutdown the sync on the master firewall, or reinstall Snort on this host.

    Bill



  • Thanks.  I have it disabled according to the GUI on the primary which is not upgraded yet (pfsense 2.1.5).  I made sure to disable all of the Sync stuff before upgrading the secondary but I guess it is ignoring the snort setting to not enable sync.  It was an older version of snort package (Snort 2.9.7.0 pkg v3.2.3) installed on the primary so maybe it had an issue where it doesn't disable properly.  It sounds like this is not a big deal at all.

    Primary sync settings on primary firewall (2.1.5):

    Synchronize Config to IP: is blank on the primary in High Avail. Sync
    Enable Sync: is set to 'Sync to hosts defined below'
    Replication Targets: The secondary is defined but 'Enabled' is unchecked

    I will just set the Enable Sync in snort config to 'Do not sync this package config' which might work better.

    Thanks again!



  • That's weird.  Unchecking the box for the host on the master should disable it from being a sync target.  However, there were some fixes to the XMLRPC sync code by another forum member last year.  Those fixes corrected some longstanding things, but they may have inadvertently broken the "disable sync" for individual targets.

    The XMLRPC sync page is up for the some major rework soon, and I will be sure all this is addressed then.

    Bill