Hi,
the label is no longer displayed in the Firewall live view.
cheers
tillsense
I'm seeing the same thing here
Hi
I'm seeing the same thing here
+1
Yes, it's a faulty stable commit to the FreeBSD base system. I'll rebuild and replace the kernel once confirmed fixed.
Cheers,
Franco
I reverted this commit https://github.com/opnsense/src/commit/8c97958ae1a originating from the FreeBSD stable/13 branch and replaced the base set on the main mirror.
If you run into this issue reinstall the base set from System: Firmware: Packages. It requires a reboot but brings back the proper label handling.
I don't want to complain, but this is comes from a familiar source not know for it's impeccable sponsorships in the area... My fault for merging it though. The question is if anybody else would have noticed soon or if this would go into FreeBSD 13.3 undetected.
Cheers,
Franco
Might as well post the instructions posted elsewhere already:
If you are having trouble on 23.7.8 with the live log labels missing and/or the firewall widget being empty please reinstall 23.7.8 "base" set from System: Firmware: Packages. A reboot is required but brings the functionality back.
Here is my take on the actual issue and how existing QA and release process appears to have failed:
https://github.com/opnsense/src/commit/cc48f7c1551
From the commit:
This code was supposed to apply to pfctl_add_eth_rule() but instead
applied to pfctl_add_rule() for otherwise interesting reasons. Since
pfctl_add_eth_rule() uses "nvl" and pfctl_add_rule() uses "nvlr" but
also has "nvl" this compiled fine but still broke the label set.
The bit that is most intriguing is that pfctl_add_eth_rule() doesn't
even exist on stable/13 and that this wasn't caught by the existing
tests.
Cheers,
Franco
I re-installed base package multiple times now. But the widget is still empty.
Had the same problem with empty widget after base reinstall. It started to populate entries in the widget the next day. Don't know if there is any log rotation involved but maybe leave it alone for now and check back tomorrow if it finally works.
Hi franco,
base has been reinstalled and the labels are back. thanks for the quick response (and solved :) but i was away..thanks!
cheers
till
Quote from: xavx on November 10, 2023, 07:18:56 PM
Had the same problem with empty widget after base reinstall. It started to populate entries in the widget the next day. Don't know if there is any log rotation involved but maybe leave it alone for now and check back tomorrow if it finally works.
It sounds like some people confuse the "widget empty" with the JavaScript freeze the widget encountered when trying to read labels not being supplied by the kernel because setting the labels in the rule configuration failed and the kernel never got them.
You should check if the live view gives you entries with labels. If it doesn't give you labels you have the wrong base build. If you don't have any entries in the live log your rule logging is set too low or off or a filter applies. If you see the labels and logs in the live view without a filter also check if your firewall widget filters for something else... because if the firewall live log works and the labels are there your firewall widget works too because it's the same source of the firewall logs.
Cheers,
Franco
I have new entries in Live Log with labels. But the widget is still empty if I select "Interfaces to display: ALL". If I select "wan" or something else I have entries. Just "all" is empty.
Still having weird thing maybe related. The tab "ui/diagnostics/firewall/pf_top" shows Rule = null for all entries.
"ui/diagnostics/firewall/states" shows the rules properly.
Just did a reinstall of base to be sure and still the same. Is that expected or not ?
Quote from: xavx on November 10, 2023, 11:04:32 PM
Still having weird thing maybe related. The tab "ui/diagnostics/firewall/pf_top" shows Rule = null for all entries.
Confirmed. https://github.com/opnsense/ports/issues/182
Hi,
i can confirm that too. there seems to be more broken here?
cheers
till
Quote from: tillsense on November 11, 2023, 09:12:58 PM
Hi,
i can confirm that too. there seems to be more broken here?
Apparently. To fix the pftop issue:
# opnsense-revert -r 23.7.7 pftopworks here.
It is still broken with 23.7.8_1 if "ALL interfaces" is selected. I tried to select "all" entries to have the same. It was empty, too. Seems if I select the interface "VLAN2" and "DMZ" the widget will be empty. If I de-select both I have entries in the widget.
Both interfaces aren't very special. Just a VLAN and a normal DMZ.
> It is still broken with 23.7.8_1 if "ALL interfaces" is selected.
Cannot reproduce. Works fine here.
Cheers,
Franco
Quote from: franco on November 14, 2023, 12:11:31 PM
> It is still broken with 23.7.8_1 if "ALL interfaces" is selected.
Cannot reproduce. Works fine here.
Cheers,
Franco
Yeah, otherwise you would fix it. I know. :-) How can I provide more information for you? Any logs? Seems interface VLAN2 and DMZ is the problem.
But how? The filter only filters. If "all" is shown nothing is selected, nothing filtered, all shown?
Might be a JS issue in the browser, but you could only see that from the browser's developer console. Does the dashboard stop updating other widgets?
Cheers,
Franco
Oh, yes... I have JS errors if I select one of these interfaces.
(https://picr.eu/images/2023/11/14/ItWSY.png)
Could this be a browser caching issue? Have you tried another browser?
Cheers,
Franco
I tried different browser and several devices. Same problem.
Hmm, Ad also added this patch to prevent null labels from being propagated:
https://github.com/opnsense/core/commit/3f8a39bcf
# opnsense-patch 3f8a39bcf
It might help in your case but I'm a little lost why the widget would fail on certain interfaces, but not all of them.
Cheers,
Franco
Quote from: franco on November 15, 2023, 07:59:58 AM
Hmm, Ad also added this patch to prevent null labels from being propagated:
https://github.com/opnsense/core/commit/3f8a39bcf
# opnsense-patch 3f8a39bcf
It might help in your case but I'm a little lost why the widget would fail on certain interfaces, but not all of them.
Cheers,
Franco
Thanks! That did the trick. :-)
Ok that will be in 23.7.9. Just to be sure... do entries appear in the widget for these interfaces then?
Cheers,
Franco
Quote from: franco on November 15, 2023, 11:03:42 AM
Ok that will be in 23.7.9. Just to be sure... do entries appear in the widget for these interfaces then?
Cheers,
Franco
Yes, I had that fear, too. ;-) But there are entries of these interfaces.
Ok, good to hear. Would consider this solved then :)
Cheers,
Franco
Hi!
I've updated to experience the missing label & empty firewall widget.
What I've done is to reinstall the "base" package + rebooted ~ 3 times, but still no labels of anything showing in the Firewall Live view.
Found the instructions here as well.
https://twitter.com/opnsense/status/1722683712117125244
Tried updating both via cli and UI (with reboot ofc)
❯ opnsense-update -fb
Fetching base-23.7.8-amd64.txz: ............. done
!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!
! A critical upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Installing base-23.7.8-amd64.txz... done
Cleaning obsolete files... done
Please reboot.
Ofc also cleared the browser cache / changed browser etc. I see no javascript errors in the console btw.
Any ideas of what to do next?
OPNsense 23.7.8_1-amd64
FreeBSD 13.2-RELEASE-p5
OpenSSL 1.1.1w 11 Sep 2023
Sorry, bumping this ..
Is a re-install the only option if the above can't be fixed? 😕
Do you maybe have the cloudflare mirror active? Its caching is overzealous. ;(
You could also try reverting to the older base system in the meantime:
# opnsense-update -br 23.7.7
Cheers,
Franco
Aaah!!!
That fixed it. Yes, I was using the cloudflare mirror. Don't remember that I've even changed it.
It works now, proper labels, proper widget.
Thank you, thank you, thank you! 🙏
Ok, glad this worked for you :)