Messages

31

Development and Code Review / Re: Possible Bug, PHP-CGI Crash

« on: January 15, 2018, 05:13:34 pm »

It's something we need to change in your plugin.

https://docs.opnsense.org/development/backend/configd.html


Cheers,
Franco

This was occurring even just running it on the shell, but if you think that will fix it....

32

Development and Code Review / Re: Possible Bug, PHP-CGI Crash

« on: January 14, 2018, 09:22:40 pm »

Less is more. I think if we wrap that in configd to serialise it shouldn't happen...

is this something to expect in the next release?

33

Development and Code Review / Re: Possible Bug, PHP-CGI Crash

« on: January 10, 2018, 07:53:21 pm »

This might or might not be related too, when i installed a new opnsense recently from ISO on VMware, i saw that during the bootup it said:
Less than 512mb of ram detected, not enabling opcache,

But this machine had 4 or 8 GB of ram....

34

Development and Code Review / Re: Possible Bug, PHP-CGI Crash

« on: January 10, 2018, 06:45:29 pm »

I can recreate it quite easily.

If i run my script with php, it only happens rarely when im running it manually at the shell, but if i run it 6-7 times rapidly from the shell using php-cgi, it happens almost every time.

The problem is my script runs once every 60 seconds just to poll data, and even that seems to hose it up after between 5-30 minutes, and only since the jump to 17.7.11 i think, it could have been in the prior build too but i skipped that one on most devices.


I did find a possible reason for this but im not sure, i found old documentation that if lighty ends up waiting for a response from php, and does not get a response back quickly enough it can cause it to just hang up because it is expecting a response that either php is busy, or else the finished results.  And in the absence of either, it goes out to lunch indefinitely.

I believe pfsense encountered this issue as well with their nginix/php-fpm setup, but im not sure how they mitigated it, or if they did at all, but it doesnt seem to happen anymore.

35

Development and Code Review / Possible Bug, PHP-CGI Crash

« on: January 10, 2018, 12:51:47 am »

So at first i thought it was my code, or else a change that came down in PHP 7.1, but now im not so sure.

Ive begun seeing a log of 503 errors where the web admin becomes un-available, and remains so untill you use option 11 to restart the services.

Ive found a way to re-produce it also.

With my pfmontor checkin agent installed on the device, if i run it on the ssh shell it runs fine, but it seems that if any other process is using php or php-cgi at the same time as i run the script, it crashes the php-cgi background processes that the web admin uses.  or if they are running to quickly.

To reproduce the issue, all i have to do is run my php script in rapid succession from ssh using either of:
php pfmonitor.checkinopn.php
or
php-cgi pfmonitor.checkinopn.php

Up+Enter a few times and the web interface dies, and the php-cgi background processes all dissappear from ps aux.

All my script does is read some files, and post the contents to a external url using php curl at this point, i had commented out all the other functions.

running it once works fine, running it, then immediately again a few times, or if the opnsense itself or the web interface is also doing something at the same time, and bang, it crashes the php-cgi's.

like i said i thought it was my code at first, but now i dont think so.

36

17.7 Legacy Series / Re: Captive Portal and Download Errors

« on: January 09, 2018, 06:29:03 pm »

sounds almost like captive portal is timing out the state table entries which are involved in the download which breaks the connection, you would have to confirm it tho.

37

Development and Code Review / Re: Plugin Development assistance gig - $100

« on: January 05, 2018, 11:29:25 pm »

Also, on the security front.

My platform does not require any open ports like a traditional web api does.  My plugin connects out to my central system from each firewall, so there is not exposed api on the firewalls to be scanned, brute forced, etc.

The firewalls checkin every 60 seconds, and ask for any scheduled tasks, commands, etc, runs them, syncs its vital signs, and then repeats.   Rather than using timers, ive utilized cron, allowing the checkin program to terminate when its work is done, and then be re-run at the next minute.   I use pre-defined functions inside the checkin agent, rather than have raw api/shell commands crossing back and fourth to potentially be exploited somehow, this allows direct control of what can, and cannot be commanded of the checkin agent.   It also communicates using TLS.

38

Development and Code Review / Re: Plugin Development assistance gig - $100

« on: January 05, 2018, 11:12:39 pm »

If we are the main source of advertising for a service it could create a conflict of interest. Any plugin published will be propagated to thousands of users. And for that reason we also have to make sure the service is secure, the plugin doesn't leak data, how useful is it if you don't pay for it, etc.


Cheers,
Franco

I would have no issue making a free basic tier, or 60 day trial type arrangement, Hell even a even free or 50-75% discounted prices for schools/non-profits, etc.    Im not a conglomerate out to cash in on the open source community here.

I could even do a crediting system to help boost opnsense/deciso by granting a 6 month full license for anyone who purchased from Deciso, thus promoting them, and making buyers want to go thru deciso so they get the free license.

Im trying to make this as sweet a deal as i can without breaking my own bank.

I'll even put quick links inside the PFMonitor central control panel to order more devices from Deciso.

A free tier could include basic management, a week of config backups, the monitoring dashboards, essentially everything except the threat monitoring and analytics, and limited backup capacity.

If i knew how to setup a secondary repo, and get the plugin listed inside opnsense myself i would have already, but im being realistic in that i know i can find someone who does know how a lot quicker, who can also make sure its done right the first time so i am not stumbling through it carrying a knife so to say.

As far as the security aspects, OPNSense peeps only need to ask to see how secure it is, i obviously dont want to provide a copy of the source-code publicly, but for examination i would be happy to share screens, etc.

39

Development and Code Review / Re: Plugin Development assistance gig - $100

« on: January 05, 2018, 11:00:40 pm »

Hm, but when ZeroTier would offer their service only for money .. wouldn't this be the same?
I'm open to anything ..

So zerotier is a VPN, ethernet bridge, etc, this is nothing like my system, PFMonitor is for basic remote management, threat alerting, threat analytics, and monitoring of the firewalls.

40

Development and Code Review / Re: Plugin Development assistance gig - $100

« on: January 05, 2018, 03:23:54 am »

I dont see any reason why not pushing a PR and talk about on github since the source will be open anyway

PR?

41

Development and Code Review / Re: Plugin Development assistance gig - $100

« on: January 04, 2018, 07:48:13 pm »

There is no need to sell the binary, or have the code do any licensing functions itself.

This plugin would simply be a connector that connects the firewall to my central management system, which handles all the licensing internally.  The plugin doesnt have any configuration options on the firewall side, that too is all controlled on the central system.

42

Development and Code Review / Re: Plugin Development assistance gig - $100

« on: January 04, 2018, 05:28:11 pm »

Is this a commercial plugin or open source

The plugin itself is already built, i just need help with packaging and publishing, and testing, if that was not clear, it already functions if you put the files onto a device manually.   but i want to make it easily install-able.

43

Development and Code Review / Re: Plugin Development assistance gig - $100

« on: January 04, 2018, 12:46:17 am »

It would be for commercial use.

44

Development and Code Review / Plugin Development assistance gig - $100

« on: January 03, 2018, 08:04:26 pm »

I have a plugin that is pretty much done, but i need some assistance in finishing its packing, testing, and getting it published so that it appears on opnsenses plugin list for easy installation.

i estimate that it should only take 3-5 hours at maximum to get this up and running, and i am looking for the person to help with this.

You need to have at least basic to moderate PHP skills, understand opnsenses cron implementation, and have a strong understanding of the git/package/plugin system in opnsense.

Whos interested?

45

General Discussion / Re: How pathetic!!

« on: December 10, 2017, 08:24:59 am »

And as of late, refusing to honor our warantees as well.....