Little cosmetic issue after upgrade to 25.1.1

Started by Wrigleys, February 12, 2025, 06:49:52 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4
User actions
March 17, 2025, 06:06:44 PM #45
I'm out of town until Friday so can't try the patch yet.

The things that seemed to trigger from my memory:
I had a NAT forward rule  to forward DNS port 53 to my local piholes. I could disable the port forward and the log entries would go away

Another ipv4 log entry was ping to 1.1.1.1 from the WAN address. I am mostly ipv6 network and have Tayga plugin. Some Apple clients like to ping 1.1.1.1 via CLAT and so they go thru the Tayga
March 18, 2025, 11:11:50 AM #46
Thanks for the details. For now we're looking for the internal error code ("reason") which indicates the nature of the code problem, it may or may not be related to the rule content.

Just to reiterate. The actual fix will go into 25.1.4 as planned, but we still need the additional data to have the right approach in FreeBSD eventually.

Appreciate the help.  :)


Cheers,
Franco
March 18, 2025, 02:18:22 PM #47
I can do this later today but I need to understand exactly how to extract the logs to get them to you (I want to get it right the first time).  BTW, I have similar NAT rules as IsaacFL indicated for DNS and NTP...but I'm sure a lot of people do.

HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
March 18, 2025, 02:59:16 PM #48
The output of

# opnsense-log filter

may be enough after reboot when you saw the bad entries appear with that specific kernel.

You can also share it privately via franco@opnsense.org


Thanks,
Franco
March 18, 2025, 10:49:59 PM #49
Quote from: franco on March 18, 2025, 02:59:16 PMYou can also share it privately via franco@opnsense.org

Thanks,
Franco

Sent.
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
March 19, 2025, 10:36:24 AM #50 Last Edit: March 19, 2025, 10:54:09 AM by franco
Thanks! Based on the data we're looking at state creation failure here, which may be perfectly normal on bootup:

https://github.com/opnsense/src/blob/ba418a9ea69182d01a12e39f0a76a6b4ca9a99bd/sys/netpfil/pf/pf.c#L5330

(it's going to be reviewed by FreeBSD so we'll know for sure soon enough)


Cheers,
Franco
March 21, 2025, 07:33:22 PM #51 Last Edit: March 21, 2025, 08:02:35 PM by IsaacFL Reason: update status
Quote from: franco on March 17, 2025, 05:25:30 PMThe question in FreeBSD came up why these state creations are rejected.  The other half of the story is the log does not actually record this at the moment either way. I wrote a small patch to diagnose: https://github.com/opnsense/src/commit/6f18c3b0164689d5cc83206499ade2f4f4016c6e

Would someone with the issue here try this kernel build and send in the plain filter log for the entries that cause spurious block log messages after boot?

# opnsense-update -zkr 25.1.3-reasonlog
(reboot)


Thanks in advance,
Franco

Im back in town and will try this patch today.
Update: Installed, can see the unexpected log entries again. Let me know when you would like me to send output of opnsense-log filter
March 21, 2025, 08:10:08 PM #52
Can you try this kernel as well ?

Code Select
opnsense-update -zkr 25.1.3-states
March 21, 2025, 09:08:16 PM #53
Nope, not this kernel ;)
March 21, 2025, 10:12:55 PM #54
Ah sorry, think I know now what that's for
March 22, 2025, 12:26:03 AM #55
Quote from: IsaacFL on March 21, 2025, 07:33:22 PM
Quote from: franco on March 17, 2025, 05:25:30 PMThe question in FreeBSD came up why these state creations are rejected.  The other half of the story is the log does not actually record this at the moment either way. I wrote a small patch to diagnose: https://github.com/opnsense/src/commit/6f18c3b0164689d5cc83206499ade2f4f4016c6e

Would someone with the issue here try this kernel build and send in the plain filter log for the entries that cause spurious block log messages after boot?

# opnsense-update -zkr 25.1.3-reasonlog
(reboot)


Thanks in advance,
Franco

Im back in town and will try this patch today.
Update: Installed, can see the unexpected log entries again. Let me know when you would like me to send output of opnsense-log filter

Franco, I emailed you a copy of the filter logs and my rules.debug

March 28, 2025, 06:32:30 PM #56 Last Edit: March 28, 2025, 06:36:02 PM by IsaacFL
I noticed after updating to 25.1.4_1 that this issue is still active.

Did the patch not get put in this update?

# opnsense-update -zkr 25.1.3-fixlog had fixed it prior
March 28, 2025, 07:16:52 PM #57
We didn't update the kernel yet for unrelated reasons. It probably reverted back to 25.1.3. Next kernel with the fix will be 25.1.5.

I got your mail, but was a bit swamped this week. Will reply next week.


Cheers,
Franco
March 28, 2025, 11:47:03 PM #58
Quote from: IsaacFL on March 28, 2025, 06:32:30 PM# opnsense-update -zkr 25.1.3-fixlog had fixed it prior

It is expected that an update will revert to the latest released kernel - so when running a custom version with a particular patch you need to either confirm the new one has the fix included or get in the GUI and lock the kernel before the updates.

The good news here is that the patched kernel is still available and you can simply run the command and reboot
Print
Go Up Pages 1 2 3 4
User actions