25.7.2 Backend Log error report

Started by davidfi01, August 21, 2025, 05:05:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 21, 2025, 05:05:51 PM
Saw this in the Backend Log after updating to 25.7.2:

opnsense error:

[3910c104-62e6-4f14-8bd5-148de80c702e] Script action failed with Command '/usr/local/opnsense/scripts/filter/pftablecount.py ''' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 78, in execute subprocess.run(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.11/subprocess.py", line 571, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/filter/pftablecount.py ''' returned non-zero exit status 1.

It is non-critical.

D
August 21, 2025, 06:17:29 PM #1
Can you run it from the shell and see why it would return an error?

# /usr/local/opnsense/scripts/filter/pftablecount.py


Thanks,
Franco
August 21, 2025, 08:46:17 PM #2 Last Edit: August 21, 2025, 08:49:05 PM by pfry
I got the same logged error, but running from a shell seems to work:

Code Select
root@fw:/home/user # /usr/local/opnsense/scripts/filter/pftablecount.py
{"status":"ok","size":2000000, [...] "out_block_p":0,"out_block_b":0,"out_pass_p":0,"out_pass_b":0}}}
root@fw:/home/user #
Edit: non-root:
Code Select
user@fw:~ $ /usr/local/opnsense/scripts/filter/pftablecount.py
Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/filter/pftablecount.py", line 49, in <module>
    if "-" in parts[0]:
              ~~~~~^^^
IndexError: list index out of range
user@fw:~ $
August 21, 2025, 09:29:58 PM #3
It happens on reboots for me.  Reproducible. Attached is a screenshot.  It looks like it runs fine using CLI.  Attached is the output I get.

Best,
D
August 21, 2025, 09:36:13 PM #4
I also tried usr login and got this as well:

File "/usr/local/opnsense/scripts/filter/pftablecount.py", line 49, in <module>
Missing name for redirect.
if "-" in parts[0]:
if: Badly formed number.
IndexError: list index out of range
IndexError:: Too many arguments.
August 22, 2025, 11:17:26 AM #5
Can you try this patch?

# opnsense-patch https://github.com/opnsense/core/commit/6ee6d9d8


Cheers,
Franco
August 22, 2025, 03:09:48 PM #6 Last Edit: August 22, 2025, 03:28:12 PM by Jackknife4782 Reason: More information
Quote from: franco on August 22, 2025, 11:17:26 AMCan you try this patch?

# opnsense-patch https://github.com/opnsense/core/commit/6ee6d9d8


Cheers,
Franco

I applied the patch, but still same error after reboot.

[62298fa6-e6e7-4699-a704-987777bdd904] Script action failed with Command '/usr/local/opnsense/scripts/filter/pftablecount.py ''' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 78, in execute subprocess.run(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.11/subprocess.py", line 571, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/filter/pftablecount.py ''' returned non-zero exit status 1.

Also performed a health check and it showed a checksum error:
opnsense-25.7.2: checksum mismatch for /usr/local/opnsense/scripts/filter/pftablecount.py
August 22, 2025, 04:08:42 PM #7
May I ask a really "stupid" question? I haven't updated my home APU2D4 firewall, so I'm only looking at version 25.7.1_1 of OPNsense.

Are you trying to reduce the number of processes running as root?  Are you improving security by executing processes with least privilege?

If the process is not executing as root (or group wheel), the txt files in /var/db/aliastables can't be read.
I see that many of the files in /var/db/aliastables have permission "-rw-r-----  1 root wheel"

Gary
August 22, 2025, 09:40:00 PM #8
@Jackknife4782 - the checksum error results from the patch you applied. It is to be expected.

D
August 23, 2025, 03:57:38 PM #9
Quote from: Gary7 on August 22, 2025, 04:08:42 PMMay I ask a really "stupid" question? I haven't updated my home APU2D4 firewall, so I'm only looking at version 25.7.1_1 of OPNsense.

Are you trying to reduce the number of processes running as root?  Are you improving security by executing processes with least privilege?

If the process is not executing as root (or group wheel), the txt files in /var/db/aliastables can't be read.
I see that many of the files in /var/db/aliastables have permission "-rw-r-----  1 root wheel"

Gary

I sign in to opnsense using a non-root user as admin.  Not technical enough to answer you questions beyond that.  I just noticed the error after the upgrade and was curious if it is normal or not.  Thanks for the advice though.

Quote from: davidfi01 on August 22, 2025, 09:40:00 PM@Jackknife4782 - the checksum error results from the patch you applied. It is to be expected.

D

Ah, I understand.  Thanks
August 25, 2025, 10:50:51 AM #10
Meanwhile I can reproduce this once at boot and https://github.com/opnsense/core/commit/61f13a516914 on top of the other commit seems to do the trick. Either case it's only cosmetic and it will be fixed in 25.7.3.


Cheers,
Franco
August 30, 2025, 09:13:17 AM #11 Last Edit: August 31, 2025, 05:18:12 PM by Tjh3
So, my router has been randomly disconnecting or basically not doing any of it's jobs. Happens a couple of times a day. OP Error is the only error I could find in the logs.

I applied the patches. It was ok for a bit but now it's not even rebooting at all. Something completely nuked the drive i had (The router was using a AM4 motherboard with a 5700 processor and a 256GB nvme drive). I reverted to the dec750 i had which had a muchh older (24.1) version running for now. I'm not sure what went wrong or when I can update, but now i'm scared to update.
September 01, 2025, 08:46:29 AM #12
It's unrelated to this particular issue.
Print
Go Up Pages1
User actions