Page MenuHomeVyOS Platform
People sandwichdoge

sandwichdoge (Thuan Ho)
User

Projects

User does not belong to any projects.

User Details

User Since
Jun 22 2022, 7:12 AM (95 w, 2 d)

Recent Activity
View All

Jul 5 2022

sandwichdoge added a comment to T2612: HTTPS API, changing API key fails but goes through.

I dug a little deeper, it appears that calling 2 http APIs in parallel results in vyos-http-api library crash.

Jul  5 08:47:39 cxr vyos-http-api[107198]: Configuration modified via HTTP API using key 'ccube-dev'
Jul  5 08:47:39 cxr vyos-http-api[107198]: INFO:     None:0 - "POST /configure HTTP/1.0" 200 OK
Jul  5 08:47:39 cxr netplugd[907]: br4: can't get flags: No such device
Jul  5 08:47:39 cxr vyos-http-api[107198]: processing form data
Jul  5 08:47:39 cxr netplugd[907]: br4: can't get flags: No such device
Jul  5 08:47:39 cxr netplugd[907]: message repeated 3 times: [ br4: can't get flags: No such device]
Jul  5 08:47:39 cxr netplugd[907]: br5: can't get flags: No such device
Jul  5 08:47:39 cxr netplugd[907]: br4: can't get flags: No such device
Jul  5 08:47:39 cxr netplugd[907]: message repeated 27 times: [ br4: can't get flags: No such device]
Jul  5 08:47:40 cxr vyos-http-api[107198]: INFO:     None:0 - "POST /config-file HTTP/1.0" 200 OK
Jul  5 08:47:40 cxr vyos-http-api[107198]: processing form data
Jul  5 08:47:40 cxr vyos-http-api[107198]: INFO:     None:0 - "POST /retrieve HTTP/1.0" 400 Bad Request
Jul  5 08:47:40 cxr vyos-http-api[107198]: processing form data
Jul  5 08:47:40 cxr vyos-http-api[107198]: processing form data
Jul  5 08:47:40 cxr ntpd[3893]: Listen normally on 87 vti1 169.254.231.46:123
Jul  5 08:47:40 cxr ntpd[3893]: new interface(s) found: waking up resolver
Jul  5 08:47:41 cxr kernel: [104872.825731] vyos-http-api-s[107280]: segfault at 1020 ip 00007f792d30391d sp 00007f792dce93e0 error 4 in libvyosconfig.so.0[7f792d2ae000+10c000]
Jul  5 08:47:41 cxr kernel: [104872.825745] Code: 20 48 83 c4 08 c3 e8 f2 d9 fa ff eb c6 48 83 ec 48 48 8b 40 10 48 89 44 24 18 48 8b 40 20 48 8b 58 20 48 8b 5b 20 48 8b 7b 20 <48> 8b 77 20 48 89 74 24 10 48 8b 56 20 48 89 54 24 20 48 8b 7f 08
Jul  5 08:47:41 cxr kernel: [104872.833057] net_ratelimit: 24 callbacks suppressed
Jul  5 08:47:41 cxr kernel: [104872.833059] IPv4: martian source 10.10.10.18 from 10.10.10.1, on dev eth2
Jul  5 08:47:41 cxr kernel: [104872.833061] ll header: 00000000: ff ff ff ff ff ff 6a 2c d7 cd 51 fd 08 06
Jul  5 08:47:41 cxr systemd[1]: vyos-http-api.service: Main process exited, code=killed, status=11/SEGV
Jul 5 2022, 9:39 AM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta
sandwichdoge added a comment to T2612: HTTPS API, changing API key fails but goes through.

I'm also getting the same error when calling the https API from localhost. In my case it only happens occasionally.

Jul 5 2022, 7:20 AM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Jun 24 2022

sandwichdoge added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..

@Viacheslav As for your other concern, you can filter the actual inbound interface (eth4 in this my case) in mangle-PREROUTING. Maybe you could try packet marking in mangle-PREROUTING, then filter them later in VYOS_FW_FORWARD/VYOS_FW_LOCAL in the filter table?
Something like this:

Jun 24 2022, 4:06 AM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, VyOS 1.3 Equuleus (1.3.7)

Jun 23 2022

sandwichdoge added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..

@Viacheslav I tested your fix in my environment. The inbound filtering worked as expected after the fix. However it did not work correctly for the case we where we want both inbound and outbound firewalls on a single vrf member interface (or any case that has more than 2 directions on the same interface).

Jun 23 2022, 2:57 AM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, VyOS 1.3 Equuleus (1.3.7)