Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pfconnector server active dyn reverse cache checks can fail #7218

Closed
julsemaan opened this issue Sep 22, 2022 · 1 comment · Fixed by #7219
Closed

Pfconnector server active dyn reverse cache checks can fail #7218

julsemaan opened this issue Sep 22, 2022 · 1 comment · Fixed by #7219
Assignees
@julsemaan
Labels
Priority: High Type: Bug
Milestone
+1 (patch release)

Comments

@julsemaan
Copy link
Collaborator

Describe the bug
The pfconnector server uses a cache for the currently active dynamic reverses. When a reverse is closed due to inactivity (or any other reason), the cache entry stays. There is a check that tries to bind the port in the cache and if it fails to bind that port, it believes the reverse is still alive. On occasion, that inactively closed port can be reused by another process and the pfconnector will think the tunnel is still active while it isn't (the existing bind is for another process)

The solution is to cycle through all the active dynamic reverses when one closes to purge it from the cache
@julsemaan julsemaan added this to the +1 (patch release) milestone Sep 22, 2022
@julsemaan julsemaan self-assigned this Sep 22, 2022
@julsemaan
Copy link
Collaborator Author

To workaround this, add the following to the [default] switch entry in PF:

SNMPUseConnector=N
radiusDeauthUseConnector=N

@julsemaan julsemaan mentioned this issue Sep 22, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@julsemaan julsemaan

Labels
Priority: High Type: Bug
Projects
None yet
Milestone
+1 (patch release)
Development

Successfully merging a pull request may close this issue.

Fix 7218 (pfconnector dyn reverse cache issue) inverse-inc/packetfence
1 participant
@julsemaan