Opened 7 years ago

Closed 7 years ago

#1192 closed bug (fixed)

Firewall settings show ghost entry

Reported by: matthijs Owned by:
Priority: normal Milestone: Firmware
Component: fon-base-firmware Version: beta3
Severity: minor
Cc: Hardware: 2.0n (FON2300)


An anonymous user reported an issue on the blog related to the firewall -> applications settings dialog. On his Fonera, there is a dropbdown shown between "OpenVPN" and "Transmission", without any title. See the following screenshot:

I suspect that this is caused by some plugin that was installed after the upgrade to beta3, whose firewall setting was preserved.

There is a secondary issue, namely that the OpenVPN firewall setting doesn't get saved when changing it. I suspect the cause might be the same ghost value (and uci schema validation messing up somehow).

Attachments (1)

fmg_and_services.rar (1.7 KB) - added by Anonymer-User@… 7 years ago.
fmg and services from etc/config

Download all attachments as: .zip

Change History (14)

comment:1 Changed 7 years ago by matthijs

  • Status changed from new to infoneeded

To be able to debug this issue, I need some answers from the original reporter:

  • Is only the OpenVPN setting broken, or can none of the settings be changed?
  • Do you have any extra applications installed on the Fonera?
  • Did you have any extra applications installed before the upgrade to beta3?
  • Could you send over the /etc/config/services and /etc/config/fmg files? (see reportbugs for info on getting at these files through SSH.

Changed 7 years ago by Anonymer-User@…

fmg and services from etc/config

comment:2 Changed 7 years ago by Anonymer-User@…

Q: Is only the OpenVPN setting broken, or can none of the settings be changed?
A: I checked, and I can confirm all settings are broken (everything stays deactivated except openvpn) when I try to activate the other applications, save and click on applications again, everything except openvpn is deactivated again.

Q: Do you have any extra applications installed on the Fonera?
A: No.

Q: Did you have any extra applications installed before the upgrade to beta3?
A: Maybe the fonera applications Music, Printer and Webcam, I am not sure.

Q: Could you send over the /etc/config/services and /etc/config/fmg files?
A: Yes, they are attached.

I noticed, when I deactivate openvpn in the firewall settings and click save, the "deactivated" font of the untitled applications and Torrent (Transmission) is red.

comment:3 Changed 7 years ago by matthijs

  • Milestone changed from Firmware 2.3 to Firmware
  • Status changed from infoneeded to investigate

comment:4 Changed 7 years ago by matthijs

  • Resolution set to worksforme
  • Status changed from investigate to closed

Ok, I've found the cause of both of the problems. The /etc/config/services file has a weird section in it:

config 'service' 'torrent'
	option 'fwall' '0'

The torrent firewall settings are supposed to be stored in the /etc/config/fmg file, but on your Fonera, there's also an entry in the /etc/config/services file for some reason. I've been through the various code related to this and also tried to do an upgrade myself, but I couldn't get this problem to show up or think of any way it could possibly show up.

Perhaps there is some very specific sequence of events that cause this (possibly including some customization by you?), but I'm not sure where to start debugging this. Unless others report the same issue, I'll close this bug report for now and hope the issue was just some freak exception.

In the meanwhile, to fix your issue, just remove the torrent section I copied above from the /etc/config/services file, that should make saving the other applications work as well.

comment:5 Changed 7 years ago by anonymous

Mathijs, i think i have seen this a long time ago. Anonymous, did you have Motion4Fon installed before the update? I will install and test next week if i can find some time.

comment:6 Changed 7 years ago by Anonymer-User@…

Thank you Matthijs, since I have removed the mentioned torrent section from the services file, the problem is gone!

@aother anonymous: no i did not have motion4fon installed before the update, but I did a rescue recover after a failed firmware update, perhaps that restore image from 2009 was the reason for the wrong section after the update with the beta 3 firmware and conflicted somehow with it.

comment:7 follow-up: Changed 7 years ago by matthijs

  • Resolution worksforme deleted
  • Status changed from closed to reopened

Ah, that was it!

Apparently the recovery firmware contained a torrent section in /etc/config/services (as well as in /etc/config/fmg). Since beta1 or beta2, the upgrade process tries harder to preserve these settings, which causes this near-empty section to appear.

I've just confirmed your problem, thanks!

As for fixing it, I can think of three ways:

  1. When saving the config, simply ignore the torrent section in services. This is a bit of a hack.
  2. When restoring the config, ignore any fwall settings for sections that don't exist yet. This would work, but if any third party plugin would add itself to the services config, its firewall settings would not be preserved (since the plugin is not installed directly after the upgrade, so the value would be dropped).
  3. When displaying the interface, ignore any sections that don't have a name. This is also a bit messy (leaving half-empty sections around), but probably works for all cases I can think of.

comment:8 Changed 7 years ago by matthijs

  • Status changed from reopened to confirmed

comment:9 Changed 7 years ago by matthijs

  • Severity changed from unknown to minor

comment:10 in reply to: ↑ 7 Changed 7 years ago by Anonymer-User@…


I also suspected that might be the cause. As you suggested before, I removed the torrent section from the services file in the config folder and the problem was gone.

So I don't really understand what I should do additionally with your three point fixing suggestion (besides I do not understand it).

Might be anything more messed up with the restore image, respectively should I overwrite some other files with the one from the new beta firmware?

I thought with a firmware update everything is overwritten like a hdd image overwrites everything, but unfortunately this seems not be obviously the case.

Is is possible to do a factory reset so that all files are stored back to standard? Or should I extract the image manually and copy/overwrite all files with WinSCP to my Fonera2N?

However that be, I strongly suggest to upload a new restore image based on the latest stable firmware in order to prevent such errors in future.

comment:11 Changed 7 years ago by matthijs

Sorry, I meant those last three points as "notes-to-self", for when I would return to this ticket to actually fix it later.

As for overwriting more files, this should not be needed. You are right that all files are overwritten on an upgrade. However, to make sure your configuration is not lost, some files and config files are saved before the upgrade. And in fact, there's nothing really wrong with the restore image, it's just different. And that difference exposed a problem with the upgrade procedure, which I'll correct for the next release.

If you _really_ want to be sure that nothing is left over from the restore image, you can do a factory reset to reset your settings (this removes all of those saved config files). See for instructions.

Thanks for being involved in this!

comment:12 Changed 7 years ago by matthijs

  • Status changed from confirmed to testing-fix

In the end, I picked solution, to hide services without a name in the interface. This does have the disadvantage of keeping the nameless torrent section lingering around, but at the same time it keeps open the possibility of external plugins offering a firewall setting that can be preserved across upgrades.

I've applied this fix locally, I'll push it out when I've finished testing it.

comment:13 Changed 7 years ago by matthijs

  • Resolution set to fixed
  • Status changed from testing-fix to closed

(In [2138]) luci-fonfw: Don't display nameless services.

If, for whatever reason, a service without a name appears in the services list, the interface breaks. This can happen for example when a backup value is restored for a plugin that is no longer installed.

Also, this problem occured in practice when upgrading from the 2.0n recovery firmware, which contained an entry for the torrent in /etc/config/services (which is stored in /etc/config/fmg in all other firmware versions). Since the upgrade only backups the fwall setting and assumes all other settings to be present in the new firmware image, this caused a nameless service after the upgrade. An added problem was that both services and fmg now defined a torrent service, which would break saving.

This commit fixes this problem, hopefully in the most future-proof way.

Closes: #1192

Add Comment

Modify Ticket

as closed The ticket will remain with no owner.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.