Page MenuHomeVyOS Platform
Create Task
Maniphest T6625

Firewall group size limit API
Open, NormalPublicBUG
Actions

Description

Setting firewall group (network and address) via HTTP API appears to fail at some point above 15k entries
It fails with a generic "set failed" error.

Using requests such as

curl --location 'https://192.168.50.1:8080/configure' \
--form 'key="insert_key"' \
--form 'data="[{\"op\": \"set\", \"path\": [\"firewall\", \"group\", \"address-group\", \"CROWDSEC_BOUNCER\", \"address\", \"192.168.0.1\"]}]"'

with multiple set operations

tested in batches of 5k and it fails with the mentioned error on the 4th call, it also fails similarly with a single request of 20k+
I haven't tested adding this via CLI directly.

Details

Difficulty level
Unknown (require assessment)
Version
1.5-rolling-202407100021
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

tiberiuv created this task.Jul 31 2024, 8:47 PM
Viacheslav triaged this task as Normal priority.Aug 1 2024, 10:53 AM
Viacheslav added a comment.Aug 1 2024, 10:58 AM

How much RAM does this server have?
Do you have an example of the log when it fails? Which exact messages do you see?

tiberiuv added a comment.Aug 1 2024, 7:15 PM

The server has 8GB RAM

Here are some logs from the failure

Aug 01 19:14:13 olympus vyos-http-api[142145]: INFO:      - "POST /configure HTTP/1.0" 400 Bad Request
Aug 01 19:14:13 olympus vyos-http-api[142145]: processing form data
Aug 01 19:14:27 olympus vyos-http-api[142145]: ConfigSessionError:
Aug 01 19:14:27 olympus vyos-http-api[142145]:  Traceback (most recent call last):
Aug 01 19:14:27 olympus vyos-http-api[142145]:   File "/usr/libexec/vyos/services/vyos-http-api-server", line 531, in _configure_op
Aug 01 19:14:27 olympus vyos-http-api[142145]:     session.set(path, value=value)
Aug 01 19:14:27 olympus vyos-http-api[142145]:   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 158, in set
Aug 01 19:14:27 olympus vyos-http-api[142145]:     self.__run_command([SET] + path + value)
Aug 01 19:14:27 olympus vyos-http-api[142145]:   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 147, in __run_command
Aug 01 19:14:27 olympus vyos-http-api[142145]:     raise ConfigSessionError(output)
Aug 01 19:14:27 olympus vyos-http-api[142145]: vyos.configsession.ConfigSessionError: Set failed
Aug 01 19:14:27 olympus vyos-http-api[142145]: INFO:      - "POST /configure HTTP/1.0" 400 Bad Request
pasik subscribed.Aug 2 2024, 7:30 AM
Viacheslav renamed this task from Firewall group size limit to Firewall group size limit API.Aug 2 2024, 8:16 AM
dmbaturin added a project: Restricted Project.Sun, Sep 15, 5:03 PM