Page MenuHomeVyOS Platform
Create Task
Maniphest T7677

Broken Pipe in "show firewall summary"
Open, NormalPublicBUG
Actions

Description

VyOS 1.4.3

Doing a "show firewall summary" and then quitting before all output is displayed results in a broken pipe message:

tim@ferrari:~$ show firewall summary                                                                                                                                                                                          10:17:37 [9/4823]
Ruleset Summary

IPv6 Ruleset:

Ruleset Hook    Ruleset Priority    Description
--------------  ------------------  ------------------------------------------------------
forward         filter              Filter IPv6 packets being forwarded through the router
input           filter
name            v6-local-in         IPv6 Local Traffic to Ferrari
name            v6-wan-in           IPv6 WAN In Firewall

IPv4 Ruleset:
<snip snip data removed>
:

If I press "q" at the ":" prompt the following appears:

Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/firewall.py", line 660, in <module>
    show_summary()
  File "/usr/libexec/vyos/op_mode/firewall.py", line 616, in show_summary
    show_firewall_group()
  File "/usr/libexec/vyos/op_mode/firewall.py", line 570, in show_firewall_group
    print(tabulate.tabulate(rows, header))
BrokenPipeError: [Errno 32] Broken pipe

This is a cosmetic bug only.

Details

Version
1.4.3
Is it a breaking change?
Perfectly compatible
Issue type
Cosmetic issue (typos etc.)

Event Timeline

tjh created this task.Jul 31 2025, 10:19 PM
Giggum subscribed.Aug 3 2025, 1:44 AM

Happy to take this on if someone can assign this to me.

dmbaturin triaged this task as Normal priority.Aug 4 2025, 2:03 PM
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
Viacheslav assigned this task to Giggum.Aug 4 2025, 4:27 PM
pasik subscribed.Aug 5 2025, 6:48 AM
Giggum added a comment.Aug 16 2025, 10:14 PM

Adding (1) and (2) to this bug report:

(1) Also impacted is the "show firewall group" command:
Doing a "show firewall group" and then quitting before all output is displayed also results in a broken pipe message:

vyos@firewall:$ show firewall group
Firewall Groups

Name                Type                References                Members
------------------  ------------------  ------------------------  -------------------
PrivateNetworks-v6  ipv6_network_group  ipv6-name-WAN-LAN-6-5     ::/96
                                        ipv6-name-WAN-LOCAL-6-5   ::/128
                                                                  ::1/128
                                                                  ::ffff:0:0/96
                                                                  100::/64
                                                                  2001:10::/28
                                                                  2001:db8::/32
                                                                  fc00::/7
                                                                  fe80::/10
                                                                  fec0::/10
                                                                  ff00::/8
< snippet removed ...rest of network config... >
:

Pressing "q" at the ":" prompt the following appears:

Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/firewall.py", line 667, in <module>
    show_firewall_group(args.name)
  File "/usr/libexec/vyos/op_mode/firewall.py", line 580, in show_firewall_group
    print(tabulate.tabulate(rows, header))
BrokenPipeError: [Errno 32] Broken pipe
vyos@firewall:$

(2) This bug does not affect VyOS 1.5.x due to use of https://github.com/vyos/vyos-1x/blob/69cd4845861c88285ab496339f19103dec7a32b6/src/op_mode/firewall.py#L29

Giggum added a comment.EditedAug 17 2025, 1:13 AM

PR submitted here https://github.com/vyos/vyos-1x/pull/4664 but it was auto-closed as pull-requests on sagitta branch aren't accepted per the Bot (I don't recall this block on past contributions).

Attaching patch file in lieu of PR since it was auto-closed.

0001-op-mode-T7677-fix-BrokenPipeError-when-user-quits-show-firewall-summary.patch1 KBDownload

Viacheslav subscribed.Aug 17 2025, 11:39 AM

Does the rolling release also affected?
If yes, you should add a PR to the “current” branch.
And then it will be tested in the rolling and if works fine, it will be backported to the stable branches.

Giggum added a comment.EditedAug 18 2025, 1:09 PM

@Viacheslav
Rolling release isn't affected due to this bit of code and the import of the related signal library: https://github.com/vyos/vyos-1x/blob/69cd4845861c88285ab496339f19103dec7a32b6/src/op_mode/firewall.py#L29

My patch follows the more Pythonic way of catching/handling the exception (see: https://docs.python.org/3/library/signal.html#note-on-sigpipe) but if preferred I can adapt the patch to match use of the signal library as used in rolling release.