Gateway monitoring remote IPs don't get removed from routing table when removed from monitoring

[deajan]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [X] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

When adding a new IP to gateway monitoring, the IP get's bound to the interface that holds the gateway in the routing table. When removing the IP from gateway monitoring, the routing table still contains said IP.

To Reproduce

Steps to reproduce the behavior:

1. Go to System > Gateways > Configuration
2. Modify a gateway and add a monitor IP (let's say 1.2.3.4), then click on Apply
3. Now navigate to System > Routes > Status You will see the monitor IP in the routing table, bound to the interface which holds the gateway we just configured
4. Come back to System > Gateways > Configuration
5. Change the gateway monitor IP and apply
6. Navigate back to System > Routes > Status

The former IP 1.2.3.4 which has been removed in gateway monitoring configuration is still in the routing table.

Expected behavior

When changing / removing a gateway monitor IP, one would expect the corresponding routing table entry to be deleted.

Describe alternatives you considered

Manually removing entries after gateway monitor IP changes.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 24.1.10_3 (amd64) on KVM with virio NICs Also happens on other OPNSense instances I have.

[fichtner]

I don’t think this will fix without separate route tables or some form of annotations to routes (which do not exist). The risk of removing a route set elsewhere is real, especially with multi-wan and pinned DNS host routes.

[deajan]

Makes sense. IMO separate routing tables would be more difficult for diagnosis. Perhaps the solution you suggest, like a "generated-by" field with static/dns/gateway-monitor could be an elegant way to improve the behavior, and allow dns/gateway-monitor entries to be removed automatically on changes.

I use OPNsense since the m0n0wall times, and to be fair I never noticed that issue until now when I got strange routing problems because of it.

Is there a chance that this could be implemented ?

[EDIT] I understand that the routing table interface of OPNsense is a shortcut to netstat -nr, hence implementing a "generated-by" field would need a separate table to keep track of what's been created by dns/gateway monitoring.
I understand this makes the development harder, but it would still make (opn)sense because it would not leave any garbage routing behind... pun intended. [/EDIT]

[deajan]

@fichtner Just a side question, why is this issue labeled support ? I just suggest an improvement, I don't need any support. Thanks.

[deajan]

Still an issue. Any plans or is this just a bordercase which the firewall admin should handle himself ?