[4.2.6.3 + 4.3.3] Невозможно создать политику через веб-морду и Telnet

[Ponywka]

Добрый день! При попытке создать политику подключений ловлю ошибку "out of memory":

(config)> ip policy Policy3
Network::PolicyTable error[268307984]: out of memory [0xcffe0e10].

Возможность хоть как-то создать политику появляется только с помощи сохранения конфига в файл, правки его в тестовом формате и последующей загрузки его с помощью замены конфигурации.

Окружение: Keenetic Giga [KN-1012] на Stable 4.2.6.3 (и на 4.3.3, не понравилось, откатился)

Spoiler

(config)> show version

          release: 4.02.C.6.3-1
          sandbox: stable
            title: 4.2.6.3
             arch: aarch64

              ndm: 
                exact: 0-f9a16eb
                cdate: 17 Mar 2025

              bsp: 
                exact: 0-8e235dc328
                cdate: 17 Mar 2025

              ndw: 
              version: 
             features: dual_image,usb_3,usb_3_first,led_control,wifi_button,wifi5ghz,vht2ghz,mimo2ghz,mimo5ghz,atf2ghz,atf5ghz,wifi6,wifi_ft,wpa3,hwnat,hwnat_mib,link_agg,sfp
           components: base,cloudcontrol,corewireless,dhcpd,dns-filter,dns-https,dns-tls,dot1x,easyconfig,exfat,ext,fat,hfsplus,igmp,ip6,l2tp,lang-en,lang-ru,mdns,miniupnpd,mws,nathelper-ftp,nathelper-h323,nathelper-pptp,nathelper-rtsp,nathelper-sip,ndmp,ndns,ntfs,openvpn,opkg,pingcheck,ppe,pppoe,pptp,storage,trafficcontrol,tsmb,usb,usblte,usbmodem,usbnet,usbqmi,webdav,wireguard

             ndw3: 
              version: 1.86.18

             ndw4: 
              version: 4.2.C.6.2

     manufacturer: Keenetic Ltd.
           vendor: Keenetic
           series: KN
            model: Giga (KN-1012)
       hw_version: 12108000
          hw_type: router
            hw_id: KN-1012
           device: Giga
           region: EA
      description: Keenetic Giga (KN-1012)

 

Конфиг (отредактирован, скрыты некоторые поля), который я накидывал поверх чистой (сброшенной до заводских настроек) системы:

Spoiler

known host "Ponywka - Laptop (LAN)" 00:00:00:00:00:01
known host "Ponywka - Pixel 7 Pro (Wi-Fi)" 00:00:00:00:00:02
known host "Ponywka - Quest 3 (Wi-Fi)" 00:00:00:00:00:03
known host "-Home - LicheerVN KVM (LAN)" 00:00:00:00:00:04
known host "Ponywka - iPad (Wi-Fi)" 00:00:00:00:00:05
known host "-Home - Home Assistant (via Nightstar)" 00:00:00:00:00:06
known host "Ponywka - Laptop (Wi-Fi)" 00:00:00:00:00:07
known host "-Home - Nightstar (LAN)" 00:00:00:00:00:08
known host "-Home - Klipper (Wi-Fi)" 00:00:00:00:00:09
known host "Girlfriend - Pixel 6 (Wi-Fi)" 00:00:00:00:00:0a
known host "Ponywka - Pixel 2 (Wi-Fi)" 00:00:00:00:00:0b
known host "-Home - Netis N6 (KeenOS DEV)" 00:00:00:00:00:0c
known host "-Home - Xiaomi Mijia Robot Vacuum Mop 3C+ (Wi-Fi)" 00:00:00:00:00:0d
known host "-Home - DELL WD19-2250 Dock (LAN)" 00:00:00:00:00:0e
known host "Ponywka - Elitebook (Wi-Fi)" 00:00:00:00:00:0f
known host "-Home - Yandex Mini 2 (Wi-Fi)" 00:00:00:00:00:10
known host "Girlfriend - Honor (Wi-Fi)" 00:00:00:00:00:11
known host "-Home - PMC-5017WIFI (Wi-Fi)" 00:00:00:00:00:12
known host "Girlfriend - iPad (Wi-Fi)" 00:00:00:00:00:13
known host "-Home - Viomi Smart Dishwasher (Wi-Fi)" 00:00:00:00:00:14
access-list _WEBADMIN_Wireguard0
    permit ip 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
    auto-delete
! 
access-list _WEBADMIN_Bridge0
    permit ip 0.0.0.0 0.0.0.0 10.107.32.0 255.255.255.0
    permit description Cloudsdale
    permit ip 0.0.0.0 0.0.0.0 192.168.2.0 255.255.255.0
    permit description Liski
    permit ip 0.0.0.0 0.0.0.0 192.168.3.0 255.255.255.0
    permit description Voronesh
    permit ip 0.0.0.0 0.0.0.0 192.168.4.0 255.255.255.0
    permit description Otech
    permit ip 0.0.0.0 0.0.0.0 192.168.5.0 255.255.255.0
    permit description Girlfriend
    auto-delete
!
interface TunnelSixInFour0
    description somename
    security-level public
    ip global 52522
    tunnel source auto
    tunnel destination 10.0.0.0
    up
!
interface Wireguard0
    description Cloudsdale
    security-level private
    ip address 10.107.32.1 255.255.255.0
    ip mtu 1324
    ip access-group _WEBADMIN_Wireguard0 in
    ip tcp adjust-mss pmtu
    wireguard listen-port 12345
    wireguard peer RYB+NdndAj4fpjMosB4o3z2jWB+W0TsQiBhBB5228mg= !Liski - Router
        keepalive-interval 30
        allow-ips 10.107.32.2 255.255.255.255
        allow-ips 192.168.2.0 255.255.255.0
        connect
    !
    wireguard peer h0wtUfHOGAxYx4glQb0JFf0tfCMtr57YXiU4XeNl8S4= !Ponywka - Laptop
        keepalive-interval 30
        allow-ips 10.107.32.100 255.255.255.255
        connect
    !
    wireguard peer fP4oAzxeSqvmrfYLnNw5D5jBaoyj5qXXHESou5DCoBc= !Ponywka - Pixel 7 Pro
        keepalive-interval 30
        allow-ips 10.107.32.101 255.255.255.255
        connect
    !
    wireguard peer B9NraKlgjwku0OP5SzUDF3Z48hOrukdnu2RMGeRwJH4= !Girlfriend - iPad
        keepalive-interval 30
        allow-ips 10.107.32.102 255.255.255.255
        connect
    !
    wireguard peer SeqBFd0+KMtW92ZcrPne9iWQnXB/BmOKVKmti9vq72o= !Otech - Router
        keepalive-interval 25
        allow-ips 10.107.32.4 255.255.255.255
        allow-ips 192.168.4.0 255.255.255.0
        connect
    !
    wireguard peer lbZDPaQBv+/G8VoagU7sPB8a8C7R2JSOOZQ6cPB7cG0= !Voronezh - Router
        keepalive-interval 30
        allow-ips 10.107.32.3 255.255.255.255
        allow-ips 192.168.3.0 255.255.255.0
        connect
    !
    wireguard peer MKEJrTw4LtHPX6gJN7Lal27JgQjTUONPKjI1DNmcFh0= !Girlfriend - Router
        keepalive-interval 30
        allow-ips 10.107.32.5 255.255.255.255
        allow-ips 192.168.5.0 255.255.255.0
        connect
    !
    wireguard peer gKQz6pP9nm1aCsTPbkFSLUZyYniVwkDND3z8AIXCsAk= !Ponywka - Elitebook
        keepalive-interval 30
        allow-ips 10.107.32.103 255.255.255.255
        connect
    !
    up
!
ip route 192.168.2.0 255.255.255.0 Wireguard0 !Liski
ip route 192.168.3.0 255.255.255.0 Wireguard0 !Voronezh
ip route 192.168.4.0 255.255.255.0 Wireguard0 !Otech
ip route 192.168.5.0 255.255.255.0 Wireguard0 !Girlfriend
ip dhcp host 00:00:00:00:00:01 192.168.1.100
ip dhcp host 00:00:00:00:00:09 192.168.1.102
ip dhcp host 00:00:00:00:00:06 192.168.1.103
ip dhcp host 00:00:00:00:00:0d 192.168.1.158
ip dhcp host 00:00:00:00:00:14 192.168.1.159
ip dhcp host 00:00:00:00:00:04 192.168.1.111
ip dhcp host 00:00:00:00:00:08 192.168.1.101
ip static tcp ISP 80 00:00:00:00:00:08 !HTTP
ip static tcp ISP 443 00:00:00:00:00:08 !HTTPS
ip static tcpudp ISP 8443 00:00:00:00:00:08 !VLESS
ip static tcpudp ISP 30701 00:00:00:00:00:08 !Minecraft (AAAAA)
ip static tcpudp ISP 30702 00:00:00:00:00:08 !Minecraft (BBBBB)
ip hotspot
    host 00:00:00:00:00:10 permit
    host 00:00:00:00:00:0d permit
    host 00:00:00:00:00:12 permit
    host 00:00:00:00:00:09 permit
    host 00:00:00:00:00:01 permit
    host 00:00:00:00:00:14 permit
    host 00:00:00:00:00:02 permit
    host 00:00:00:00:00:07 permit
    host 00:00:00:00:00:0a permit
    host 00:00:00:00:00:0b permit
    host 00:00:00:00:00:11 permit
    host 00:00:00:00:00:13 permit
    host 00:00:00:00:00:0c permit
    host 00:00:00:00:00:03 permit
    host 00:00:00:00:00:05 permit
    host 00:00:00:00:00:06 permit
    host 00:00:00:00:00:04 permit
    host 00:00:00:00:00:0f permit
    host 00:00:00:00:00:0e permit
    host 00:00:00:00:00:08 permit
!
cifs
    share Data 3d1255bc-3038-4046-a580-b8a441b3cc73:
    share Entware f467137f-3b2c-4535-bfd6-ccb83b14ccc9:
    automount
!
dns-proxy
    rebind-protect auto
    tls upstream 8.8.8.8 sni dns.google
    tls upstream 8.8.4.4 sni dns.google
    tls upstream 1.1.1.1 sni cloudflare-dns.com
    tls upstream 1.0.0.1 sni cloudflare-dns.com
!
opkg disk Entware:/
opkg initrc /opt/etc/init.d/rc.unslung

 

 

[Mamay]

В 14.06.2025 в 18:33, Ponywka сказал:

Добрый день! При попытке создать политику подключений ловлю ошибку "out of memory"

Временно откажитесь от entware и протестируйте.

[Le ecureuil]

1. Нужно больше лога, и показать все ошибки.

2. Версия 4.2 больше не поддерживается, в ней исправления не будет.

[Ponywka]

On 6/17/2025 at 12:03 PM, Le ecureuil said:

1. Нужно больше лога, и показать все ошибки.

log.txt

[Le ecureuil]

Спасибо, есть куда посмотреть.

[Le ecureuil]

Будет поправлено в следующих выпусках, при появлении ругани в логе просьба ее показать.