Hi list,
This is still happening in Bullseye: knockd.service shuts down with the
interface citing "pcap: The interface went down" and does not get
restarted when the interface comes up again. A simple systemctl restart
knockd does the trick, but this is not triggered automatically when you
still use the networking.service (ifupdown method).
So I tried a knockd.service.d override that was supposed to bind knockd
to the relevant interface [eth1] with:
[Unit]
BindsTo=ifup@eth1.service
After=ifup@eth1.service
This fails as well with exit status 15 (same exit code) and does not
restart the unit when ifup@eth1.service is triggered successfully again.
I ended up disabling knockd.service and reverting back to an ifupdown
script solution (see attachment.)
I used setcap 'cap_net_admin,cap_net_raw,cap_sys_module=eip' to drop the
knockd binary capabilities to the same level the knockd.service suggested.
Dropping the networking.service in favour of NetworkManager or
systemd-networkd might be a good idea, but I'm not there yet with my
setup, so I could not test how the knockd.service behaves then.
On Tue, 19 Apr 2011 01:02:00 +0200 Christian Kastner <deb...@kvr.at> wrote:
retitle 315753 knockd shuts down when the interface disappears
The problem can be generalized: knockd shuts down when the interface
disappears, be it ppp0 or eth0 or whatever.
Running knock in the foreground, the following message is printed when
the interface goes down (and nothing else):
"pcap: The interface went down"
Perhaps this condition could be handled differently, eg: waiting either
for the interface to come back up or /etc/init.d/knock stop is called?
cat /etc/network/if-{up,down}.d/knockd
#!/bin/sh
if [ "$IFACE" != "eth1" ]
then exit 0
else echo "starting knockd for [$IFACE]"
fi
if ! [ $(pidof knockd) ] ; then /usr/sbin/knockd -d -i $IFACE -c
/etc/knockd.conf ; fi
exit 0
---
#!/bin/sh
if [ "$IFACE" != "eth1" ]
then exit 0
else echo "stoping knockd for WAN interface [$IFACE]"
fi
if [ $(pidof knockd) ] ; then killall knockd ; fi
exit 0
