Hi Don
On 2013-05-21, at 12:56 PM, Don Greer <don.gr...@dptlabs.com> wrote:
> Ok, violations is still very unhappy :^).
>
> First, when I set or turn “off” a violation, it does not reset the port on
> the machine that I modified the violation on. To make it change the port
> requires manually disconnecting and moving the machine to another port to
> trigger that logic. There is a comment in the “action.pm” for “action_trap”
> (which appears to be the correct place to move the VLAN) that trapping is
> handled by pf::enforcement and called by pfcmd, but I cannot find the logic
> that does that (or any comments to the effect that it is to be done). If you
> can help me figure out what I need to look at, I’ll see if I can’t fix
> something.
>
> Second, one of the machines on my network get a “rogue dhcp” violation (it’s
> our main dhcp server) and when I attempted to turn it off (after adding that
> machine to our DHCP Servers list), I got the following error:
>
> httpd.admin(0) INFO: loading Net::MAC::Vendor cache from
> /usr/local/pf/conf/oui.txt (pf::util::load_oui)
> httpd.admin(0) INFO: violation for mac 00:24:7e:68:fc:c3 vid 2000000 modified
> (pf::violation::violation_modify)
> httpd.admin(0) INFO: “defaults” found
> (pfappserver::Base::Model::Config::hasId)
> httpd.admin(0) ERROR: Argument “defaults” isn’t numeric in numeric eq (==) at
> /usr/local/pf/lib/pf/violation.pm line 419.
> (pfappserver::__ANON__)
>
> I’ve looked at the line in question:
>
> if ( $vid == $portscan_sid ) {
>
> in “violation_add()”, but it’s not obvious to me from the surrounding code
> whether the problem is with $vid or with $portscan_sid, or even where these
> are coming from. The biggest hint I think is that it happens in pfappserver
> the most likely culprit is
> “/usr/local/pf/html/pfappserver/lib/pfappserver/Model/Node.pm”.
>
> I think this may be beyond my level of knowledge at this moment. Let me know
> if there’s anything you need to isolate this one.
I made some changes to properly close a violation :
https://github.com/inverse-inc/packetfence/commit/81443169eda4e4c62d570eca6ce44415a80a2e34
--
flachape...@inverse.ca :: +1.514.755.3640 :: http://www.inverse.ca
Inverse :: Leaders behind SOGo (http://sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
PacketFence-devel mailing list
PacketFence-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-devel
