Hello Russel, i don't have answer right now. In all my test there is no problem about that. How many memory do you have on your server and swap ?
I think that system command isn't the right way to configure ipset, but there is no perl module that interact with ipset. I have a look about perlxs but i have to understand how it work. Let me know if after ipset -F the problem disppear or if after you restart packetfence the problem persist. Regards Le jeudi 1 novembre 2012 17:50:51, Russel Ingram a écrit : > I'm having trouble getting my packetfence server to allow registered > clients through. From looking at the logs, it looks like the ipset > command is failing when it tries to add the newly registered node to > the registered set. Here's what I'm seeing in the log: > > Nov 01 14:24:44 register.cgi(0) INFO: 172.16.0.11 - 00:19:d2:7b:e4:2c > on registration page > (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) > Nov 01 14:24:45 register.cgi(0) INFO: performing node registration > MAC: 00:19:d2:7b:e4:2c pid: guest (pf::web::_sanitize_and_register) > Nov 01 14:24:45 register.cgi(0) INFO: re-evaluating access for node > 00:19:d2:7b:e4:2c (manage_register called) > (pf::enforcement::reevaluate_access) > Nov 01 14:24:45 register.cgi(0) INFO: Instantiate a new iptables > modification method. pf::ipset (pf::inline::get_technique) > Nov 01 14:24:45 register.cgi(0) INFO: 172.16.0.11 - 00:19:d2:7b:e4:2c > on registration page > (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) > Nov 01 14:24:48 pfsetvlan(22) INFO: local (127.0.0.1) trap for switch > 127.0.0.1 (main::parseTrap) > Nov 01 14:24:48 pfsetvlan(3) INFO: nb of items in queue: 1; nb of > threads running: 0 (main::startTrapHandlers) > Nov 01 14:24:48 pfsetvlan(3) INFO: firewallRequest trap received for > inline client: 00:19:d2:7b:e4:2c. Modifying firewall. (main::handleTrap) > Nov 01 14:24:48 pfsetvlan(3) INFO: Instantiate a new iptables > modification method. pf::ipset (pf::inline::get_technique) > Nov 01 14:24:48 pfsetvlan(3) WARN: Problem trying to run command: > LANG=C sudo ipset --test pfsession_Unreg_172.16.0.0 > 172.16.0.11,00:19:d2:7b:e4:2c 2>&1 called from > get_mangle_mark_for_mac. OS Error: Cannot allocate memory > (pf::util::pf_run) > Nov 01 14:24:48 pfsetvlan(3) WARN: Problem trying to run command: > LANG=C sudo ipset --test pfsession_Reg_172.16.0.0 > 172.16.0.11,00:19:d2:7b:e4:2c 2>&1 called from > get_mangle_mark_for_mac. OS Error: Cannot allocate memory > (pf::util::pf_run) > Nov 01 14:24:48 pfsetvlan(3) WARN: Problem trying to run command: > LANG=C sudo ipset --test pfsession_Isol_172.16.0.0 > 172.16.0.11,00:19:d2:7b:e4:2c 2>&1 called from > get_mangle_mark_for_mac. OS Error: Cannot allocate memory > (pf::util::pf_run) > Nov 01 14:24:48 pfsetvlan(3) INFO: MAC: 00:19:d2:7b:e4:2c stated > changed, adapting firewall rules for proper enforcement > (pf::inline::performInlineEnforcement) > Nov 01 14:24:48 pfsetvlan(3) WARN: Problem trying to run command: > LANG=C sudo ipset --list pfsession_Unreg_172.16.0.0 2>&1 called from > get_ip_from_ipset_by_mac. OS Error: Cannot allocate memory > (pf::util::pf_run) > Use of uninitialized value $out in split at > /usr/local/pf/lib/pf/ipset.pm <http://ipset.pm> line 304. > Nov 01 14:24:48 pfsetvlan(3) WARN: Problem trying to run command: > LANG=C sudo ipset --list pfsession_Reg_172.16.0.0 2>&1 called from > ipset_remove_ip. OS Error: Cannot allocate memory (pf::util::pf_run) > Use of uninitialized value $out in split at > /usr/local/pf/lib/pf/ipset.pm <http://ipset.pm> line 266. > Nov 01 14:24:48 pfsetvlan(3) WARN: Problem trying to run command: > LANG=C sudo ipset --add pfsession_Reg_172.16.0.0 > 172.16.0.11,00:19:d2:7b:e4:2c 2>&1 called from iptables_mark_node. OS > Error: Cannot allocate memory (pf::util::pf_run) > Nov 01 14:24:48 pfsetvlan(3) INFO: finished (main::cleanupAfterThread) > > You can see there that it's logging a memory allocation problem. When > I run those same commands as the pf user, with sudo, just like it > shows in the log, they run without any errors. Has anyone seen this > before? Anyone have any ideas on how to troubleshoot it? > > I'm running PacketFence 3.6.0 installed from the PacketFence Red Hat > repository on CentOS 6.3 x86_64. The full log is attached. > > Thanks, > Russ > --- > Russel Ingram > Associate Systems Administrator > Institute for Systems Biology > 401 Terry Ave N > +1 206 732 2140 > > > ------------------------------------------------------------------------------ > LogMeIn Central: Instant, anywhere, Remote PC access and management. > Stay in control, update software, and manage PCs from one command center > Diagnose problems and improve visibility into emerging IT issues > Automate, monitor and manage. Do more in less time with Central > http://p.sf.net/sfu/logmein12331_d2d > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ LogMeIn Central: Instant, anywhere, Remote PC access and management. Stay in control, update software, and manage PCs from one command center Diagnose problems and improve visibility into emerging IT issues Automate, monitor and manage. Do more in less time with Central http://p.sf.net/sfu/logmein12331_d2d _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
