From: Francis L. <fla...@in...> - 2013-05-27 12:56:09
|
Hi Don On 2013-05-21, at 12:56 PM, Don Greer <Don...@dp...> wrote: > Ok, violations is still very unhappy :^). > > First, when I set or turn “off” a violation, it does not reset the port on the machine that I modified the violation on. To make it change the port requires manually disconnecting and moving the machine to another port to trigger that logic. There is a comment in the “action.pm” for “action_trap” (which appears to be the correct place to move the VLAN) that trapping is handled by pf::enforcement and called by pfcmd, but I cannot find the logic that does that (or any comments to the effect that it is to be done). If you can help me figure out what I need to look at, I’ll see if I can’t fix something. > > Second, one of the machines on my network get a “rogue dhcp” violation (it’s our main dhcp server) and when I attempted to turn it off (after adding that machine to our DHCP Servers list), I got the following error: > > httpd.admin(0) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui) > httpd.admin(0) INFO: violation for mac 00:24:7e:68:fc:c3 vid 2000000 modified (pf::violation::violation_modify) > httpd.admin(0) INFO: “defaults” found (pfappserver::Base::Model::Config::hasId) > httpd.admin(0) ERROR: Argument “defaults” isn’t numeric in numeric eq (==) at /usr/local/pf/lib/pf/violation.pm line 419. > (pfappserver::__ANON__) > > I’ve looked at the line in question: > > if ( $vid == $portscan_sid ) { > > in “violation_add()”, but it’s not obvious to me from the surrounding code whether the problem is with $vid or with $portscan_sid, or even where these are coming from. The biggest hint I think is that it happens in pfappserver the most likely culprit is “/usr/local/pf/html/pfappserver/lib/pfappserver/Model/Node.pm”. > > I think this may be beyond my level of knowledge at this moment. Let me know if there’s anything you need to isolate this one. I made some changes to properly close a violation : https://github.com/inverse-inc/packetfence/commit/81443169eda4e4c62d570eca6ce44415a80a2e34 -- fla...@in... :: +1.514.755.3640 :: http://www.inverse.ca Inverse :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) |