PacketFence - BTS - PacketFence |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0001481 | PacketFence | core | public | 2012-07-09 08:51 | 2012-08-21 09:57 |
|
| Reporter | fgaudreault | |
| Assigned To | fgaudreault | |
| Priority | low | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | | |
| Target Version | 3.5.0 | Fixed in Version | 3.5.0 | |
| fixed in git revision | 2377e73c92d26e091c8c62da08f9b46e591891ed |
| fixed in mtn revision | |
|
| Summary | 0001481: Introduce expire.node for VLAN/Inline Mode |
| Description | For what I can tell, the node expiration is only working for ARP mode. It would be interesting to add it for the VLAN/Inline mode where the node can be expired after a specific window.
ie. A rogue iPhone connects to my open ssid, and just do nothing. The node would stay in the database forever. With an expiration windows, we could clean it after 30days.
I believe we could clear out only nodes with closed locationlog, and status unreg. It would be a good start! |
| Steps To Reproduce | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | |
| Attached Files |  node_expire.patch (1,687) 2012-07-11 16:54
https://www.packetfence.org/bugs/file_download.php?file_id=149&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2012-07-09 08:51 | fgaudreault | New Issue | |
| 2012-07-09 08:53 | fgaudreault | Description Updated | |
| 2012-07-11 16:53 | fgaudreault | Note Added: 0002828 | |
| 2012-07-11 16:54 | fgaudreault | File Added: node_expire.patch | |
| 2012-07-12 04:00 | thegoatreich | Note Added: 0002829 | |
| 2012-07-12 07:39 | fgaudreault | Note Added: 0002830 | |
| 2012-07-12 07:46 | thegoatreich | Note Added: 0002831 | |
| 2012-07-12 07:48 | fgaudreault | Note Added: 0002832 | |
| 2012-07-12 08:29 | thegoatreich | Note Added: 0002833 | |
| 2012-07-12 09:19 | fgaudreault | Note Added: 0002835 | |
| 2012-07-12 09:23 | fgaudreault | git revision | => 2377e73c92d26e091c8c62da08f9b46e591891ed |
| 2012-07-12 09:23 | fgaudreault | Note Added: 0002836 | |
| 2012-07-12 09:23 | fgaudreault | Status | new => resolved |
| 2012-07-12 09:23 | fgaudreault | Fixed in Version | => devel |
| 2012-07-12 09:23 | fgaudreault | Resolution | open => fixed |
| 2012-07-12 09:23 | fgaudreault | Assigned To | => fgaudreault |
| 2012-08-06 15:40 | obilodeau | Note Added: 0002877 | |
| 2012-08-06 15:40 | obilodeau | Status | resolved => closed |
| 2012-08-06 15:40 | obilodeau | Fixed in Version | devel => 3.5.0 |
| 2012-08-06 15:40 | obilodeau | Target Version | => 3.5.0 |
| 2012-08-21 09:57 | obilodeau | Note Added: 0002952 | |
|
Notes |
|
|
(0002828)
|
|
fgaudreault
|
|
2012-07-11 16:53
|
|
I have a patch to test. Very simple. It will close any open locationlog entry and delete the node if the last_dhcp is lower than (now() - expire.node) and not null (potential static ip).
***** MAKE SURE YOU BACKUP THE DB BEFORE TESTING THIS!
***** MAKE SURE YOU BACKUP THE DB BEFORE TESTING THIS! |
|
|
|
|
|
I will happily test this, but I'm not sure how to apply the patch. |
|
|
|
(0002830)
|
|
fgaudreault
|
|
2012-07-12 07:39
|
|
Copy the patch in /usr/local/pf and run it with :
patch -p1 < node_expire.patch
Last, restart pfmon and httpd to clear out perl cache. |
|
|
|
|
|
OK thanks for that. The patch has been applied and services restarted. I still see the same amount of unregistered nodes in the web interface at the moment. Are these supposed to clear down on a scheduled basis? |
|
|
|
(0002832)
|
|
fgaudreault
|
|
2012-07-12 07:48
|
|
You need to define the node.expire setting in your pf.conf.
Then, it will run the cleanup every time pfmon runs, so every 10min. |
|
|
|
|
Thanks Francois. That appears to be working. I've set the nodes to expire at the end of the term year, and unregistered nodes to be deleted every 30 days.
Cheers,
Andi |
|
|
|
(0002835)
|
|
fgaudreault
|
|
2012-07-12 09:19
|
|
|
Cool! I will add the patch to the devel tree. |
|
|
|
(0002836)
|
|
fgaudreault
|
|
2012-07-12 09:23
|
|
|
|
|
|
|
|
|
|
What has been done to insure the correct state of the security table in port-security mode?
On expiration the entry of the security tables need to be removed and replaced with the fake MAC. Otherwise a port movement of an expired node in the same switch would not work on some hardware.
Was this taken into consideration in that patch? |
|