PacketFence - BTS - PacketFence
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000502PacketFencecorepublic2008-12-19 13:552012-02-29 10:57
Reporteruser4 
Assigned Torbalzard 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
fixed in git revision
fixed in mtn revision
Summary0000502: violation_trigger in pfdhcplistener
Descriptionviolation_trigger calls do not lead to VLAN changes
We'll have to investigate if the violation_trigger calls in pfdhcplistener are ok or should not be replace by pfcmd violation add calls instead.
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
related to 0000726closed user4 schedule now and VLAN isolation 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2008-12-19 13:55user4New Issue
2008-12-19 14:00user4Note Added: 0000967
2009-01-07 08:28user4Statusnew => assigned
2009-01-07 08:28user4Assigned To => rbalzard
2009-01-07 08:28user4ProjectPacketFence 1.7 => PacketFence
2009-01-12 13:17user4Category1.7.6 => 1.8.0
2009-01-13 11:15rbalzardNote Added: 0000998
2009-01-13 12:06rbalzardNote Added: 0000999
2009-01-13 12:09user4Statusassigned => closed
2009-01-13 12:09user4Note Added: 0001001
2009-01-13 12:09user4Resolutionopen => fixed
2009-06-11 13:20user4Relationship addedrelated to 0000726
2010-04-15 17:53obilodeauCategory1.8.0 => 1.8.x
2012-02-29 10:57obilodeauCategory1.8.x => core

Notes
(0000967)
user4   
2008-12-19 14:00   
Example of a theoretical scenario where I believe the VLAN would not be changed correctly:
- Win95 is defined as a banned OS in violations.conf
- Win95 PC is configured with fixed IP, is registered and boots
=> no DHCP fingerprint info
- PC gets configured to use DHCP, does a DHCP renew
=> DHCP fingerprint info is received, violation is created by no VLAN change happens
(0000998)
rbalzard   
2009-01-13 11:15   
Right, no vlan isolation is done:

Jan 13 11:00:31 pfdhcplistener(0): DHCPREQUEST from 00:11:25:14:15:45 (main::listen_dhcp)
Jan 13 11:00:31 pfdhcplistener(0): 00:11:25:14:15:45 DHCP fingerprint is OS::503 (RedHat/Fedora-based Linux) (main::listen_dhcp)
Jan 13 11:00:31 pfdhcplistener(0): grace expired on violation 1100004 for node 00:11:25:14:15:45 (pf::violation::violation_add)
Jan 13 11:00:31 pfdhcplistener(0): violation 1100004 added for 00:11:25:14:15:45 (pf::violation::violation_add)
Jan 13 11:00:31 pfdhcplistener(0): executing action 'email' on class 1100004 (pf::action::action_execute)
Jan 13 11:00:33 pfdhcplistener(0): email regarding 'PF Alert: Ban Ancient OSes detection on 00:11:25:14:15:45' sent to pf@localhost (pf::util::pfmailer)
Jan 13 11:00:33 pfdhcplistener(0): executing action 'log' on class 1100004 (pf::action::action_execute)
Jan 13 11:00:33 pfdhcplistener(0): /usr/local/pf/logs/violation.log 2009-01-13 11:00:33: Ban Ancient OSes (1100004) detected on node 00:11:25:14:15:45 (192.168.0.185) (pf::action::action_log)
Jan 13 11:00:33 pfdhcplistener(0): executing action 'trap' on class 1100004 (pf::action::action_execute)
Jan 13 11:00:33 pfdhcplistener(0): modifying node 00:11:25:14:15:45 with last_dhcp = 2009-01-13 11:00:33,dhcp_fingerprint = 1,28,2,3,15,6,12,40,41,42 (main::listen_dhcp)
Jan 13 11:00:33 pfdhcplistener(0): DHCPACK from 192.168.0.50 (00:03:47:a5:09:e8) to host 00:11:25:14:15:45 (192.168.0.185) for 300 seconds (main::listen_dhcp)
(0000999)
rbalzard   
2009-01-13 12:06   
ok now it's working:

Jan 13 11:48:01 pfdhcplistener(0): DHCPREQUEST from 00:11:25:14:15:45 (main::listen_dhcp)
Jan 13 11:48:01 pfdhcplistener(0): 00:11:25:14:15:45 DHCP fingerprint is OS::503 (RedHat/Fedora-based Linux) (main::listen_dhcp)
Jan 13 11:48:03 pfcmd(0): pfcmd calling violation_add for 00:11:25:14:15:45 (main::command_param)
Jan 13 11:48:03 pfcmd(0): violation 1100004 already exists for 00:11:25:14:15:45 (pf::violation::violation_add)
Jan 13 11:48:03 pfcmd(0): VLAN isolation is enabled and violation_add is part of adjustswitchportvlanreasons (main::generate_switchport_vlan_assignment)
Jan 13 11:48:03 pfcmd(0): 00:11:25:14:15:45 is currentlog connected at 192.168.0.41 ifIndex 16 in VLAN 3 (main::generate_switchport_vlan_assignment)
Jan 13 11:48:03 pfcmd(0): 00:11:25:14:15:45 has 1 open violations(s) with action=trap; belongs into isolation VLAN. (pf::vlan::vlan_determine_for_node)
Jan 13 11:48:03 pfcmd(0): new correct VLAN for 00:11:25:14:15:45 is 3 (main::generate_switchport_vlan_assignment)
Jan 13 11:48:04 pfdhcplistener(0): modifying node 00:11:25:14:15:45 with last_dhcp = 2009-01-13 11:48:04,dhcp_fingerprint = 1,28,2,3,15,6,12,40,41,42 (main::listen_dhcp)
Jan 13 11:48:08 pfdhcplistener(0): DHCPDISCOVER from 00:11:25:14:15:45 (main::listen_dhcp)
Jan 13 11:48:08 pfdhcplistener(0): 00:11:25:14:15:45 DHCP fingerprint is OS::503 (RedHat/Fedora-based Linux) (main::listen_dhcp)
Jan 13 11:48:10 pfcmd(0): pfcmd calling violation_add for 00:11:25:14:15:45 (main::command_param)
Jan 13 11:48:10 pfcmd(0): violation 1100004 already exists for 00:11:25:14:15:45 (pf::violation::violation_add)
Jan 13 11:48:10 pfcmd(0): VLAN isolation is enabled and violation_add is part of adjustswitchportvlanreasons (main::generate_switchport_vlan_assignment)
Jan 13 11:48:10 pfcmd(0): 00:11:25:14:15:45 is currentlog connected at 192.168.0.41 ifIndex 16 in VLAN 3 (main::generate_switchport_vlan_assignment)
Jan 13 11:48:10 pfcmd(0): 00:11:25:14:15:45 has 1 open violations(s) with action=trap; belongs into isolation VLAN. (pf::vlan::vlan_determine_for_node)
Jan 13 11:48:10 pfcmd(0): new correct VLAN for 00:11:25:14:15:45 is 3 (main::generate_switchport_vlan_assignment)
Jan 13 11:48:10 pfdhcplistener(0): modifying node 00:11:25:14:15:45 with last_dhcp = 2009-01-13 11:48:10,dhcp_fingerprint = 1,28,2,3,15,6,12,40,41,42 (main::listen_dhcp)
Jan 13 11:48:10 pfdhcplistener(0): DHCPOFFER from 192.168.3.1 (00:03:47:a5:09:e8) to host 00:11:25:14:15:45 (192.168.3.254) (main::listen_dhcp)
Jan 13 11:48:10 pfdhcplistener(0): DHCPREQUEST from 00:11:25:14:15:45 (main::listen_dhcp)
Jan 13 11:48:11 pfdhcplistener(0): 00:11:25:14:15:45 DHCP fingerprint is OS::503 (RedHat/Fedora-based Linux) (main::listen_dhcp)
Jan 13 11:48:13 pfcmd(0): pfcmd calling violation_add for 00:11:25:14:15:45 (main::command_param)
Jan 13 11:48:13 pfcmd(0): violation 1100004 already exists for 00:11:25:14:15:45 (pf::violation::violation_add)
Jan 13 11:48:13 pfcmd(0): VLAN isolation is enabled and violation_add is part of adjustswitchportvlanreasons (main::generate_switchport_vlan_assignment)
Jan 13 11:48:13 pfcmd(0): 00:11:25:14:15:45 is currentlog connected at 192.168.0.41 ifIndex 16 in VLAN 3 (main::generate_switchport_vlan_assignment)
Jan 13 11:48:13 pfcmd(0): 00:11:25:14:15:45 has 1 open violations(s) with action=trap; belongs into isolation VLAN. (pf::vlan::vlan_determine_for_node)
Jan 13 11:48:13 pfcmd(0): new correct VLAN for 00:11:25:14:15:45 is 3 (main::generate_switchport_vlan_assignment)
Jan 13 11:48:13 pfdhcplistener(0): modifying node 00:11:25:14:15:45 with last_dhcp = 2009-01-13 11:48:13,dhcp_fingerprint = 1,28,2,3,15,6,12,40,41,42 (main::listen_dhcp)
Jan 13 11:48:13 pfdhcplistener(0): DHCPACK from 192.168.3.1 (00:03:47:a5:09:e8) to host 00:11:25:14:15:45 (192.168.3.254) for 300 seconds (main::listen_dhcp)
Jan 13 11:48:13 pfdhcplistener(0): resolved 192.168.3.254 to mac (00:11:25:14:15:45) in ARP table (pf::iplog::ip2macinarp)
Jan 13 11:48:13 pfdhcplistener(0): oldip (192.168.0.185) and newip (192.168.3.254) are different for 00:11:25:14:15:45 - closing iplog entry (main::update_iplog)
(0001001)
user4   
2009-01-13 12:09   
fixed in mtn revision 10a81c45ab7669d6f52ff72fd34330f3d20c3bb1