PacketFence
Bug Tracking System
Main | My View | View Issues | Change Log | Roadmap
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000502PacketFencecorepublic2008-12-19 13:552012-02-29 10:57
Reporteruser4 
Assigned Torbalzard 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0000502: violation_trigger in pfdhcplistener
Descriptionviolation_trigger calls do not lead to VLAN changes
We'll have to investigate if the violation_trigger calls in pfdhcplistener are ok or should not be replace by pfcmd violation add calls instead.
TagsNo tags attached.
fixed in git revision
fixed in mtn revision
Attached Files

- Relationships
related to 0000726closeduser4 schedule now and VLAN isolation 

-  Notes
(0000967)
user4
2008-12-19 14:00

 Example of a theoretical scenario where I believe the VLAN would not be changed correctly:
- Win95 is defined as a banned OS in violations.conf
- Win95 PC is configured with fixed IP, is registered and boots
=> no DHCP fingerprint info
- PC gets configured to use DHCP, does a DHCP renew
=> DHCP fingerprint info is received, violation is created by no VLAN change happens
(0000998)
rbalzard (administrator)
2009-01-13 11:15

 Right, no vlan isolation is done:

Jan 13 11:00:31 pfdhcplistener(0): DHCPREQUEST from 00:11:25:14:15:45 (main::listen_dhcp)
Jan 13 11:00:31 pfdhcplistener(0): 00:11:25:14:15:45 DHCP fingerprint is OS::503 (RedHat/Fedora-based Linux) (main::listen_dhcp)
Jan 13 11:00:31 pfdhcplistener(0): grace expired on violation 1100004 for node 00:11:25:14:15:45 (pf::violation::violation_add)
Jan 13 11:00:31 pfdhcplistener(0): violation 1100004 added for 00:11:25:14:15:45 (pf::violation::violation_add)
Jan 13 11:00:31 pfdhcplistener(0): executing action 'email' on class 1100004 (pf::action::action_execute)
Jan 13 11:00:33 pfdhcplistener(0): email regarding 'PF Alert: Ban Ancient OSes detection on 00:11:25:14:15:45' sent to pf@localhost (pf::util::pfmailer)
Jan 13 11:00:33 pfdhcplistener(0): executing action 'log' on class 1100004 (pf::action::action_execute)
Jan 13 11:00:33 pfdhcplistener(0): /usr/local/pf/logs/violation.log 2009-01-13 11:00:33: Ban Ancient OSes (1100004) detected on node 00:11:25:14:15:45 (192.168.0.185) (pf::action::action_log)
Jan 13 11:00:33 pfdhcplistener(0): executing action 'trap' on class 1100004 (pf::action::action_execute)
Jan 13 11:00:33 pfdhcplistener(0): modifying node 00:11:25:14:15:45 with last_dhcp = 2009-01-13 11:00:33,dhcp_fingerprint = 1,28,2,3,15,6,12,40,41,42 (main::listen_dhcp)
Jan 13 11:00:33 pfdhcplistener(0): DHCPACK from 192.168.0.50 (00:03:47:a5:09:e8) to host 00:11:25:14:15:45 (192.168.0.185) for 300 seconds (main::listen_dhcp)
(0000999)
rbalzard (administrator)
2009-01-13 12:06

 ok now it's working:

Jan 13 11:48:01 pfdhcplistener(0): DHCPREQUEST from 00:11:25:14:15:45 (main::listen_dhcp)
Jan 13 11:48:01 pfdhcplistener(0): 00:11:25:14:15:45 DHCP fingerprint is OS::503 (RedHat/Fedora-based Linux) (main::listen_dhcp)
Jan 13 11:48:03 pfcmd(0): pfcmd calling violation_add for 00:11:25:14:15:45 (main::command_param)
Jan 13 11:48:03 pfcmd(0): violation 1100004 already exists for 00:11:25:14:15:45 (pf::violation::violation_add)
Jan 13 11:48:03 pfcmd(0): VLAN isolation is enabled and violation_add is part of adjustswitchportvlanreasons (main::generate_switchport_vlan_assignment)
Jan 13 11:48:03 pfcmd(0): 00:11:25:14:15:45 is currentlog connected at 192.168.0.41 ifIndex 16 in VLAN 3 (main::generate_switchport_vlan_assignment)
Jan 13 11:48:03 pfcmd(0): 00:11:25:14:15:45 has 1 open violations(s) with action=trap; belongs into isolation VLAN. (pf::vlan::vlan_determine_for_node)
Jan 13 11:48:03 pfcmd(0): new correct VLAN for 00:11:25:14:15:45 is 3 (main::generate_switchport_vlan_assignment)
Jan 13 11:48:04 pfdhcplistener(0): modifying node 00:11:25:14:15:45 with last_dhcp = 2009-01-13 11:48:04,dhcp_fingerprint = 1,28,2,3,15,6,12,40,41,42 (main::listen_dhcp)
Jan 13 11:48:08 pfdhcplistener(0): DHCPDISCOVER from 00:11:25:14:15:45 (main::listen_dhcp)
Jan 13 11:48:08 pfdhcplistener(0): 00:11:25:14:15:45 DHCP fingerprint is OS::503 (RedHat/Fedora-based Linux) (main::listen_dhcp)
Jan 13 11:48:10 pfcmd(0): pfcmd calling violation_add for 00:11:25:14:15:45 (main::command_param)
Jan 13 11:48:10 pfcmd(0): violation 1100004 already exists for 00:11:25:14:15:45 (pf::violation::violation_add)
Jan 13 11:48:10 pfcmd(0): VLAN isolation is enabled and violation_add is part of adjustswitchportvlanreasons (main::generate_switchport_vlan_assignment)
Jan 13 11:48:10 pfcmd(0): 00:11:25:14:15:45 is currentlog connected at 192.168.0.41 ifIndex 16 in VLAN 3 (main::generate_switchport_vlan_assignment)
Jan 13 11:48:10 pfcmd(0): 00:11:25:14:15:45 has 1 open violations(s) with action=trap; belongs into isolation VLAN. (pf::vlan::vlan_determine_for_node)
Jan 13 11:48:10 pfcmd(0): new correct VLAN for 00:11:25:14:15:45 is 3 (main::generate_switchport_vlan_assignment)
Jan 13 11:48:10 pfdhcplistener(0): modifying node 00:11:25:14:15:45 with last_dhcp = 2009-01-13 11:48:10,dhcp_fingerprint = 1,28,2,3,15,6,12,40,41,42 (main::listen_dhcp)
Jan 13 11:48:10 pfdhcplistener(0): DHCPOFFER from 192.168.3.1 (00:03:47:a5:09:e8) to host 00:11:25:14:15:45 (192.168.3.254) (main::listen_dhcp)
Jan 13 11:48:10 pfdhcplistener(0): DHCPREQUEST from 00:11:25:14:15:45 (main::listen_dhcp)
Jan 13 11:48:11 pfdhcplistener(0): 00:11:25:14:15:45 DHCP fingerprint is OS::503 (RedHat/Fedora-based Linux) (main::listen_dhcp)
Jan 13 11:48:13 pfcmd(0): pfcmd calling violation_add for 00:11:25:14:15:45 (main::command_param)
Jan 13 11:48:13 pfcmd(0): violation 1100004 already exists for 00:11:25:14:15:45 (pf::violation::violation_add)
Jan 13 11:48:13 pfcmd(0): VLAN isolation is enabled and violation_add is part of adjustswitchportvlanreasons (main::generate_switchport_vlan_assignment)
Jan 13 11:48:13 pfcmd(0): 00:11:25:14:15:45 is currentlog connected at 192.168.0.41 ifIndex 16 in VLAN 3 (main::generate_switchport_vlan_assignment)
Jan 13 11:48:13 pfcmd(0): 00:11:25:14:15:45 has 1 open violations(s) with action=trap; belongs into isolation VLAN. (pf::vlan::vlan_determine_for_node)
Jan 13 11:48:13 pfcmd(0): new correct VLAN for 00:11:25:14:15:45 is 3 (main::generate_switchport_vlan_assignment)
Jan 13 11:48:13 pfdhcplistener(0): modifying node 00:11:25:14:15:45 with last_dhcp = 2009-01-13 11:48:13,dhcp_fingerprint = 1,28,2,3,15,6,12,40,41,42 (main::listen_dhcp)
Jan 13 11:48:13 pfdhcplistener(0): DHCPACK from 192.168.3.1 (00:03:47:a5:09:e8) to host 00:11:25:14:15:45 (192.168.3.254) for 300 seconds (main::listen_dhcp)
Jan 13 11:48:13 pfdhcplistener(0): resolved 192.168.3.254 to mac (00:11:25:14:15:45) in ARP table (pf::iplog::ip2macinarp)
Jan 13 11:48:13 pfdhcplistener(0): oldip (192.168.0.185) and newip (192.168.3.254) are different for 00:11:25:14:15:45 - closing iplog entry (main::update_iplog)
(0001001)
user4
2009-01-13 12:09

 fixed in mtn revision 10a81c45ab7669d6f52ff72fd34330f3d20c3bb1

- Issue History
Date Modified Username Field Change
2008-12-19 13:55 user4 New Issue
2008-12-19 14:00 user4 Note Added: 0000967
2009-01-07 08:28 user4 Status new => assigned
2009-01-07 08:28 user4 Assigned To => rbalzard
2009-01-07 08:28 user4 Project PacketFence 1.7 => PacketFence
2009-01-12 13:17 user4 Category 1.7.6 => 1.8.0
2009-01-13 11:15 rbalzard Note Added: 0000998
2009-01-13 12:06 rbalzard Note Added: 0000999
2009-01-13 12:09 user4 Status assigned => closed
2009-01-13 12:09 user4 Note Added: 0001001
2009-01-13 12:09 user4 Resolution open => fixed
2009-06-11 13:20 user4 Relationship added related to 0000726
2010-04-15 17:53 obilodeau Category 1.8.0 => 1.8.x
2012-02-29 10:57 obilodeau Category 1.8.x => core

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker