This patch adds a new rc.conf variable: obspamlogd_pflog_if Default is for this to be unset, in which case current port behaviour is unchanged. However, if set to the name of a pflog interface, this causes the obspamlogd rc script to force kldloading of the pflog module and explicitly create and bring up the named pflog interface, plus it adds '-l ${obspamlogd_pflog_if}' to the command-line flags used to start obspamlogd. This has two advantages: * You can run obspamlogd independently of pflogd -- at the moment there is an implicit dependency between the two. * You can log SMTP traffic to a different pflog i/f using rules like this in your pf ruleset: pass log (to pflog1) on $ext_if proto tcp \ from any to any port smtp \ flags S/SA keep state This is handy to separate logging of blocked and illegitimate traffic from allowed and legitimate e-mail traffic. Note: trying to use the standard 'cloned_interfaces' rc.conf mechanism to create extra pflog interfaces is painful: the cloned_interfaces mechanism takes place before /etc/rc.d/pflog runs and hence before the pflog kernel module is loaded.
Maintainer of mail/spamd, Please note that PR ports/146571 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/146571 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Hi Matthew, please test the modified patch. In your original patch the 'if [ -n' does not work as expected if 'obspamlogd_pflog_if' is not defined, even obspamlogd does not start on my test machine. # ifconfig | grep pflog pflog0: flags=0<> metric 0 mtu 33204 # ./obspamlogd rcvar # obspamlogd ifconfig: interface create does not exist ./obspamlogd: WARNING: could not bring up # ifconfig | grep pflog pflog0: flags=0<> metric 0 mtu 33204 pflog1: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204 It works if I change 'if [ -n' to 'if [ ! -z' --- patch_obspamlogd.in.txt begins here --- --- files/obspamlogd.in 2010/05/14 11:21:57 1.1 +++ files/obspamlogd.in 2010/05/14 11:25:06 @@ -15,6 +15,7 @@ # # obspamlogd_enable="YES" # Run the spamlogd(8) daemon (YES/NO). # obspamlogd_flags="" # Extra flags for spamlogd(8) (if enabled). +# obspamlogd_pflog_if="" # pflog Interface for spamlogd(8) to monitor # # DO NOT CHANGE THESE DEFAULT VALUES HERE # @@ -32,6 +33,21 @@ obspamlogd_precmd() { + if [ ! -z ${obspamlogd_pflog_if} ]; then + # Configure i/f explicitly + load_kld pflog || { + warn "Unable to kldload pflog module" + return 1 + } + + if ! ifconfig ${obspamlogd_pflog_if} create up ; then + warn "could not bring up ${obspamlogd_pflog_if}" + return 1 + fi + + rc_flags="${rc_flags} -l ${obspamlogd_pflog_if}" + fi + _rc=0 /sbin/mount -p | grep 'fdescfs.*/dev/fd.*fdescfs.*rw' 2>&1 > /dev/null _rc=${?} @@ -48,6 +64,9 @@ obspamlogd_cleanup() { + if [ ! -z ${obspamlogd_pflog_if} ]; then + ifconfig ${obspamlogd_pflog_if} destroy + fi /bin/rm -f ${pidfile} } --- patch_obspamlogd.in.txt ends here ---
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14/05/2010 12:30:40, olli hauer wrote: > Hi Matthew, > > please test the modified patch. > > In your original patch the 'if [ -n' does not work as expected > if 'obspamlogd_pflog_if' is not defined, even obspamlogd > does not start on my test machine. > > > # ifconfig | grep pflog > pflog0: flags=0<> metric 0 mtu 33204 > > # ./obspamlogd rcvar > # obspamlogd > ifconfig: interface create does not exist > ./obspamlogd: WARNING: could not bring up > > # ifconfig | grep pflog > pflog0: flags=0<> metric 0 mtu 33204 > pflog1: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204 > > > > It works if I change 'if [ -n' to 'if [ ! -z' Looks good to me. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvtPF8ACgkQ8Mjk52CukIyCYQCdFdiZ2x2Tfl9Jxk8NVNg3VmnQ uP0AoJIXtfD12KLxrLnrc9pdIwQasJER =YuYr -----END PGP SIGNATURE-----
Please commit the second patch ( patch_obspamlogd.in.txt ). thanks, olli hauer (mail/spamd maintainer)
State Changed From-To: feedback->closed Committed, thanks!
stefan 2010-06-30 10:35:05 UTC FreeBSD ports repository Modified files: mail/spamd Makefile mail/spamd/files obspamlogd.in Log: Let obspamlogd manage its own pflog interface. PR: 146571 Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> Approved by: maintainer Feature safe: yes Revision Changes Path 1.20 +1 -1 ports/mail/spamd/Makefile 1.5 +19 -1 ports/mail/spamd/files/obspamlogd.in _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"