Bug 146571
| Summary: | [patch] mail/spamd -- let obspamlogd manage its own pflog i/f | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Matthew Seaman <m.seaman> | ||||
| Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
Maintainer of mail/spamd,
Please note that PR ports/146571 has just been submitted.
If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.
The full text of the PR can be found at:
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/146571
--
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool) Hi Matthew,
please test the modified patch.
In your original patch the 'if [ -n' does not work as expected
if 'obspamlogd_pflog_if' is not defined, even obspamlogd
does not start on my test machine.
# ifconfig | grep pflog
pflog0: flags=0<> metric 0 mtu 33204
# ./obspamlogd rcvar
# obspamlogd
ifconfig: interface create does not exist
./obspamlogd: WARNING: could not bring up
# ifconfig | grep pflog
pflog0: flags=0<> metric 0 mtu 33204
pflog1: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
It works if I change 'if [ -n' to 'if [ ! -z'
--- patch_obspamlogd.in.txt begins here ---
--- files/obspamlogd.in 2010/05/14 11:21:57 1.1
+++ files/obspamlogd.in 2010/05/14 11:25:06
@@ -15,6 +15,7 @@
#
# obspamlogd_enable="YES" # Run the spamlogd(8) daemon (YES/NO).
# obspamlogd_flags="" # Extra flags for spamlogd(8) (if enabled).
+# obspamlogd_pflog_if="" # pflog Interface for spamlogd(8) to monitor
#
# DO NOT CHANGE THESE DEFAULT VALUES HERE
#
@@ -32,6 +33,21 @@
obspamlogd_precmd()
{
+ if [ ! -z ${obspamlogd_pflog_if} ]; then
+ # Configure i/f explicitly
+ load_kld pflog || {
+ warn "Unable to kldload pflog module"
+ return 1
+ }
+
+ if ! ifconfig ${obspamlogd_pflog_if} create up ; then
+ warn "could not bring up ${obspamlogd_pflog_if}"
+ return 1
+ fi
+
+ rc_flags="${rc_flags} -l ${obspamlogd_pflog_if}"
+ fi
+
_rc=0
/sbin/mount -p | grep 'fdescfs.*/dev/fd.*fdescfs.*rw' 2>&1 > /dev/null
_rc=${?}
@@ -48,6 +64,9 @@
obspamlogd_cleanup()
{
+ if [ ! -z ${obspamlogd_pflog_if} ]; then
+ ifconfig ${obspamlogd_pflog_if} destroy
+ fi
/bin/rm -f ${pidfile}
}
--- patch_obspamlogd.in.txt ends here ---
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14/05/2010 12:30:40, olli hauer wrote: > Hi Matthew, > > please test the modified patch. > > In your original patch the 'if [ -n' does not work as expected > if 'obspamlogd_pflog_if' is not defined, even obspamlogd > does not start on my test machine. > > > # ifconfig | grep pflog > pflog0: flags=0<> metric 0 mtu 33204 > > # ./obspamlogd rcvar > # obspamlogd > ifconfig: interface create does not exist > ./obspamlogd: WARNING: could not bring up > > # ifconfig | grep pflog > pflog0: flags=0<> metric 0 mtu 33204 > pflog1: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204 > > > > It works if I change 'if [ -n' to 'if [ ! -z' Looks good to me. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvtPF8ACgkQ8Mjk52CukIyCYQCdFdiZ2x2Tfl9Jxk8NVNg3VmnQ uP0AoJIXtfD12KLxrLnrc9pdIwQasJER =YuYr -----END PGP SIGNATURE----- Please commit the second patch ( patch_obspamlogd.in.txt ). thanks, olli hauer (mail/spamd maintainer) State Changed From-To: feedback->closed Committed, thanks! stefan 2010-06-30 10:35:05 UTC
FreeBSD ports repository
Modified files:
mail/spamd Makefile
mail/spamd/files obspamlogd.in
Log:
Let obspamlogd manage its own pflog interface.
PR: 146571
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Approved by: maintainer
Feature safe: yes
Revision Changes Path
1.20 +1 -1 ports/mail/spamd/Makefile
1.5 +19 -1 ports/mail/spamd/files/obspamlogd.in
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
|
This patch adds a new rc.conf variable: obspamlogd_pflog_if Default is for this to be unset, in which case current port behaviour is unchanged. However, if set to the name of a pflog interface, this causes the obspamlogd rc script to force kldloading of the pflog module and explicitly create and bring up the named pflog interface, plus it adds '-l ${obspamlogd_pflog_if}' to the command-line flags used to start obspamlogd. This has two advantages: * You can run obspamlogd independently of pflogd -- at the moment there is an implicit dependency between the two. * You can log SMTP traffic to a different pflog i/f using rules like this in your pf ruleset: pass log (to pflog1) on $ext_if proto tcp \ from any to any port smtp \ flags S/SA keep state This is handy to separate logging of blocked and illegitimate traffic from allowed and legitimate e-mail traffic. Note: trying to use the standard 'cloned_interfaces' rc.conf mechanism to create extra pflog interfaces is painful: the cloned_interfaces mechanism takes place before /etc/rc.d/pflog runs and hence before the pflog kernel module is loaded.