0000129: pfmon generating errors on stdout, and also config parser error - PacketFence

Bug Tracking System

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0000129

PacketFence 1.6.2

public

2006-09-27 12:45

2008-04-29 17:04

Reporter

bruce

Assigned To

user4

Priority

normal

Severity

minor

Reproducibility

always

Status

closed

Resolution

suspended

Platform

OS Version

Summary

0000129: pfmon generating errors on stdout, and also config parser error

Description

2 related issues - shoudl I have logged these separately:

Running pf1.6.1 in passive mode, with approx 30 vlans. At present, we are not using snort, so no monitor interface defined in config.

pfmon was genereating errors of the form:

Use of uninitialized value in concatenation (.) or string at /usr/local/pf/bin/pfmon line 466.

(note - line numbers may not be correct - we have added lots of debugging lines...)

This points to the code segment:

      if ($destmac =~ /ff:ff:ff:ff:ff:ff/i || $destmac =~ /00:00:00:00:00:00/i) {
        pflogger("broadcast arp request from router src $srcip for destip $destip destmac $destmac - re-trapping all nodes",4);
          }elsif (!grep(/^$monitor_int$/,@listen_ints)){
        pflogger("flooded arp request from router for $destmac ($destip) - re-trapping all nodes",4);
      } else {
        pflogger("arp request from router for $destmac ($destip) ",20);
        return;
      }

with the identified error line being the first of these. However, much debugging indicates that the error was actually being generated 3 lines on in the "elsif" - $monitor_int was undefined. Not surprising, as we have not defined one in config.

Which led us on to another bug....

As a temporary workaround, using the web interface, we changed one of the existing interfaces to be "internal,monitor". This generated a config line in the interfaces section of type="managed,monitor"

However, the config parser doesn't like the quotes, and parsed this as 2 entries - 'monitor"' and '"managed'. - ie the quotes are not stripped. Editing the pf.conf and taking the quotes out resolves the problem.

Workaround for the first problem (undefined $monitor_int) - in lib/pf/config.pm, immediately before

foreach my $type (split(/s*,s*/, $type)) {
    if ($type eq "internal") {
      push @internal_nets, $int_obj;
      push @listen_ints, $int if ($int !~ /:d+$/);
    } elsif ($type eq "managed") {
      push @managed_nets, $int_obj;
    } elsif ($type eq "external") {
      push @external_nets, $int_obj;
    } elsif ($type eq "monitor") {
      $monitor_int = $int;
    }
  }

add $monitor_int="Undefined";

But this doesn't address the parser error.

Tags

No tags attached.

Attached Files

Relationships

Notes
(0000489) user4 2007-12-04 12:15	I can't reproduce the second bug in pf 1.62 or 1.7rc1 Can you still reproduce it (and the first one) in a PF version more recent than 1.61 ?

(0000490) user4 2007-12-04 12:16	Reminder sent to: user4

Issue History
Date Modified	Username	Field	Change
2006-09-27 12:45	bruce	New Issue
2006-10-27 11:00	kevmcs	Status	new => assigned
2006-10-27 11:00	kevmcs	Assigned To	=> kevmcs
2007-12-04 11:52	user4	Assigned To	kevmcs => user4
2007-12-04 12:15	user4	Note Added: 0000489
2007-12-04 12:15	user4	Status	assigned => feedback
2007-12-04 12:16	user4	Note Added: 0000490
2008-04-29 17:04	user4	Status	feedback => closed
2008-04-29 17:04	user4	Resolution	open => suspended