Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001481PacketFencecorepublic2012-07-09 08:512012-08-21 09:57
Assigned Tofgaudreault 
PlatformOSOS Version
Product Version 
Target Version3.5.0Fixed in Version3.5.0 
Summary0001481: Introduce expire.node for VLAN/Inline Mode
DescriptionFor what I can tell, the node expiration is only working for ARP mode. It would be interesting to add it for the VLAN/Inline mode where the node can be expired after a specific window.

ie. A rogue iPhone connects to my open ssid, and just do nothing. The node would stay in the database forever. With an expiration windows, we could clean it after 30days.

I believe we could clear out only nodes with closed locationlog, and status unreg. It would be a good start!
TagsNo tags attached.
fixed in git revision2377e73c92d26e091c8c62da08f9b46e591891ed
fixed in mtn revision
Attached Filespatch file icon node_expire.patch [^] (1,687 bytes) 2012-07-11 16:54 [Show Content]

- Relationships

-  Notes
fgaudreault (viewer)
2012-07-11 16:53

I have a patch to test. Very simple. It will close any open locationlog entry and delete the node if the last_dhcp is lower than (now() - expire.node) and not null (potential static ip).

thegoatreich (reporter)
2012-07-12 04:00

I will happily test this, but I'm not sure how to apply the patch.
fgaudreault (viewer)
2012-07-12 07:39

Copy the patch in /usr/local/pf and run it with :
patch -p1 < node_expire.patch

Last, restart pfmon and httpd to clear out perl cache.
thegoatreich (reporter)
2012-07-12 07:46

OK thanks for that. The patch has been applied and services restarted. I still see the same amount of unregistered nodes in the web interface at the moment. Are these supposed to clear down on a scheduled basis?
fgaudreault (viewer)
2012-07-12 07:48

You need to define the node.expire setting in your pf.conf.

Then, it will run the cleanup every time pfmon runs, so every 10min.
thegoatreich (reporter)
2012-07-12 08:29

Thanks Francois. That appears to be working. I've set the nodes to expire at the end of the term year, and unregistered nodes to be deleted every 30 days.
fgaudreault (viewer)
2012-07-12 09:19

Cool! I will add the patch to the devel tree.
fgaudreault (viewer)
2012-07-12 09:23

Now in devel.
obilodeau (reporter)
2012-08-06 15:40

fix released in 3.5.0
obilodeau (reporter)
2012-08-21 09:57

What has been done to insure the correct state of the security table in port-security mode?

On expiration the entry of the security tables need to be removed and replaced with the fake MAC. Otherwise a port movement of an expired node in the same switch would not work on some hardware.

Was this taken into consideration in that patch?

- Issue History
Date Modified Username Field Change
2012-07-09 08:51 fgaudreault New Issue
2012-07-09 08:53 fgaudreault Description Updated
2012-07-11 16:53 fgaudreault Note Added: 0002828
2012-07-11 16:54 fgaudreault File Added: node_expire.patch
2012-07-12 04:00 thegoatreich Note Added: 0002829
2012-07-12 07:39 fgaudreault Note Added: 0002830
2012-07-12 07:46 thegoatreich Note Added: 0002831
2012-07-12 07:48 fgaudreault Note Added: 0002832
2012-07-12 08:29 thegoatreich Note Added: 0002833
2012-07-12 09:19 fgaudreault Note Added: 0002835
2012-07-12 09:23 fgaudreault git revision => 2377e73c92d26e091c8c62da08f9b46e591891ed
2012-07-12 09:23 fgaudreault Note Added: 0002836
2012-07-12 09:23 fgaudreault Status new => resolved
2012-07-12 09:23 fgaudreault Fixed in Version => devel
2012-07-12 09:23 fgaudreault Resolution open => fixed
2012-07-12 09:23 fgaudreault Assigned To => fgaudreault
2012-08-06 15:40 obilodeau Note Added: 0002877
2012-08-06 15:40 obilodeau Status resolved => closed
2012-08-06 15:40 obilodeau Fixed in Version devel => 3.5.0
2012-08-06 15:40 obilodeau Target Version => 3.5.0
2012-08-21 09:57 obilodeau Note Added: 0002952

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker