Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 27 Jul 2006 10:32:56 +0000 (UTC)
From:      Rong-En Fan <rafan@FreeBSD.org>
To:        ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: ports/security/sshit Makefile ports/security/sshit/files patch-sshit.pl
Message-ID:  <200607271032.k6RAWucM060580@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
rafan       2006-07-27 10:32:56 UTC

  FreeBSD ports repository

  Modified files:
    security/sshit       Makefile 
  Added files:
    security/sshit/files patch-sshit.pl 
  Log:
  (c) Rong-En Fan's, http://rafan.infor.org/patch/sshit.diff
  
  In the code, the author uses two level hash, and IPC::Shareable
  will create a share memory for those anonymouse object (the second
  level hash). Those share memory will not be removed when sshit exists
  or when the rule is removed. Running sshit for a period of time,
  the number of share memory and semaphore will reach the limit for
  one process, then sshit.pl can not get more share memory, thus it
  quits. The only solution is to manually remove all share memory and
  semaphore.
  
  This is somehow the limitation of using IPC::Shareable. To workaround
  this problem. The patch will removes associated firewall rules when
  syslogd closes the fd [1], and use IPC::Shareable->clean_up
  to remove all shm/sem created by this process. I also set 'destroy'
  to 1 so the shm tied to %list can be removed.
  
  The second hunk is to fix a typo for ipfw2. Due to this typo,
  ip in ipfw2's table cat not be removed. That means once blocked,
  the client is blocked until reboot or admin cleanup the table.
  
  [1] if any log files are rotated, newsyslog sends a HUP to syslogd,
      syslogd will close *all* current open fd and reopen them. At
      that time, the sshit.pl's stdin will be closed, thus the main
      program will exit.
  
  PR:             ports/100726
  Submitted by:   Alex Samorukov <samm at os2.kiev.ua>
  Approved by:    Jui-Nan Eric Lin <jnlin at csie.NCTU.edu.tw> (maintainer)
  Obtained from:  rafan
  
  Revision  Changes    Path
  1.2       +1 -0      ports/security/sshit/Makefile
  1.1       +39 -0     ports/security/sshit/files/patch-sshit.pl (new)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607271032.k6RAWucM060580>