From owner-cvs-ports@FreeBSD.ORG Thu Jul 27 10:32:56 2006 Return-Path: X-Original-To: cvs-ports@FreeBSD.org Delivered-To: cvs-ports@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF26016A4E1; Thu, 27 Jul 2006 10:32:56 +0000 (UTC) (envelope-from rafan@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A8AB43D4C; Thu, 27 Jul 2006 10:32:56 +0000 (GMT) (envelope-from rafan@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k6RAWuTM060581; Thu, 27 Jul 2006 10:32:56 GMT (envelope-from rafan@repoman.freebsd.org) Received: (from rafan@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k6RAWucM060580; Thu, 27 Jul 2006 10:32:56 GMT (envelope-from rafan) Message-Id: <200607271032.k6RAWucM060580@repoman.freebsd.org> From: Rong-En Fan Date: Thu, 27 Jul 2006 10:32:56 +0000 (UTC) To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: ports/security/sshit Makefile ports/security/sshit/files patch-sshit.pl X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2006 10:32:56 -0000 rafan 2006-07-27 10:32:56 UTC FreeBSD ports repository Modified files: security/sshit Makefile Added files: security/sshit/files patch-sshit.pl Log: (c) Rong-En Fan's, http://rafan.infor.org/patch/sshit.diff In the code, the author uses two level hash, and IPC::Shareable will create a share memory for those anonymouse object (the second level hash). Those share memory will not be removed when sshit exists or when the rule is removed. Running sshit for a period of time, the number of share memory and semaphore will reach the limit for one process, then sshit.pl can not get more share memory, thus it quits. The only solution is to manually remove all share memory and semaphore. This is somehow the limitation of using IPC::Shareable. To workaround this problem. The patch will removes associated firewall rules when syslogd closes the fd [1], and use IPC::Shareable->clean_up to remove all shm/sem created by this process. I also set 'destroy' to 1 so the shm tied to %list can be removed. The second hunk is to fix a typo for ipfw2. Due to this typo, ip in ipfw2's table cat not be removed. That means once blocked, the client is blocked until reboot or admin cleanup the table. [1] if any log files are rotated, newsyslog sends a HUP to syslogd, syslogd will close *all* current open fd and reopen them. At that time, the sshit.pl's stdin will be closed, thus the main program will exit. PR: ports/100726 Submitted by: Alex Samorukov Approved by: Jui-Nan Eric Lin (maintainer) Obtained from: rafan Revision Changes Path 1.2 +1 -0 ports/security/sshit/Makefile 1.1 +39 -0 ports/security/sshit/files/patch-sshit.pl (new)