ports/74096: [NEW PORT] net/ifstated from OpenBSD
Matthew George
mdg at secureworks.net
Fri Nov 19 00:20:28 UTC 2004
>Number: 74096
>Category: ports
>Synopsis: [NEW PORT] net/ifstated from OpenBSD
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Nov 19 00:20:28 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Matthew George
>Release: FreeBSD 5.3-RC2 i386
>Organization:
SecureWorks
>Environment:
System: FreeBSD mdg.secureworks.net 5.3-RC2 FreeBSD 5.3-RC2 #0: Fri Nov 12 12:46:28 EST 2004 mdg at mdg.secureworks.net:/usr/obj/usr/src/sys/MDG i386
>Description:
This is a port of src/usr.sbin/ifstated from OpenBSD. It has been
modified to use kqueue/kevent and sysctl. Tested on RELENG_5_3
>How-To-Repeat:
>Fix:
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# ifstated
# ifstated/pkg-message
# ifstated/pkg-descr
# ifstated/distinfo
# ifstated/Makefile
# ifstated/files
# ifstated/files/ifstated.sh
# ifstated/files/patch-aa
# ifstated/files/patch-ab
# ifstated/files/patch-ac
# ifstated/files/patch-ad
# ifstated/files/patch-ae
# ifstated/files/patch-af
#
echo c - ifstated
mkdir -p ifstated > /dev/null 2>&1
echo x - ifstated/pkg-message
sed 's/^X//' >ifstated/pkg-message << 'END-of-ifstated/pkg-message'
X
X*** ATTENTION ***
X
XTo run ifstated from startup, add
Xifstated_enable="YES" to /etc/rc.conf
X
XAvailable variables you add/set to /etc/rc.conf.
X- ifstated_enable (bool): Set to "NO" by default.
X Set it to "YES" to enable ifstated.
X- ifstated_flags (str): Set to "-f /usr/local/etc/ifstated.conf" by default.
X Extra flags passed to start command.
X
END-of-ifstated/pkg-message
echo x - ifstated/pkg-descr
sed 's/^X//' >ifstated/pkg-descr << 'END-of-ifstated/pkg-descr'
X
XThis is a port of ifstated(8) from OpenBSD. From the manpage:
X
X***
XThe ifstated daemon runs commands in response to network state changes,
Xwhich it determines by monitoring interface link state or running exter-
Xnal tests. For example, it can be used with carp(4) to change running
Xservices or to ensure that carp(4) interfaces stay in sync, or with pf(4)
Xto test server or link availability and modify translation or routing
Xrules.
X***
X
XIt has been modified to use FreeBSD's kqueue/kevent mechanism and sysctl.
X
XMatthew George <mdg at secureworks.net>
END-of-ifstated/pkg-descr
echo x - ifstated/distinfo
sed 's/^X//' >ifstated/distinfo << 'END-of-ifstated/distinfo'
XMD5 (ifstated-20041117.tar.gz) = 3255839ec706b5c40b7445677a8e7aa9
XSIZE (ifstated-20041117.tar.gz) = 12270
END-of-ifstated/distinfo
echo x - ifstated/Makefile
sed 's/^X//' >ifstated/Makefile << 'END-of-ifstated/Makefile'
X# New ports collection makefile for: ifstated
X# Date created: 18 November 2004
X# Whom: Matthew George <mdg at secureworks.net>
X#
X# $FreeBSD$
X#
X
XPORTNAME= ifstated
XPORTVERSION= 20041117
XCATEGORIES= net
XMASTER_SITES= ftp://ftp.secureworks.net/pub/ifstated/
X
XMAINTAINER= mdg at secureworks.net
XCOMMENT= Interface State daemon
X
XINSTALL_TARGET= install install-man
XMAN8= ifstated.8
X
XPLIST_FILES= sbin/ifstated \
X etc/ifstated.conf
X
XUSE_RC_SUBR= yes
XRC_SCRIPTS_SUB= PREFIX=${PREFIX} RC_SUBR=${RC_SUBR}
X
Xpost-patch:
X @${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
X ${FILESDIR}/ifstated.sh > ${WRKDIR}/ifstated.sh
X
Xpost-install:
X ${INSTALL_SCRIPT} ${WRKDIR}/ifstated.sh ${PREFIX}/etc/rc.d/ifstated.sh
X @${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.mk>
END-of-ifstated/Makefile
echo c - ifstated/files
mkdir -p ifstated/files > /dev/null 2>&1
echo x - ifstated/files/ifstated.sh
sed 's/^X//' >ifstated/files/ifstated.sh << 'END-of-ifstated/files/ifstated.sh'
X#!/bin/sh
X#
X# $FreeBSD$
X#
X
X# PROVIDE: ifstated
X# REQUIRE: NETWORKING SERVERS
X# BEFORE: DAEMON
X# KEYWORD: FreeBSD shutdown
X
X#
X# Add the following lines to /etc/rc.conf to enable ifstated:
X# ifstated_enable (bool): Set to "NO" by default.
X# Set it to "YES" to enable ifstated
X# ifstated_flags (str): Set to "-f /usr/local/etc/ifstated.conf" by default.
X# Extra flags passed to start command
X#
X. %%RC_SUBR%%
X
Xname="ifstated"
Xrcvar=`set_rcvar`
X
Xcommand="%%PREFIX%%/sbin/ifstated"
X
X[ -z "$ifstated_enable" ] && ifstated_enable="NO"
X[ -z "$ifstated_flags" ] && ifstated_flags="-f /usr/local/etc/ifstated.conf"
X
Xload_rc_config $name
X
Xrun_rc_command "$1"
X
END-of-ifstated/files/ifstated.sh
echo x - ifstated/files/patch-aa
sed 's/^X//' >ifstated/files/patch-aa << 'END-of-ifstated/files/patch-aa'
X--- Makefile 18 Nov 2004 21:43:12 -0000 1.1.1.1
X+++ Makefile 18 Nov 2004 23:33:55 -0000 1.4
X@@ -1,4 +1,5 @@
X # $OpenBSD: Makefile,v 1.3 2004/02/05 02:26:23 mcbride Exp $
X+# $Id: Makefile,v 1.4 2004/11/18 23:33:55 mdg Exp $
X
X PROG= ifstated
X SRCS= ifstated.c parse.y
X@@ -7,6 +8,14 @@
X CLFAGS+= -Wmissing-declarations -Wredundant-decls
X CFLAGS+= -Wshadow -Wpointer-arith -Wcast-qual
X MAN= ifstated.8
X-LDADD+=-lutil -levent
X+
X+
X+install:
X+ $(INSTALL) -m 555 -g bin -o bin ifstated $(PREFIX)/sbin
X+ $(INSTALL) -m 644 -g wheel -o root etc/ifstated.conf $(PREFIX)/etc
X+
X+install-man:
X+ $(INSTALL) -m 444 -g bin -o bin ifstated.8 $(PREFIX)/man/man8
X+
X
X .include <bsd.prog.mk>
END-of-ifstated/files/patch-aa
echo x - ifstated/files/patch-ab
sed 's/^X//' >ifstated/files/patch-ab << 'END-of-ifstated/files/patch-ab'
X--- ifstated.8 18 Nov 2004 21:43:12 -0000 1.1.1.1
X+++ ifstated.8 18 Nov 2004 22:14:58 -0000 1.3
X@@ -1,4 +1,5 @@
X .\" $OpenBSD: ifstated.8,v 1.5 2004/09/27 22:26:26 jaredy Exp $
X+.\" $Id: ifstated.8,v 1.3 2004/11/18 22:14:58 mdg Exp $
X .\"
X .\" Copyright (c) 2004 Ryan McBride <mcbride at openbsd.org>
X .\"
X@@ -79,7 +80,7 @@
X reloads the configuration file.
X .Sh FILES
X .Bl -tag -width "/etc/ifstated.conf" -compact
X-.It Pa /etc/ifstated.conf
X+.It Pa /usr/local/etc/ifstated.conf
X .Nm
X configuration file.
X .El
END-of-ifstated/files/patch-ab
echo x - ifstated/files/patch-ac
sed 's/^X//' >ifstated/files/patch-ac << 'END-of-ifstated/files/patch-ac'
X--- ifstated.c 18 Nov 2004 21:43:12 -0000 1.1.1.1
X+++ ifstated.c 18 Nov 2004 21:48:39 -0000 1.2
X@@ -1,4 +1,5 @@
X /* $OpenBSD: ifstated.c,v 1.20 2004/10/05 21:17:02 mpf Exp $ */
X+/* $Id: ifstated.c,v 1.2 2004/11/18 21:48:39 mdg Exp $ */
X
X /*
X * Copyright (c) 2004 Marco Pfatschbacher <mpf at openbsd.org>
X@@ -23,12 +24,15 @@
X */
X
X #include <sys/types.h>
X+#include <sys/event.h>
X #include <sys/time.h>
X #include <sys/ioctl.h>
X #include <sys/socket.h>
X #include <sys/wait.h>
X+#include <sys/sysctl.h>
X
X #include <net/if.h>
X+#include <net/if_mib.h>
X #include <net/route.h>
X #include <netinet/in.h>
X
X@@ -38,8 +42,6 @@
X #include <fcntl.h>
X #include <signal.h>
X #include <err.h>
X-#include <event.h>
X-#include <util.h>
X #include <unistd.h>
X #include <syslog.h>
X #include <stdarg.h>
X@@ -52,15 +54,15 @@
X int opts = 0;
X int opt_debug = 0;
X int opt_inhibit = 0;
X-char *configfile = "/etc/ifstated.conf";
X-struct event rt_msg_ev, sighup_ev, startup_ev, sigchld_ev;
X+char *configfile = "/usr/local/etc/ifstated.conf";
X+int kq;
X+struct kevent kev;
X
X-void startup_handler(int, short, void *);
X-void sighup_handler(int, short, void *);
X+void startup_handler(void);
X+void sighup_handler(void);
X int load_config(void);
X void sigchld_handler(int, short, void *);
X-void rt_msg_handler(int, short, void *);
X-void external_handler(int, short, void *);
X+void rt_msg_handler(int fd);
X void external_async_exec(struct ifsd_external *);
X void check_external_status(struct ifsd_state *);
X void external_evtimer_setup(struct ifsd_state *, int);
X@@ -76,6 +78,8 @@
X void remove_expression(struct ifsd_expression *, struct ifsd_state *);
X void log_init(int);
X void logit(int level, const char *fmt, ...);
X+int get_ifcount(void);
X+int get_ifmib_general(int, struct ifmibdata *);
X
X void
X usage(void)
X@@ -90,7 +94,7 @@
X int
X main(int argc, char *argv[])
X {
X- struct timeval tv;
X+ struct timespec ts;
X int ch;
X
X while ((ch = getopt(argc, argv, "dD:f:hniv")) != -1) {
X@@ -137,26 +141,54 @@
X setproctitle(NULL);
X }
X
X- event_init();
X+ kq = kqueue();
X+
X log_init(opt_debug);
X
X- signal_set(&sigchld_ev, SIGCHLD, sigchld_handler, &sigchld_ev);
X- signal_add(&sigchld_ev, NULL);
X+ ts.tv_sec = 0;
X+ ts.tv_nsec = 0;
X+
X+ EV_SET(&kev, SIGCHLD, EVFILT_SIGNAL, EV_ADD, 0, 0, (void *)sigchld_handler);
X+ kevent(kq, &kev, 1, NULL, 0, &ts);
X
X /* Loading the config needs to happen in the event loop */
X- tv.tv_usec = 0;
X- tv.tv_sec = 0;
X- evtimer_set(&startup_ev, startup_handler, &startup_ev);
X- evtimer_add(&startup_ev, &tv);
X
X- event_loop(0);
X+ EV_SET(&kev, IFSD_EVTIMER_STARTUP, EVFILT_TIMER, EV_ADD|EV_ONESHOT, 0, 0, (void *)startup_handler);
X+ kevent(kq, &kev, 1, NULL, 0, &ts);
X+
X+ /* event loop */
X+ for(;;)
X+ {
X+ /* wait indefinitely for an event */
X+ kevent(kq, NULL, 0, &kev, 1, NULL);
X+
X+ void (*handler)(void);
X+ void (*rt_handler)(int);
X+ if (kev.filter == EVFILT_READ)
X+ {
X+ rt_handler = kev.udata;
X+ rt_handler(kev.ident);
X+ }
X+ else if ((kev.filter == EVFILT_TIMER) && (kev.ident == IFSD_EVTIMER_EXTERNAL))
X+ {
X+ external_async_exec((struct ifsd_external *)kev.udata);
X+ }
X+ else
X+ {
X+ handler = kev.udata;
X+ handler();
X+ }
X+ }
X+
X+ /* NOTREACHED */
X exit(0);
X }
X
X void
X-startup_handler(int fd, short event, void *arg)
X+startup_handler()
X {
X int rt_fd;
X+ struct timespec ts;
X
X if (load_config() != 0) {
X logit(IFSD_LOG_NORMAL, "unable to load config");
X@@ -166,18 +198,20 @@
X if ((rt_fd = socket(PF_ROUTE, SOCK_RAW, 0)) < 0)
X err(1, "no routing socket");
X
X- event_set(&rt_msg_ev, rt_fd, EV_READ|EV_PERSIST,
X- rt_msg_handler, &rt_msg_ev);
X- event_add(&rt_msg_ev, NULL);
X+ ts.tv_sec = 0;
X+ ts.tv_nsec = 0;
X
X- signal_set(&sighup_ev, SIGHUP, sighup_handler, &sighup_ev);
X- signal_add(&sighup_ev, NULL);
X+ EV_SET(&kev, rt_fd, EVFILT_READ, EV_ADD, 0, 0, (void *)rt_msg_handler);
X+ kevent(kq, &kev, 1, NULL, 0, &ts);
X+
X+ EV_SET(&kev, SIGHUP, EVFILT_SIGNAL, EV_ADD, 0, 0, (void *)sighup_handler);
X+ kevent(kq, &kev, 1, NULL, 0, &ts);
X
X logit(IFSD_LOG_NORMAL, "started");
X }
X
X void
X-sighup_handler(int fd, short event, void *arg)
X+sighup_handler()
X {
X logit(IFSD_LOG_NORMAL, "reloading config");
X if (load_config() != 0)
X@@ -208,7 +242,7 @@
X }
X
X void
X-rt_msg_handler(int fd, short event, void *arg)
X+rt_msg_handler(int fd)
X {
X char msg[2048];
X struct rt_msghdr *rtm = (struct rt_msghdr *)&msg;
X@@ -246,22 +280,6 @@
X }
X
X void
X-external_handler(int fd, short event, void *arg)
X-{
X- struct ifsd_external *external = (struct ifsd_external *)arg;
X- struct timeval tv;
X-
X- /* re-schedule */
X- tv.tv_usec = 0;
X- tv.tv_sec = external->frequency;
X- evtimer_set(&external->ev, external_handler, external);
X- evtimer_add(&external->ev, &tv);
X-
X- /* execute */
X- external_async_exec(external);
X-}
X-
X-void
X external_async_exec(struct ifsd_external *external)
X {
X char *argp[] = {"sh", "-c", NULL, NULL};
X@@ -355,23 +373,25 @@
X external_evtimer_setup(struct ifsd_state *state, int action)
X {
X struct ifsd_external *external;
X+ struct timespec ts;
X+ int freq;
X+
X+ ts.tv_nsec = 0;
X+ ts.tv_sec = 0;
X
X if (state != NULL) {
X switch (action) {
X case IFSD_EVTIMER_ADD:
X TAILQ_FOREACH(external,
X &state->external_tests, entries) {
X- struct timeval tv;
X-
X+
X /* run it once right away */
X external_async_exec(external);
X
X /* schedule it for later */
X- tv.tv_usec = 0;
X- tv.tv_sec = external->frequency;
X- evtimer_set(&external->ev, external_handler,
X- external);
X- evtimer_add(&external->ev, &tv);
X+ freq = (external->frequency * 1000);
X+ EV_SET(&kev, IFSD_EVTIMER_EXTERNAL, EVFILT_TIMER, EV_ADD, 0, freq, (void *)external);
X+ kevent(kq, &kev, 1, NULL, 0, &ts);
X }
X break;
X case IFSD_EVTIMER_DEL:
X@@ -381,7 +401,9 @@
X kill(external->pid, SIGKILL);
X external->pid = 0;
X }
X- evtimer_del(&external->ev);
X+ freq = (external->frequency * 1000);
X+ EV_SET(&kev, IFSD_EVTIMER_EXTERNAL, EVFILT_TIMER, EV_DELETE, 0, freq, (void *)external);
X+ kevent(kq, &kev, 1, NULL, 0, &ts);
X }
X break;
X }
X@@ -505,7 +527,6 @@
X logit(IFSD_LOG_NORMAL, "changing state to %s",
X conf->nextstate->name);
X if (conf->curstate != NULL) {
X- evtimer_del(&conf->curstate->ev);
X external_evtimer_setup(conf->curstate,
X IFSD_EVTIMER_DEL);
X }
X@@ -551,6 +572,48 @@
X }
X }
X
X+
X+int
X+get_ifcount(void)
X+{
X+ int name[5], count;
X+ size_t len;
X+
X+ name[0] = CTL_NET;
X+ name[1] = PF_LINK;
X+ name[2] = NETLINK_GENERIC;
X+ name[3] = IFMIB_SYSTEM;
X+ name[4] = IFMIB_IFCOUNT;
X+
X+ len = sizeof(int);
X+
X+ if (sysctl(name, 5, &count, &len, NULL, 0) != -1)
X+ return(count);
X+ else
X+ return(-1);
X+}
X+
X+
X+int
X+get_ifmib_general(int row, struct ifmibdata *ifmd)
X+{
X+ int name[6];
X+ size_t len;
X+
X+ name[0] = CTL_NET;
X+ name[1] = PF_LINK;
X+ name[2] = NETLINK_GENERIC;
X+ name[3] = IFMIB_IFDATA;
X+ name[4] = row;
X+ name[5] = IFDATA_GENERAL;
X+
X+ len = sizeof(*ifmd);
X+
X+ return sysctl(name, 6, ifmd, &len, (void *)0, 0);
X+}
X+
X+
X+
X /*
X * Fetch the current link states.
X */
X@@ -560,29 +623,34 @@
X struct ifaddrs *ifap, *ifa;
X char *oname = NULL;
X int sock = socket(AF_INET, SOCK_DGRAM, 0);
X+ int ifcount = get_ifcount();
X+ int i;
X
X- if (getifaddrs(&ifap) != 0)
X+ if (getifaddrs(&ifap) != 0 || ifcount == -1)
X err(1, "getifaddrs");
X
X for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
X- struct ifreq ifr;
X- struct if_data ifrdat;
X+ struct ifmibdata ifmd;
X+ struct if_data ifdata;
X
X if (oname && !strcmp(oname, ifa->ifa_name))
X continue;
X oname = ifa->ifa_name;
X
X- strlcpy(ifr.ifr_name, ifa->ifa_name, sizeof(ifr.ifr_name));
X- ifr.ifr_data = (caddr_t)&ifrdat;
X-
X- if (ioctl(sock, SIOCGIFDATA, (caddr_t)&ifr) == -1)
X- continue;
X+ for (i = 1; i <= ifcount; i++)
X+ {
X+ get_ifmib_general(i, &ifmd);
X+ if (! strcmp(ifmd.ifmd_name, oname))
X+ break;
X+ }
X+
X+ ifdata = ifmd.ifmd_data;
X
X scan_ifstate(if_nametoindex(ifa->ifa_name),
X- ifrdat.ifi_link_state, &conf->always);
X+ ifdata.ifi_link_state, &conf->always);
X if (conf->curstate != NULL)
X scan_ifstate(if_nametoindex(ifa->ifa_name),
X- ifrdat.ifi_link_state, conf->curstate);
X+ ifdata.ifi_link_state, conf->curstate);
X }
X freeifaddrs(ifap);
X close(sock);
X@@ -664,7 +732,6 @@
X TAILQ_REMOVE(&state->external_tests,
X expression->u.external, entries);
X free(expression->u.external->command);
X- event_del(&expression->u.external->ev);
X free(expression->u.external);
X }
X break;
END-of-ifstated/files/patch-ac
echo x - ifstated/files/patch-ad
sed 's/^X//' >ifstated/files/patch-ad << 'END-of-ifstated/files/patch-ad'
X--- ifstated.h 18 Nov 2004 21:43:12 -0000 1.1.1.1
X+++ ifstated.h 18 Nov 2004 21:48:39 -0000 1.2
X@@ -1,4 +1,5 @@
X /* $OpenBSD: ifstated.h,v 1.4 2004/03/10 00:13:38 deraadt Exp $ */
X+/* $Id: ifstated.h,v 1.2 2004/11/18 21:48:39 mdg Exp $ */
X
X /*
X * Copyright (c) 2004 Ryan McBride
X@@ -47,7 +48,7 @@
X
X struct ifsd_external {
X TAILQ_ENTRY(ifsd_external) entries;
X- struct event ev;
X+ struct kevent kev;
X struct ifsd_expression_list expressions;
X char *command;
X int prevstatus;
X@@ -107,7 +108,7 @@
X TAILQ_HEAD(ifsd_external_list, ifsd_external);
X
X struct ifsd_state {
X- struct event ev;
X+ struct kevent kev;
X struct ifsd_ifstate_list interface_states;
X struct ifsd_external_list external_tests;
X TAILQ_ENTRY(ifsd_state) entries;
X@@ -138,6 +139,7 @@
X };
X
X enum { IFSD_EVTIMER_ADD, IFSD_EVTIMER_DEL };
X+enum { IFSD_EVTIMER_STARTUP, IFSD_EVTIMER_EXTERNAL };
X struct ifsd_config *parse_config(char *, int);
X int cmdline_symset(char *);
X void clear_config(struct ifsd_config *);
END-of-ifstated/files/patch-ad
echo x - ifstated/files/patch-ae
sed 's/^X//' >ifstated/files/patch-ae << 'END-of-ifstated/files/patch-ae'
X--- parse.y 18 Nov 2004 21:43:12 -0000 1.1.1.1
X+++ parse.y 18 Nov 2004 21:48:39 -0000 1.2
X@@ -1,4 +1,5 @@
X /* $OpenBSD: parse.y,v 1.7 2004/04/28 01:00:50 deraadt Exp $ */
X+/* $Id: parse.y,v 1.2 2004/11/18 21:48:39 mdg Exp $ */
X
X /*
X * Copyright (c) 2004 Ryan McBride <mcbride at openbsd.org>
X@@ -24,6 +25,7 @@
X #include <sys/types.h>
X #include <sys/time.h>
X #include <sys/socket.h>
X+#include <sys/limits.h>
X #include <netinet/in.h>
X #include <arpa/inet.h>
X #include <net/if.h>
X@@ -35,7 +37,7 @@
X #include <stdio.h>
X #include <string.h>
X #include <syslog.h>
X-#include <event.h>
X+#include <sys/event.h>
X
X #include "ifstated.h"
X
END-of-ifstated/files/patch-ae
echo x - ifstated/files/patch-af
sed 's/^X//' >ifstated/files/patch-af << 'END-of-ifstated/files/patch-af'
X--- etc/ifstated.conf 18 Nov 2004 21:43:12 -0000 1.1.1.1
X+++ etc/ifstated.conf 18 Nov 2004 21:48:39 -0000 1.2
X@@ -1,4 +1,5 @@
X # $OpenBSD: ifstated.conf,v 1.4 2004/04/28 01:01:27 deraadt Exp $
X+# $Id: ifstated.conf,v 1.2 2004/11/18 21:48:39 mdg Exp $
X # This is a sample config for a pair of firewalls with two interfaces
X #
X # carp0 and carp1 have ip addresses on 192.168.3.0/24 and 192.168.6.0/24
X@@ -7,7 +8,7 @@
X # net.inet.carp.preempt must be enabled (set to 1) for this to work correctly.
X
X # Uncomment one of the following lines to force primary/backup status.
X-# init-state primary
X+init-state primary
X # init-state backup
X
X carp_up = "((carp0 link up) and (carp1 link up))"
X@@ -18,12 +19,12 @@
X # The "net" addresses are other addresses which can be used to determine
X # whether we have connectivity. Make sure the hosts are always up, or
X # test multiple ip's, 'or'-ing the tests.
X-net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 and \
X- "ping -q -c 1 -w 1 192.168.3.8 > /dev/null" every 10)'
X+net = '( "ping -q -c 1 -t 1 192.168.6.8 > /dev/null" every 10 and \
X+ "ping -q -c 1 -t 1 192.168.3.8 > /dev/null" every 10)'
X
X # The peer addresses below are the real ip addresses of the OTHER firewall
X-peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 and \
X- "ping -q -c 1 -w 1 192.168.3.7 > /dev/null" every 10)'
X+peer = '( "ping -q -c 1 -t 1 192.168.6.7 > /dev/null" every 10 and \
X+ "ping -q -c 1 -t 1 192.168.3.7 > /dev/null" every 10)'
X
X state auto {
X if $carp_up {
END-of-ifstated/files/patch-af
exit
--
Matthew George
SecureWorks Technical Operations
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list