ports/130893: add ability to use LOG_OPENVPN for openvpn sysloging
Michael Scheidell
scheidell at secnap.net
Thu Jan 22 16:20:02 UTC 2009
>Number: 130893
>Category: ports
>Synopsis: add ability to use LOG_OPENVPN for openvpn sysloging
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 22 16:20:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Michael Scheidell
>Release: FreeBSD 6.4-RELEASE i386
>Organization:
SECNAP Network Security
>Environment:
System: FreeBSD scanner.secnap.net 6.4-RELEASE FreeBSD 6.4-RELEASE #0: Tue Dec 23 12:27:47 EST 2008 scheidell at scanner.secnap.net:/usr/obj/usr/src/sys/IONHACKER i386
>Description:
this is something that will enhance the diagnostics of openvpn, is 100%
upward compatible with old versions, and won't break anything.
(as the p5-Mail-SpamAssassin maintainer, I get lots of requests like
this, but this one has been tested and really will help)
I always look at the patch, and see if it will break something (and thus
cause more support issues), if the patch is something supported by the
original software (it is)
and I really hate it when they say is broke and I dont get any patches.
openvpn has the ability to set logging facility to something other then
the default, but its not a .conf or command line option, it is a compile
option.
during compile, CFLAGS needs to have LOG_OPENVPN= and the log facility
in order for it to work.
make LOG_OPENVPN=LOG_LOCAL6 doesn't do anything (yet), putting
LOG_OPENVPN=LOG_LOCAL6 in /etc/make.conf doesn't do anything (yet), but
with this patch, first for openvpn, then for openvpn-devel, the system
administrator or maintainer can either put LOG_OPENVPN= and facility in
the make.conf, pkg_tooks.conf or on the command line as:
make LOG_OPENVPN=LOG_LOCAL6 and CFLAGS will be set and openvpn will log
to log facility of your choice.
>How-To-Repeat:
make LOG_OPENVPN=LOG_LOCAL6
watch compile, it never sets the variable LOG_OPENVPN.
with patch it will:
gcc -O2 -Wall -fPIC -shared -Wl,-soname,openvpn-down-root.so -o
openvpn-down-root.so down-root.o -lc
cd
/usr/ports/security/openvpn-devel/work/openvpn-2.1_rc15/plugin/auth-pam
&& cc -I../.. -DDLOPEN_PAM=0 -O2 -fno-strict-aliasing -pipe
-march=pentium4 -DLOG_OPENVPN=LOG_LOCAL6 -fPIC -shared
-Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.c
pamdl.c -lc -lpam
I tried to submit it to openvpn themselves, and they didn't seem to
understand that freebsd make file wasn't passing the env variable anyway
;-)
http://openvpn.net/archive/openvpn-users/2005-08/msg00317.html
this patch below is better.
>Fix:
no need to bump version, if user has openvpn installed and working, this
doesn't enhance anything, and will still require CLI or make.conf or
pkg_conf stuff.
I have tested (with this patch)
make LOG_OPENVPN=LOG_LOCAL6
echo "LOG_OPENVPN=LOG_LOCAL6" >> /etc/make.conf
and with pkg_tools.conf
for openvpn patch: (you could bump to 2.09 to quiet the helpful folks..)
This doesn't, just addresses the log facility
cd /usr/ports/security/openvpn
diff -bBru /tmp/Makefile.openvpn Makefile
--- /tmp/Makefile.openvpn 2008-08-21 02:18:19.000000000 -0400
+++ Makefile 2009-01-22 10:48:54.000000000 -0500
@@ -41,8 +41,20 @@
.include <bsd.port.pre.mk>
+.ifdef (LOG_OPENVPN)
+CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN}
+.endif
+
SUB_LIST+= RCSFX=${RC_SUBR_SUFFIX}
+pre-fetch:
+ @${ECHO} ""
+ @${ECHO} "You may use the following build options:"
+ @${ECHO} ""
+ @${ECHO} " LOG_OPENVPN={Valid syslog facility}"
+ @${ECHO} " EXAMPLE: make LOG_OPENVPN=LOG_DAEMON"
+ @${ECHO} ""
+
# NOTE: there is no way to explicitly specify the LZO version to
OpenVPN,
# if LZO2 and LZO1 are installed, OpenVPN will pick LZO2.
# So depend on LZO1 only if it's already there and LZO2 isn't.
now for openvpn-devel:
diff -bBru /tmp/Makefile Makefile
--- /tmp/Makefile 2009-01-22 10:36:23.000000000 -0500
+++ Makefile 2009-01-22 10:33:34.000000000 -0500
@@ -35,8 +35,20 @@
.include <bsd.port.pre.mk>
+.ifdef (LOG_OPENVPN)
+CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN}
+.endif
+
SUB_LIST+= RCSFX=${RC_SUBR_SUFFIX}
+pre-fetch:
+ @${ECHO} ""
+ @${ECHO} "You may use the following build options:"
+ @${ECHO} ""
+ @${ECHO} " LOG_OPENVPN={Valid syslog facility}"
+ @${ECHO} " EXAMPLE: make LOG_OPENVPN=LOG_DAEMON"
+ @${ECHO} ""
+
# NOTE: there is no way to explicitly specify the LZO version to
OpenVPN,
# if LZO2 and LZO1 are installed, OpenVPN will pick LZO2.
# So depend on LZO1 only if it's already there and LZO2 isn't.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list