Package: fwknop-server
Version: 2.6.10-2
Severity: normal
Tags: patch
To reproduce:
1. connect to network and confirm that fwknopd works
2. suspend laptop
3. resume laptop
At this point, systemctl status fwknop-server.service will show the
following:
● fwknop-server.service - Firewall Knock Operator Daemon
Loaded: loaded (/lib/systemd/system/fwknop-server.service; enabled; vendor
preset: enabled)
Active: failed (Result: exit-code) since Wed 2019-04-17 18:02:27 PDT; 19h
ago
Process: 3289 ExecStart=/usr/sbin/fwknopd (code=exited, status=0/SUCCESS)
Main PID: 3306 (code=exited, status=1/FAILURE)
avr 17 18:02:27 hostname fwknopd[3306]: [*] Fatal error from pcap_dispatch:
The interface went down
avr 17 18:02:27 hostname systemd[1]: fwknop-server.service: Main process
exited, code=exited, status=1/FAILURE
avr 17 18:02:27 hostname systemd[1]: fwknop-server.service: Failed with
result 'exit-code'.
The attached script can be put in /etc/NetworkManager/dispatcher.d/ to
automatically restart fwknop-server when interfaces go up/down.
Francois
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_CA.utf8, LC_CTYPE=fr_CA.utf8 (charmap=UTF-8),
LANGUAGE=fr_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages fwknop-server depends on:
ii init-system-helpers 1.56+nmu1
ii iptables 1.8.2-4
ii libc6 2.28-8
ii libfko3 2.6.10-2
ii libpcap0.8 1.8.1-6
ii lsb-base 10.2019031300
fwknop-server recommends no packages.
Versions of packages fwknop-server suggests:
ii fwknop-apparmor-profile 2.6.10-2
-- Configuration Files:
/etc/default/fwknop-server changed:
START_DAEMON="yes"
DAEMON_ARGS=""
-- no debconf information
#!/bin/sh
# Copyright (c) 2019 Thomas Koch <linrunner at gmx.net>, Francois Marier
<[email protected]> and others.
# This software is licensed under the GPL v2 or later.
save_iface_type () { # save interface type -- $1: interface; $2: type
# rc: 0=saved/1=error
[ -d $NETD/$1 ] && { printf '%s\n' "$2" > $RUNDIR/${1}.itype; } 2> /dev/null
return $?
}
get_iface_type () { # get saved interface type -- $1: interface
# rc: 0=saved state found/1=not found
# retval: $itype
local rc
itype=$(read_sysf $RUNDIR/${1}.itype); rc=$?
rm -f $RUNDIR/${1}.itype
return $rc
}
# Get args
iface="$1"
action="$2"
itype=""
# Quit for invalid interfaces
[ -n "$iface" ] && [ "$iface" != "none" ] || exit 0
# Quit for actions other than "up" and "down"
[ "$action" = "up" ] || [ "$action" = "down" ] || exit 0
# Quit for virtual interfaces (up action)
if [ "$action" = "up" ] && readlink "$NETD/$iface" | grep -q '/virtual/'; then
# save type for down action where $NETD/$iface won't be there anymore
save_iface_type $iface virtual
exit 0
fi
# Get saved interface type (down action)
if [ "$action" = "down" ]; then
get_iface_type $iface
# quit for virtual interfaces
if [ "$itype" = "virtual" ]; then
exit 0
fi
fi
case $action in
up)
/bin/systemctl start fwknop-server.service
;;
down)
/bin/systemctl stop fwknop-server.service
;;
esac
exit 0
