Bug #3584
closedarpwatch package fails to start in pfsense 2.1.1
0%
Description
I'm not sure if this is a bug with arpwatch or with pfsense 2.1.1, it did not happen in pfsense 2.1 though, with the same release of arpwatch (2.1.a15_6 pkg v1.1.1), so I'm filing it in the pfsense section, also because there is an inconsistency with the services status web page (pfsense informs that arpwatch has been started, while it actually hasn't).
Description:
When the web configurator page is used to configure arpwatch, and the changes are applied, the autogenerated script /usr/local/etc/rc.d/arpwatch.sh is compiled with quotation marks enclosing the e-mail address to use for notifications, including the -m flag, like in this example:
/usr/local/sbin/arpwatch -f /var/log/arp.dat "-m someemailaddress@someemailserver.com" -i em0 > /var/log/arpwatch.reports 2>&1 &
Note that if no email address has been configured for notifications in System:Advanced:Notifications, quotation marks are still added, like this:
/usr/local/sbin/arpwatch -f /var/log/arp.dat "" -i em0 > /var/log/arpwatch.reports 2>&1 &
The presence of the quotation marks cause arpwatch to fail to start every time the script is invoked, eg. by starting the service from the web configurator gui or by rebooting pfsense. Nothing is logged in the system log though, and when starting arpwatch is attempted from the web configurator, the "arpwatch has been started" message comes up, but arpwatch doesn't actually start.
Workaround:
After applying any change to the web configurator arpwatch page, remove the quotation marks from the command above in /usr/local/etc/rc.d/arpwatch.sh
Steps to reproduce:
- Upgrade pfsense from 2.1 to 2.1.1 (confirmed) or just install 2.1.1 fresh (to be confirmed);
- Install or reinstall the arpwatch package 2.1.a15_6 pkg v1.1.1
- Configure the arpwatch package from the web configurator gui
- Verify that the /usr/local/etc/rc.d/arpwatch.sh has been automatically generated with quotation marks in the start command as detailed above
- Verify that arpwatch fails to start from the web configurator gui or by rebooting pfsense
- Verify that arpwatch starts correctly by manually editing the above script and removing the added quotation marks
Updated by Phillip Davis over 10 years ago
This recent commit introduced those quotes to the arpwatch package: https://github.com/pfsense/pfsense-packages/commit/fc65960f7eeaa45d5f0df1e57bb8868a80180fa0
I think moving the quotes like this will fix it: https://github.com/pfsense/pfsense-packages/pull/643
Can you try making that change to arpwatch.xml and see if it is happy when you leave email addres blank, and when you put an email address?
Updated by Max Frames over 10 years ago
Thanks for the quick response which was right on the spot.
I made the proposed change to /usr/local/pkg/arpwatch.xml and it seems to have solved the issue.
Now, if the option to notify by email has been set, the generated command is:
/usr/local/sbin/arpwatch -f /var/log/arp.dat -m "someemailaddress@someemailserver.com" -i em0 > /var/log/arpwatch.reports 2>&1 &
While if the option to notify by email has not been set, the generated command is:
/usr/local/sbin/arpwatch -f /var/log/arp.dat -i em0 > /var/log/arpwatch.reports 2>&1 &
As you can see there is an extra space before -i but that doesn't pose a problem.
Both commands seem to work, meaning that arpwatch starts as supposed to, via web configurator gui, via service watchdog or by rebooting.
If we really do need the quotation marks, that's the correct way to implement them it seems.
Updated by Chris Buechler over 10 years ago
- Project changed from pfSense to pfSense Packages
Updated by Phillip Davis over 10 years ago
@Max - the changes were committed a while ago. arpwatch v1.1.2 and later should be fixed. Can you confirm that this issue is fixed?