Remove pfsetvlan

addons/monit/monit_checks_configurations/10_packetfence-portsec.tt

@@ -1,11 +1,5 @@
 # PacketFence SNMP checks
 
-CHECK PROCESS packetfence-pfsetvlan MATCHING "pfsetvlan"
-       group PacketFence
-       start program = "/usr/local/pf/bin/pfcmd service pfsetvlan restart" with timeout 60 seconds
-       stop program = "/usr/local/pf/bin/pfcmd service pfsetvlan stop"
-       if 3 restarts within 10 cycles then alert
-
 CHECK PROCESS packetfence-snmptrapd MATCHING "snmptrapd"
        group PacketFence
        start program = "/usr/local/pf/bin/pfcmd service snmptrapd restart" with timeout 60 seconds

addons/packages/packetfence.spec

@@ -475,7 +475,6 @@ done
 %{__install} -D -m0644 conf/systemd/packetfence-pffilter.service $RPM_BUILD_ROOT/usr/lib/systemd/system/packetfence-pffilter.service
 %{__install} -D -m0644 conf/systemd/packetfence-pfmon.service $RPM_BUILD_ROOT/usr/lib/systemd/system/packetfence-pfmon.service
 %{__install} -D -m0644 conf/systemd/packetfence-pfqueue.service $RPM_BUILD_ROOT/usr/lib/systemd/system/packetfence-pfqueue.service
-%{__install} -D -m0644 conf/systemd/packetfence-pfsetvlan.service $RPM_BUILD_ROOT/usr/lib/systemd/system/packetfence-pfsetvlan.service
 %{__install} -D -m0644 conf/systemd/packetfence-pfsso.service $RPM_BUILD_ROOT/usr/lib/systemd/system/packetfence-pfsso.service
 %{__install} -D -m0644 conf/systemd/packetfence-httpd.dispatcher.service $RPM_BUILD_ROOT/usr/lib/systemd/system/packetfence-httpd.dispatcher.service
 %{__install} -D -m0644 conf/systemd/packetfence-radiusd-acct.service $RPM_BUILD_ROOT/usr/lib/systemd/system/packetfence-radiusd-acct.service
@@ -1258,7 +1257,6 @@ fi
 %attr(0755, pf, pf)     /usr/local/pf/sbin/pf-mariadb
 %attr(0755, pf, pf)     /usr/local/pf/sbin/pfmon
 %attr(0755, pf, pf)     /usr/local/pf/sbin/pfqueue
-%attr(0755, pf, pf)     /usr/local/pf/sbin/pfsetvlan
 %attr(0755, pf, pf)     /usr/local/pf/sbin/pffilter
 %attr(0755, pf, pf)     /usr/local/pf/sbin/winbindd-wrapper
 %attr(0755, pf, pf)     /usr/local/pf/sbin/radsniff-wrapper

conf/documentation.conf

@@ -245,13 +245,6 @@ description=<<EOT
 Should httpd.proxy be started? Keep enabled unless you know what you're doing.
 EOT
 
-[services.pfsetvlan]
-type=toggle
-options=enabled|disabled
-description=<<EOT
-Should pfsetvlan be started? Keep enabled unless you know what you're doing.
-EOT
-
 [services.pfmon]
 type=toggle
 options=enabled|disabled
@@ -859,18 +852,6 @@ EOT
 [snmp_traps]
 guide_anchor=_snmp_traps_limit
 
-[snmp_traps.nbtraphandlerthreads]
-type=text
-description=<<EOT
-Number of trap handler threads pfsetvlan should start
-EOT
-
-[snmp_traps.nbtrapparserthreads]
-type=text
-description=<<EOT
-Number of trap parser threads pfsetvlan should start
-EOT
-
 [snmp_traps.closelocationlogonstop]
 type=toggle
 options=enabled|disabled

conf/pf.conf.defaults

@@ -443,11 +443,6 @@ httpd_proxy=enabled
 # Location of the apache binary. Only necessary to change if you are not running the RPMed version.
 httpd_binary=/usr/sbin/httpd
 #
-# services.pfsetvlan
-#
-# Should pfsetvlan be managed by PacketFence?
-pfsetvlan=disabled
-#
 # services.snmptrapd
 #
 # Should snmptrapd be managed by PacketFence?
@@ -602,16 +597,6 @@ pfstats_binary=/usr/local/pf/bin/pfstats
 
 [snmp_traps]
 #
-# snmp_traps.nbtraphandlerthreads
-#
-# Number of trap handler threads pfsetvlan should start
-nbtraphandlerthreads = 5
-#
-# snmp_traps.nbtrapparserthreads
-#
-# Number of trap parser threads pfsetvlan should start
-nbtrapparserthreads = 3
-#
 # snmp_traps.closelocationlogonstop
 #
 # Should open locationlog entries be closed when pfsetvlan is 

debian/rules

@@ -212,7 +212,6 @@ endif
 	dh_installinit --name=packetfence-pffilter
 	dh_installinit --name=packetfence-pfmon
 	dh_installinit --name=packetfence-pfqueue
-	dh_installinit --name=packetfence-pfsetvlan
 	dh_installinit --name=packetfence-pfsso
 	dh_installinit --name=packetfence-radiusd-acct
 	dh_installinit --name=packetfence-radiusd-auth

docs/PacketFence_Developers_Guide.asciidoc

@@ -260,7 +260,7 @@ Perl module, as well as the associated functions.
 VLAN assignment
 ~~~~~~~~~~~~~~~
 
-pfsetvlan uses the `getRegisteredRole` function defined in `pf::role::custom`
+PacketFence uses the `getRegisteredRole` function defined in `pf::role::custom`
 to determine a node's VLAN. Here's the default function:
 
 ----

html/pfappserver/lib/pfappserver/I18N/en.po

@@ -4430,14 +4430,6 @@ msgstr ""
 msgid "Number of times a host will be able to try and self remediate before they are locked out and have to call the help desk. This is useful for users who just <i>click through</i> violation pages."
 msgstr ""
 
-# conf/documentation.conf (snmp_traps.nbtraphandlerthreads)
-msgid "Number of trap handler threads pfsetvlan should start"
-msgstr ""
-
-# conf/documentation.conf (snmp_traps.nbtrapparserthreads)
-msgid "Number of trap parser threads pfsetvlan should start"
-msgstr ""
-
 # html/pfappserver/root/admin/configuration.tt
 msgid "OPSWAT Metadefender"
 msgstr ""
@@ -6690,10 +6682,6 @@ msgstr ""
 msgid "Should pfqueue be started? Keep enabled unless you know what you're doing."
 msgstr ""
 
-# conf/documentation.conf (services.pfsetvlan)
-msgid "Should pfsetvlan be started? Keep enabled unless you know what you're doing."
-msgstr ""
-
 # conf/documentation.conf (services.pfsso)
 msgid "Should pfsso be managed by PacketFence?"
 msgstr ""
@@ -9522,7 +9510,6 @@ msgstr ""
 # conf/documentation.conf (services.pffilter options)
 # conf/documentation.conf (services.pfmon options)
 # conf/documentation.conf (services.pfqueue options)
-# conf/documentation.conf (services.pfsetvlan options)
 # conf/documentation.conf (services.pfsso options)
 # conf/documentation.conf (services.radiusd options)
 # conf/documentation.conf (services.radsniff options)
@@ -9649,7 +9636,6 @@ msgstr ""
 # conf/documentation.conf (services.pffilter options)
 # conf/documentation.conf (services.pfmon options)
 # conf/documentation.conf (services.pfqueue options)
-# conf/documentation.conf (services.pfsetvlan options)
 # conf/documentation.conf (services.pfsso options)
 # conf/documentation.conf (services.radiusd options)
 # conf/documentation.conf (services.radsniff options)
@@ -10885,10 +10871,6 @@ msgstr "pfmon"
 msgid "services.pfqueue"
 msgstr "pfqueue"
 
-# conf/documentation.conf
-msgid "services.pfsetvlan"
-msgstr "pfsetvlan"
-
 # conf/documentation.conf
 msgid "services.pfsso"
 msgstr "pfsso"

html/pfappserver/lib/pfappserver/I18N/fr.po

@@ -4798,14 +4798,6 @@ msgid ""
 "just <i>click through</i> violation pages."
 msgstr "Nombre de fois qu’un appareil aura la possibilité de se redonner un accès au réseau avant que cette possibilité ne soit bloquée et qu’il doive contacter le service informatique. C’est très utile pour les utilisateurs qui négligent les pages de violations. "
 
-# conf/documentation.conf (snmp_traps.nbtraphandlerthreads)
-msgid "Number of trap handler threads pfsetvlan should start"
-msgstr "Nombre de processus que pfsetvlan devrait démarrer"
-
-# conf/documentation.conf (snmp_traps.nbtrapparserthreads)
-msgid "Number of trap parser threads pfsetvlan should start"
-msgstr "Nombre de processus parser que pfsetvlan devrait démarrer"
-
 # html/pfappserver/root/admin/configuration.tt
 msgid "OPSWAT Metadefender"
 msgstr "OPSWAT Metadefender"
@@ -7185,11 +7177,6 @@ msgid ""
 "Should pfqueue be started? Keep enabled unless you know what you're doing."
 msgstr "Est-ce que pfqueue doit être démarré ? Gardez le activé sauf si vous savez ce que vous faites."
 
-# conf/documentation.conf (services.pfsetvlan)
-msgid ""
-"Should pfsetvlan be started? Keep enabled unless you know what you're doing."
-msgstr "Est-ce que pfsetvlan doit être démarré ? Gardez le activé sauf si vous savez ce que vous faites."
-
 # conf/documentation.conf (services.pfsso)
 msgid "Should pfsso be managed by PacketFence?"
 msgstr "Est-ce que pfsso doit être géré par PacketFence ?"
@@ -10348,7 +10335,6 @@ msgstr "dhcplistener"
 # conf/documentation.conf (services.pffilter options)
 # conf/documentation.conf (services.pfmon options)
 # conf/documentation.conf (services.pfqueue options)
-# conf/documentation.conf (services.pfsetvlan options)
 # conf/documentation.conf (services.pfsso options)
 # conf/documentation.conf (services.radiusd options)
 # conf/documentation.conf (services.radsniff options)
@@ -10481,7 +10467,6 @@ msgstr "en_US"
 # conf/documentation.conf (services.pffilter options)
 # conf/documentation.conf (services.pfmon options)
 # conf/documentation.conf (services.pfqueue options)
-# conf/documentation.conf (services.pfsetvlan options)
 # conf/documentation.conf (services.pfsso options)
 # conf/documentation.conf (services.radiusd options)
 # conf/documentation.conf (services.radsniff options)
@@ -11721,10 +11706,6 @@ msgstr "pfmon"
 msgid "services.pfqueue"
 msgstr "pfqueue"
 
-# conf/documentation.conf
-msgid "services.pfsetvlan"
-msgstr "pfsetvlan"
-
 # conf/documentation.conf
 msgid "services.pfsso"
 msgstr "pfsso"

lib/pf/Switch/Juniper.pm

@@ -45,8 +45,6 @@ use pf::util;
 # TODO implement supportsSnmpTraps globally
 sub supportsSnmpTraps { return $FALSE; }
 sub supportsWiredMacAuth { return $TRUE; }
-# TODO to support Wired dot1x, we'll need to refactor pfsetvlan to send control over here to do a clear dot1x
-# (instead of SNMP PAE reAuthenticate because the switch doesn't support writing to the IF-MIB)
 sub supportsWiredDot1x { return $FALSE; }
 # inline capabilities
 sub inlineCapabilities { return ($MAC,$PORT); }

lib/pf/Switch/MockedSwitch.pm

@@ -6,7 +6,6 @@ pf::Switch::MockedSwitch - Fake switch module designed to document our interface
 
 =head1 SYNOPSIS
 
-pf::Switch::MockedSwitch is first an exercice to be able to see what our pfsetvlan daemon does under stress.
 As it was implemented it became obvious that it would be useful to help us understand our own switch interfaces too.
 
 This modules extends pf::Switch.

lib/pf/Switch/PacketFence.pm

@@ -112,7 +112,7 @@ sub sendLocalDesAssociateTrap {
 
 =head2 sendLocalFirewallRequestTrap
 
-Sends a local trap meant to trigger firewall changes in pfsetvlan
+Sends a local trap meant to trigger firewall changes for pf::snmptrapd
 
 =cut
 

lib/pf/cmd/pf/service.pm

@@ -36,7 +36,6 @@ Services managed by PacketFence:
   pffilter         | PF conditions filtering daemon
   pfmon            | PF monitoring daemon
   pfqueue          | PF queueing service
-  pfsetvlan        | PF VLAN isolation daemon
   pfstats          | PF statistics daemon
   radiusd          | FreeRADIUS daemon
   radsniff         | radsniff daemon

lib/pf/enforcement.pm

@@ -128,7 +128,7 @@ sub reevaluate_access {
 
 =item _vlan_reevaluation
 
-Sends local SNMP traps to pfsetvlan if we should reevaluate the VLAN of a node.
+reevaluate the VLAN of a node.
 
 =cut
 

lib/pf/services/manager/snmptrapd.pm

@@ -72,9 +72,7 @@ sub generateConfig {
     if ($management_ip) {
         $tags{'snmpTrapdAddr'} = "snmpTrapdAddr $management_ip";
     }
-    if (isdisabled($Config{services}{pfsetvlan})) {
-        $tags{perlaction} = "perl do \"/usr/local/pf/lib/pf/snmptrapd.pm\";\n";
-    }
+    $tags{perlaction} = "perl do \"/usr/local/pf/lib/pf/snmptrapd.pm\";\n";
 
     foreach my $user_key ( sort keys %$snmpv3_users ) {
         $tags{'userLines'} .= "createUser " . $snmpv3_users->{$user_key} . "\n";

packetfence.init

@@ -106,10 +106,6 @@ case "$1" in
   condrestart)
 	if [ -f /usr/local/pf/var/run/pfmon.pid ]; then
 		restart
-	else
-		if [ -f /usr/local/pf/var/run/pfsetvlan.pid ]; then
-			restart
-		fi
 	fi
 	;;
   *)