[milters] Archive

Lists Index Date Thread Search

Article: 1610
From: Anthony Howe
Date: 2007-06-05 06:26:32 -0400
Subject: Re: milter-p0f error

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

S y s C o / lz wrote:
> Jun  5 10:07:09 sysnux milter-p0f[1744]: 00061 NOQUEUE: > src 65.xx.xx.xx p=
> ort 19023 dst 212.xx.xx.xx port 25

p0f query made

> Jun  5 10:07:09 sysnux milter-p0f[1744]: 00061 NOQUEUE: < 144 bytes

p0f response returned

> Jun  5 10:07:09 sysnux milter-p0f[1744]: 00061 NOQUEUE: p0f server query er=
> ror (1)

The majority of log messages in my milters are unique and so can be 
searched for to find the specific error location.

	if (data->p_response.magic != QUERY_MAGIC || data->p_response.type != 
RESP_OK) {
		syslog(LOG_ERR, TAG_FORMAT "p0f server query error (%d)", TAG_ARGS, 
data->p_response.type);
		goto error2;
	}

So either the QUERY_MAGIC value is wrong possibly do to changes between 
p0f versions (not likely) or the response code was not RESP_OK. The 
value 1 is reported and reading the p0f-query.h header file, 1 = 
RESP_BADQUERY. (version I consulted is 2.0.5 - latest version is 2.0.8)

(sudden silence, sharp intake of breath, followed by much swearing)

I've just compared p0f-query.h in 2.0.5, which I built my milter 
against, and 2.0.8. It would appear that the p0f query structure changed 
between releases, without changing the minor version number to signal 
some significant change in data structure/protocol.

I'll have to update milter-p0f to support p0f-2.0.8 differences.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         ICQ: 7116561      Sendmail Milter Solutions
http://www.snert.com/                 
     http://www.snertsoft.com/

Lists Index Date Thread Search