Use setrlimit() in broctl, at least 256 FDs are needed.

Fix rc_reload().
2016-10-07 10:05:16 +00:00 · 2016-10-07 10:05:16 +00:00 · b80174936d
commit b80174936d
parent 0a01921210
4 changed files with 32 additions and 28 deletions
--- a/net/bro/Makefile
+++ b/net/bro/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.24 2016/09/17 14:42:13 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.25 2016/10/07 10:05:16 ajacoutot Exp $

 COMMENT=		network analysis and security monitoring framework

 DISTNAME=		bro-2.4.1
-REVISION=		5
+REVISION=		6

 SHARED_LIBS +=  broccoli                  5.1 # 5.1

--- a/net/bro/patches/patch-aux_broctl_bin_broctl_in
+++ b/net/bro/patches/patch-aux_broctl_bin_broctl_in
@ -0,0 +1,25 @@
+$OpenBSD: patch-aux_broctl_bin_broctl_in,v 1.1 2016/10/07 10:05:16 ajacoutot Exp $
+
+Several bro(8) commands require more open file descriptors than the default.
+
+--- aux/broctl/bin/broctl.in.orig	Sun Sep  6 21:43:34 2015
+++ aux/broctl/bin/broctl.in	Fri Oct  7 12:04:00 2016
+@@ -6,6 +6,7 @@ from __future__ import print_function
+ import sys
+ import time
+ import logging
+import resource
+ 
+ # This is needed so that we can import BroControl.
+ sys.path.insert(0, "@PREFIX@/lib/broctl")
+@@ -746,6 +747,10 @@ def main():
+         from BroControl import printdoc
+         printdoc.print_broctl_docs(sys.argv[2], BroCtlCmdLoop)
+         return 0
+
+    soft, hard = resource.getrlimit(resource.RLIMIT_NOFILE)
+    if soft < 256:
+        resource.setrlimit(resource.RLIMIT_NOFILE, (256, hard))
+ 
+     interactive = True
+     if len(sys.argv) > 1:
--- a/net/bro/pkg/README
+++ b/net/bro/pkg/README
@ -1,4 +1,4 @@
-$OpenBSD: README,v 1.4 2016/09/08 08:16:12 ajacoutot Exp $
+$OpenBSD: README,v 1.5 2016/10/07 10:05:16 ajacoutot Exp $

 +-----------------------------------------------------------------------
 | Running ${FULLPKGNAME} on OpenBSD
@ -13,27 +13,6 @@ Before starting bro(8) for the first time, the "interface" must be properly
 configured under:
    ${SYSCONFDIR}/bro/node.cfg

-And the configuration and policies must be installed by running:
+And the configuration and policies must be installed and deployed by running:
    broctl install
-
-File descriptors limit
-======================
-
-Both bro(8) and broctl(8) need to bump their nofile limits.
-
-bro (daemon)
------------
-The following lines can be added to login.conf(5):
-
-    bro:\
-    	:openfiles-cur=512:\
-    	:tc=daemon:
-
-Then the login.conf.db can be rebuilt file if necessary:
-    [ -f /etc/login.conf.db ] && cap_mkdb /etc/login.conf
-
-bro and broctl (CLI)
--------------------
-Some subcommands like "deploy" may require more file descriptors.
-e.g.
-    ulimit -n 512; broctl deploy
+    broctl deploy # this will start bro(8)
--- a/net/bro/pkg/bro.rc
+++ b/net/bro/pkg/bro.rc
@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $OpenBSD: bro.rc,v 1.1 2016/08/27 06:39:14 ajacoutot Exp $
+# $OpenBSD: bro.rc,v 1.2 2016/10/07 10:05:16 ajacoutot Exp $

 daemon="${TRUEPREFIX}/bin/broctl"
 daemon_flags="start"
@ -12,7 +12,7 @@ rc_check() {
 }

 rc_reload() {
-	${daemon} reload
+	${daemon} update
 }

 rc_stop() {