Permalink
Browse files

first cut at UDP server mode

  • Loading branch information...
mrash committed Sep 28, 2014
1 parent c07afac commit 1fd0e7e96012d9bdce0a2a3912bff3498fff3637
View
@@ -166,6 +166,20 @@ if test "x$want_fuzzing_interfaces" = "xyes"; then
AC_DEFINE([FUZZING_INTERFACES], [1], [Define for fuzzing interfaces support])
fi
dnl Decide whether or not to enable UDP listener mode (no libpcap dependency)
dnl
want_udp_listener=no
AC_ARG_ENABLE([udp-listener],
[AS_HELP_STRING([--enable-udp-listener],
[Enable UDP listener mode (no libpcap dependency) @<:@default is to disable@:>@])],
[want_udp_listener=$enableval],
[])
AM_CONDITIONAL([UDP_LISTENER], [test "$want_udp_listener" = yes])
#if test "$want_udp_listener" = yes; then
# AC_DEFINE([UDP_LISTENER], [1], [Define for UDP listener mode])
#fi
dnl Decide whether or not to enable all warnings with -Wall
dnl
use_wall=yes
@@ -430,12 +444,18 @@ AS_IF([test "x$WGET_EXE" != x],
dnl Check for libpcap, gdbm (or ndbm) if we are building the server component
dnl
AS_IF([test "$want_server" = yes], [
use_libpcap=no
AS_IF([test "$want_udp_listener" = no], [
# Looking for libpcap
#
AC_CHECK_LIB([pcap],[pcap_open_live],
[ AC_DEFINE([HAVE_LIBPCAP], [1], [Define if you have libpcap]) ],
[ AC_MSG_ERROR([fwknopd needs libpcap])]
)
use_libpcap=yes
])
AM_CONDITIONAL([USE_LIBPCAP], [test x$use_libpcap = xyes])
AS_IF([test "$want_digest_cache" = yes], [
use_ndbm=no
@@ -674,6 +694,10 @@ if [test "$want_server" = "yes" ]; then
firewall type: $FIREWALL_TYPE
firewall program path: $FIREWALL_EXE
"
if [test "$want_udp_listener" = "yes" ]; then
echo " UDP listener mode enabled, no libpcap dependency
"
fi
if [test "$want_digest_cache" = "no" ]; then
echo " *WARNING*
View
@@ -6,16 +6,21 @@ fwknopd_SOURCES = fwknopd.c fwknopd.h config_init.c config_init.h \
process_packet.h log_msg.c log_msg.h utils.c utils.h \
sig_handler.c sig_handler.h replay_cache.c replay_cache.h \
access.c access.h fwknopd_errors.c fwknopd_errors.h \
tcp_server.c tcp_server.h extcmd.c extcmd.h \
tcp_server.c tcp_server.h udp_server.c udp_server.h \
fw_util.c fw_util.h fw_util_ipf.c fw_util_ipf.h \
fw_util_firewalld.c fw_util_firewalld.h \
fw_util_iptables.c fw_util_iptables.h \
fw_util_ipfw.c fw_util_ipfw.h \
fw_util_pf.c fw_util_pf.h cmd_opts.h
fw_util_pf.c fw_util_pf.h cmd_opts.h \
extcmd.c extcmd.h
fwknopd_LDADD = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.a -lpcap
fwknopd_LDADD = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.a
if ! CONFIG_FILE_CACHE
if USE_LIBPCAP
fwknopd_LDADD += -lpcap
endif
if !CONFIG_FILE_CACHE
if USE_NDBM
fwknopd_LDADD += -lndbm
else
View
@@ -57,6 +57,8 @@ static char *config_map[NUMBER_OF_CONFIG_ENTRIES] = {
"ENABLE_SPA_OVER_HTTP",
"ENABLE_TCP_SERVER",
"TCPSERV_PORT",
"ENABLE_UDP_SERVER",
"UDPSERV_PORT",
"LOCALE",
"SYSLOG_IDENTITY",
"SYSLOG_FACILITY",
@@ -186,6 +188,7 @@ static struct option cmd_opts[] =
{"restart", 0, NULL, 'R'},
{"status", 0, NULL, 'S'},
{"test", 0, NULL, 't'},
{"udp-server", 0, NULL, 'U'},
{"verbose", 0, NULL, 'v'},
{"version", 0, NULL, 'V'},
{0, 0, 0, 0}
View
@@ -151,6 +151,8 @@ validate_int_var_ranges(fko_srv_options_t *opts)
1, RCHK_MAX_SNIFF_BYTES);
range_check(opts, "TCPSERV_PORT", opts->config[CONF_TCPSERV_PORT],
1, RCHK_MAX_TCPSERV_PORT);
range_check(opts, "UDPSERV_PORT", opts->config[CONF_UDPSERV_PORT],
1, RCHK_MAX_UDPSERV_PORT);
#if FIREWALL_IPFW
range_check(opts, "IPFW_START_RULE_NUM", opts->config[CONF_IPFW_START_RULE_NUM],
@@ -808,6 +810,16 @@ validate_options(fko_srv_options_t *opts)
if(opts->config[CONF_TCPSERV_PORT] == NULL)
set_config_entry(opts, CONF_TCPSERV_PORT, DEF_TCPSERV_PORT);
/* Enable UDP server.
*/
if(opts->config[CONF_ENABLE_UDP_SERVER] == NULL)
set_config_entry(opts, CONF_ENABLE_UDP_SERVER, DEF_ENABLE_UDP_SERVER);
/* UDP Server port.
*/
if(opts->config[CONF_UDPSERV_PORT] == NULL)
set_config_entry(opts, CONF_UDPSERV_PORT, DEF_UDPSERV_PORT);
/* Syslog identity.
*/
if(opts->config[CONF_SYSLOG_IDENTITY] == NULL)
@@ -1113,6 +1125,9 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
case 't':
opts->test = 1;
break;
case 'U':
opts->enable_udp_server = 1;
break;
/* Verbosity level */
case 'v':
opts->verbose++;
View
@@ -31,14 +31,14 @@
#include "fwknopd.h"
#include "access.h"
#include "config_init.h"
#include "process_packet.h"
#include "pcap_capture.h"
#include "log_msg.h"
#include "utils.h"
#include "fw_util.h"
#include "sig_handler.h"
#include "replay_cache.h"
#include "tcp_server.h"
#include "udp_server.h"
/* Prototypes
*/
@@ -178,7 +178,20 @@ main(int argc, char **argv)
if(!opts.test && (fw_initialize(&opts) != 1))
clean_exit(&opts, FW_CLEANUP, EXIT_FAILURE);
/* If the TCP server option was set, fire it up here.
/* If we are to acquire SPA data via a UDP socket, start it up here.
*/
if(1 || strncasecmp(opts.config[CONF_ENABLE_UDP_SERVER], "Y", 1) == 0)
{
if(run_udp_server(&opts) < 0)
{
log_msg(LOG_ERR, "Fatal run_udp_server() error");
clean_exit(&opts, FW_CLEANUP, EXIT_FAILURE);
}
}
/* If the TCP server option was set, fire it up here. Note that in
* this mode, fwknopd still acquires SPA packets via libpcap. If you
* want to use UDP only without the libpcap dependency, see the FIXME...
*/
if(strncasecmp(opts.config[CONF_ENABLE_TCP_SERVER], "Y", 1) == 0)
{
@@ -189,9 +202,12 @@ main(int argc, char **argv)
}
}
#if USE_LIBPCAP
/* Intiate pcap capture mode...
*/
pcap_capture(&opts);
if(strncasecmp(opts.config[CONF_ENABLE_UDP_SERVER], "N", 1) == 0)
pcap_capture(&opts);
#endif
/* Deal with any signals that we've received and break out
* of the loop for any terminating signals
View
@@ -101,6 +101,8 @@
#define DEF_ENABLE_SPA_OVER_HTTP "N"
#define DEF_ENABLE_TCP_SERVER "N"
#define DEF_TCPSERV_PORT "62201"
#define DEF_ENABLE_UDP_SERVER "N"
#define DEF_UDPSERV_PORT "62201"
#define DEF_SYSLOG_IDENTITY MY_NAME
#define DEF_SYSLOG_FACILITY "LOG_DAEMON"
@@ -112,6 +114,7 @@
#define RCHK_MAX_SPA_PACKET_AGE 100000 /* seconds, can disable */
#define RCHK_MAX_SNIFF_BYTES (2 << 14)
#define RCHK_MAX_TCPSERV_PORT ((2 << 16) - 1)
#define RCHK_MAX_UDPSERV_PORT ((2 << 16) - 1)
#define RCHK_MAX_PCAP_DISPATCH_COUNT (2 << 22)
#define RCHK_MAX_FW_TIMEOUT (2 << 22)
@@ -225,6 +228,8 @@ enum {
CONF_ENABLE_SPA_OVER_HTTP,
CONF_ENABLE_TCP_SERVER,
CONF_TCPSERV_PORT,
CONF_ENABLE_UDP_SERVER,
CONF_UDPSERV_PORT,
CONF_LOCALE,
CONF_SYSLOG_IDENTITY,
CONF_SYSLOG_FACILITY,
@@ -565,6 +570,7 @@ typedef struct fko_srv_options
unsigned char test; /* Test mode flag */
unsigned char verbose; /* Verbose mode flag */
unsigned char exit_after_parse_config; /* Parse config and exit */
unsigned char enable_udp_server; /* Enable UDP server mode */
unsigned char firewd_disable_check_support; /* Don't use firewall-cmd ... -C */
unsigned char ipt_disable_check_support; /* Don't use iptables -C */
View
@@ -28,6 +28,9 @@
*
*****************************************************************************
*/
#if HAVE_LIBPCAP
#include <pcap.h>
#include "fwknopd_common.h"
@@ -347,4 +350,6 @@ pcap_capture(fko_srv_options_t *opts)
return(0);
}
#endif /* HAVE_LIBPCAP */
/***EOF***/
View
@@ -46,6 +46,8 @@
/* Prototypes
*/
#if HAVE_LIBPCAP
void process_packet(unsigned char *args, const struct pcap_pkthdr *packet_header, const unsigned char *packet);
#endif
#endif /* PROCESS_PACKET_H */
Oops, something went wrong.

0 comments on commit 1fd0e7e

Please sign in to comment.