Permalink
Browse files

first cut at UDP server mode

  • Loading branch information...
1 parent c07afac commit 1fd0e7e96012d9bdce0a2a3912bff3498fff3637 @mrash committed Sep 28, 2014
View
@@ -166,6 +166,20 @@ if test "x$want_fuzzing_interfaces" = "xyes"; then
AC_DEFINE([FUZZING_INTERFACES], [1], [Define for fuzzing interfaces support])
fi
+dnl Decide whether or not to enable UDP listener mode (no libpcap dependency)
+dnl
+want_udp_listener=no
+AC_ARG_ENABLE([udp-listener],
+ [AS_HELP_STRING([--enable-udp-listener],
+ [Enable UDP listener mode (no libpcap dependency) @<:@default is to disable@:>@])],
+ [want_udp_listener=$enableval],
+ [])
+AM_CONDITIONAL([UDP_LISTENER], [test "$want_udp_listener" = yes])
+
+#if test "$want_udp_listener" = yes; then
+# AC_DEFINE([UDP_LISTENER], [1], [Define for UDP listener mode])
+#fi
+
dnl Decide whether or not to enable all warnings with -Wall
dnl
use_wall=yes
@@ -430,12 +444,18 @@ AS_IF([test "x$WGET_EXE" != x],
dnl Check for libpcap, gdbm (or ndbm) if we are building the server component
dnl
AS_IF([test "$want_server" = yes], [
+
+ use_libpcap=no
+ AS_IF([test "$want_udp_listener" = no], [
# Looking for libpcap
#
AC_CHECK_LIB([pcap],[pcap_open_live],
[ AC_DEFINE([HAVE_LIBPCAP], [1], [Define if you have libpcap]) ],
[ AC_MSG_ERROR([fwknopd needs libpcap])]
)
+ use_libpcap=yes
+ ])
+ AM_CONDITIONAL([USE_LIBPCAP], [test x$use_libpcap = xyes])
AS_IF([test "$want_digest_cache" = yes], [
use_ndbm=no
@@ -674,6 +694,10 @@ if [test "$want_server" = "yes" ]; then
firewall type: $FIREWALL_TYPE
firewall program path: $FIREWALL_EXE
"
+if [test "$want_udp_listener" = "yes" ]; then
+ echo " UDP listener mode enabled, no libpcap dependency
+"
+ fi
if [test "$want_digest_cache" = "no" ]; then
echo " *WARNING*
View
@@ -6,16 +6,21 @@ fwknopd_SOURCES = fwknopd.c fwknopd.h config_init.c config_init.h \
process_packet.h log_msg.c log_msg.h utils.c utils.h \
sig_handler.c sig_handler.h replay_cache.c replay_cache.h \
access.c access.h fwknopd_errors.c fwknopd_errors.h \
- tcp_server.c tcp_server.h extcmd.c extcmd.h \
+ tcp_server.c tcp_server.h udp_server.c udp_server.h \
fw_util.c fw_util.h fw_util_ipf.c fw_util_ipf.h \
fw_util_firewalld.c fw_util_firewalld.h \
fw_util_iptables.c fw_util_iptables.h \
fw_util_ipfw.c fw_util_ipfw.h \
- fw_util_pf.c fw_util_pf.h cmd_opts.h
+ fw_util_pf.c fw_util_pf.h cmd_opts.h \
+ extcmd.c extcmd.h
-fwknopd_LDADD = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.a -lpcap
+fwknopd_LDADD = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.a
-if ! CONFIG_FILE_CACHE
+if USE_LIBPCAP
+ fwknopd_LDADD += -lpcap
+endif
+
+if !CONFIG_FILE_CACHE
if USE_NDBM
fwknopd_LDADD += -lndbm
else
View
@@ -57,6 +57,8 @@ static char *config_map[NUMBER_OF_CONFIG_ENTRIES] = {
"ENABLE_SPA_OVER_HTTP",
"ENABLE_TCP_SERVER",
"TCPSERV_PORT",
+ "ENABLE_UDP_SERVER",
+ "UDPSERV_PORT",
"LOCALE",
"SYSLOG_IDENTITY",
"SYSLOG_FACILITY",
@@ -186,6 +188,7 @@ static struct option cmd_opts[] =
{"restart", 0, NULL, 'R'},
{"status", 0, NULL, 'S'},
{"test", 0, NULL, 't'},
+ {"udp-server", 0, NULL, 'U'},
{"verbose", 0, NULL, 'v'},
{"version", 0, NULL, 'V'},
{0, 0, 0, 0}
View
@@ -151,6 +151,8 @@ validate_int_var_ranges(fko_srv_options_t *opts)
1, RCHK_MAX_SNIFF_BYTES);
range_check(opts, "TCPSERV_PORT", opts->config[CONF_TCPSERV_PORT],
1, RCHK_MAX_TCPSERV_PORT);
+ range_check(opts, "UDPSERV_PORT", opts->config[CONF_UDPSERV_PORT],
+ 1, RCHK_MAX_UDPSERV_PORT);
#if FIREWALL_IPFW
range_check(opts, "IPFW_START_RULE_NUM", opts->config[CONF_IPFW_START_RULE_NUM],
@@ -808,6 +810,16 @@ validate_options(fko_srv_options_t *opts)
if(opts->config[CONF_TCPSERV_PORT] == NULL)
set_config_entry(opts, CONF_TCPSERV_PORT, DEF_TCPSERV_PORT);
+ /* Enable UDP server.
+ */
+ if(opts->config[CONF_ENABLE_UDP_SERVER] == NULL)
+ set_config_entry(opts, CONF_ENABLE_UDP_SERVER, DEF_ENABLE_UDP_SERVER);
+
+ /* UDP Server port.
+ */
+ if(opts->config[CONF_UDPSERV_PORT] == NULL)
+ set_config_entry(opts, CONF_UDPSERV_PORT, DEF_UDPSERV_PORT);
+
/* Syslog identity.
*/
if(opts->config[CONF_SYSLOG_IDENTITY] == NULL)
@@ -1113,6 +1125,9 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
case 't':
opts->test = 1;
break;
+ case 'U':
+ opts->enable_udp_server = 1;
+ break;
/* Verbosity level */
case 'v':
opts->verbose++;
View
@@ -31,14 +31,14 @@
#include "fwknopd.h"
#include "access.h"
#include "config_init.h"
-#include "process_packet.h"
#include "pcap_capture.h"
#include "log_msg.h"
#include "utils.h"
#include "fw_util.h"
#include "sig_handler.h"
#include "replay_cache.h"
#include "tcp_server.h"
+#include "udp_server.h"
/* Prototypes
*/
@@ -178,7 +178,20 @@ main(int argc, char **argv)
if(!opts.test && (fw_initialize(&opts) != 1))
clean_exit(&opts, FW_CLEANUP, EXIT_FAILURE);
- /* If the TCP server option was set, fire it up here.
+ /* If we are to acquire SPA data via a UDP socket, start it up here.
+ */
+ if(1 || strncasecmp(opts.config[CONF_ENABLE_UDP_SERVER], "Y", 1) == 0)
+ {
+ if(run_udp_server(&opts) < 0)
+ {
+ log_msg(LOG_ERR, "Fatal run_udp_server() error");
+ clean_exit(&opts, FW_CLEANUP, EXIT_FAILURE);
+ }
+ }
+
+ /* If the TCP server option was set, fire it up here. Note that in
+ * this mode, fwknopd still acquires SPA packets via libpcap. If you
+ * want to use UDP only without the libpcap dependency, see the FIXME...
*/
if(strncasecmp(opts.config[CONF_ENABLE_TCP_SERVER], "Y", 1) == 0)
{
@@ -189,9 +202,12 @@ main(int argc, char **argv)
}
}
+#if USE_LIBPCAP
/* Intiate pcap capture mode...
*/
- pcap_capture(&opts);
+ if(strncasecmp(opts.config[CONF_ENABLE_UDP_SERVER], "N", 1) == 0)
+ pcap_capture(&opts);
+#endif
/* Deal with any signals that we've received and break out
* of the loop for any terminating signals
@@ -101,6 +101,8 @@
#define DEF_ENABLE_SPA_OVER_HTTP "N"
#define DEF_ENABLE_TCP_SERVER "N"
#define DEF_TCPSERV_PORT "62201"
+#define DEF_ENABLE_UDP_SERVER "N"
+#define DEF_UDPSERV_PORT "62201"
#define DEF_SYSLOG_IDENTITY MY_NAME
#define DEF_SYSLOG_FACILITY "LOG_DAEMON"
@@ -112,6 +114,7 @@
#define RCHK_MAX_SPA_PACKET_AGE 100000 /* seconds, can disable */
#define RCHK_MAX_SNIFF_BYTES (2 << 14)
#define RCHK_MAX_TCPSERV_PORT ((2 << 16) - 1)
+#define RCHK_MAX_UDPSERV_PORT ((2 << 16) - 1)
#define RCHK_MAX_PCAP_DISPATCH_COUNT (2 << 22)
#define RCHK_MAX_FW_TIMEOUT (2 << 22)
@@ -225,6 +228,8 @@ enum {
CONF_ENABLE_SPA_OVER_HTTP,
CONF_ENABLE_TCP_SERVER,
CONF_TCPSERV_PORT,
+ CONF_ENABLE_UDP_SERVER,
+ CONF_UDPSERV_PORT,
CONF_LOCALE,
CONF_SYSLOG_IDENTITY,
CONF_SYSLOG_FACILITY,
@@ -565,6 +570,7 @@ typedef struct fko_srv_options
unsigned char test; /* Test mode flag */
unsigned char verbose; /* Verbose mode flag */
unsigned char exit_after_parse_config; /* Parse config and exit */
+ unsigned char enable_udp_server; /* Enable UDP server mode */
unsigned char firewd_disable_check_support; /* Don't use firewall-cmd ... -C */
unsigned char ipt_disable_check_support; /* Don't use iptables -C */
@@ -28,6 +28,9 @@
*
*****************************************************************************
*/
+
+#if HAVE_LIBPCAP
+
#include <pcap.h>
#include "fwknopd_common.h"
@@ -347,4 +350,6 @@ pcap_capture(fko_srv_options_t *opts)
return(0);
}
+#endif /* HAVE_LIBPCAP */
+
/***EOF***/
@@ -46,6 +46,8 @@
/* Prototypes
*/
+#if HAVE_LIBPCAP
void process_packet(unsigned char *args, const struct pcap_pkthdr *packet_header, const unsigned char *packet);
+#endif
#endif /* PROCESS_PACKET_H */
Oops, something went wrong.

0 comments on commit 1fd0e7e

Please sign in to comment.