[systemd-devel] udp socket-activation "fake-service"

Reindl Harald h.reindl at thelounge.net
Mon Mar 18 10:31:20 UTC 2019



Am 18.03.19 um 10:54 schrieb Lennart Poettering:
> On Sa, 16.03.19 05:52, Reindl Harald (h.reindl at thelounge.net) wrote:
> 
>> Hi
>>
>> for a firewall development setup (nested virtualization) i have running
>> a tcp service like below on a VM liesting on a complete /24 network
>> behind a NAT
>>
>>
>> with "udpsvd" at least something works for "nmap -p 53 -sU -P0 host" on
>> a single port and always running - is there some way to get a similar
>> udp service?
>>
>> "ListenDatagram=53" works only without "Accept=yes" and without a
>> template-serivce but even then it's finally failing
>>
>> goal would be listening on at least port 53 or better a ton of ports for
>> udp to run port-scans and validate the fiewall ruleset without a ton of
>> persistent running udpsvd-processes
> 
> I am not fully grokking what you are trying to do, but to recv UDP
> dgrams you'd have to write a tiny program that calls recvfrom() (or a
> similar syscall) on the sockets passed, and then replies to it with
> sendto() (or a similar syscall), using the address of the source
> (i.e. the struct sockaddr recvfrom() returns) to respond to the dgram.

listen on UDP 1-1024 with socket activation to NMAP scan over ac omplete
network (the dummy machine has all ip addresses from 2-254 in the /24)
and verify a firewall setup which goes so 1:1 into production

in other words: i don't care what process after socket activation does,
i just need to see in NMAP if the port is open cor closed through the
firewall

udpsvd is a long running process which don't cale up to 2014 processes
and seems to only support ipv4 as i can see in "ss"

> You can easily hack that up in C or some scripting language. I am not
> aware of a ready-made tool that can do that for you, in particularly
> of non that is capable of doing that for more than one listening UDP
> socket at a time.
well, not that easily obvious otherwise i would already have done, C is
outside my scope, i don't find anything useful and there is nothing than
ash on that system

i guess someone could up with a simple and tiny c code working with
socket activation and doe snot more than singnal "yes, i am up and
running" to any client, sadly i can't :-(


More information about the systemd-devel mailing list