[systemd-devel] udp socket-activation "fake-service"

Reindl Harald h.reindl at thelounge.net
Mon Mar 18 16:29:39 UTC 2019 


Am 18.03.19 um 11:31 schrieb Reindl Harald:
> Am 18.03.19 um 10:54 schrieb Lennart Poettering:
>> I am not fully grokking what you are trying to do, but to recv UDP
>> dgrams you'd have to write a tiny program that calls recvfrom() (or a
>> similar syscall) on the sockets passed, and then replies to it with
>> sendto() (or a similar syscall), using the address of the source
>> (i.e. the struct sockaddr recvfrom() returns) to respond to the dgram.
> 
> listen on UDP 1-1024 with socket activation to NMAP scan over ac omplete
> network (the dummy machine has all ip addresses from 2-254 in the /24)
> and verify a firewall setup which goes so 1:1 into production
> 
> in other words: i don't care what process after socket activation does,
> i just need to see in NMAP if the port is open cor closed through the
> firewall
> 
> udpsvd is a long running process which don't cale up to 2014 processes
> and seems to only support ipv4 as i can see in "ss"
> 
>> You can easily hack that up in C or some scripting language. I am not
>> aware of a ready-made tool that can do that for you, in particularly
>> of non that is capable of doing that for more than one listening UDP
>> socket at a time.
> well, not that easily obvious otherwise i would already have done, C is
> outside my scope, i don't find anything useful and there is nothing than
> ash on that system
> 
> i guess someone could up with a simple and tiny c code working with
> socket activation and doe snot more than singnal "yes, i am up and
> running" to any client, sadly i can't :-(

i found at least something useable at
https://www.abc.se/~m6695/udp.html, changed the port to 53 and nmap
responds with "53/udp open|filtered domain" instead "53/udp filtered domain"

if someone with C skills could extend this with a param for the port and
the code to marry it with systemd-socket-activation would be cool

wonder that the socket activation code has no option for debugging to do
this without a service and binary which could be exposed to the unit...

-------------------------------------------------

ExecStart=/etc/systemd/system/demo-udp-53.bin
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
User=nobody
Group=nobody

-------------------------------------------------

#include <arpa/inet.h>
#include <netinet/in.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>

#define BUFLEN 512
#define NPACK 10
#define PORT 53

void diep(char *s)
{
 perror(s);
 exit(1);
}

int main(void)
{
 struct sockaddr_in si_me, si_other;
 int s, i, slen=sizeof(si_other);
 char buf[BUFLEN];
 if ((s=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))==-1)
 diep("socket");
 memset((char *) &si_me, 0, sizeof(si_me));
 si_me.sin_family = AF_INET;
 si_me.sin_port = htons(PORT);
 si_me.sin_addr.s_addr = htonl(INADDR_ANY);
 if(bind(s, &si_me, sizeof(si_me))==-1)
 diep("bind");
 for (i=0; i<NPACK; i++)
 {
  if (recvfrom(s, buf, BUFLEN, 0, &si_other, &slen)==-1)
  diep("recvfrom()");
  printf("Received packet from %s:%d\nData: %s\n\n",
  inet_ntoa(si_other.sin_addr), ntohs(si_other.sin_port), buf);
 }
 close(s);
 return 0;
}

-------------------------------------------------

not sure about that compiler warnings, fixed some by add includes

demo-udp-53.c: In function 'main':
demo-udp-53.c:33:13: warning: passing argument 2 of 'bind' from
incompatible pointer type [-Wincompatible-pointer-types]
  if(bind(s, &si_me, sizeof(si_me))==-1)
             ^~~~~~
In file included from /usr/include/netinet/in.h:23,
                 from /usr/include/arpa/inet.h:22,
                 from demo-udp-53.c:3:
/usr/include/sys/socket.h:112:49: note: expected 'const struct sockaddr
*' but argument is of type 'struct sockaddr_in *'
 extern int bind (int __fd, __CONST_SOCKADDR_ARG __addr, socklen_t __len)
                                                 ^
demo-udp-53.c:37:35: warning: passing argument 5 of 'recvfrom' from
incompatible pointer type [-Wincompatible-pointer-types]
   if (recvfrom(s, buf, BUFLEN, 0, &si_other, &slen)==-1)
                                   ^~~~~~~~~
In file included from /usr/include/netinet/in.h:23,
                 from /usr/include/arpa/inet.h:22,
                 from demo-udp-53.c:3:
/usr/include/sys/socket.h:164:33: note: expected 'struct sockaddr *
restrict' but argument is of type 'struct sockaddr_in *'
     int __flags, __SOCKADDR_ARG __addr,

More information about the systemd-devel mailing list