[systemd-devel] udp socket-activation "fake-service"
Reindl Harald
h.reindl at thelounge.net
Mon Mar 18 16:29:39 UTC 2019
Am 18.03.19 um 11:31 schrieb Reindl Harald:
> Am 18.03.19 um 10:54 schrieb Lennart Poettering:
>> I am not fully grokking what you are trying to do, but to recv UDP
>> dgrams you'd have to write a tiny program that calls recvfrom() (or a
>> similar syscall) on the sockets passed, and then replies to it with
>> sendto() (or a similar syscall), using the address of the source
>> (i.e. the struct sockaddr recvfrom() returns) to respond to the dgram.
>
> listen on UDP 1-1024 with socket activation to NMAP scan over ac omplete
> network (the dummy machine has all ip addresses from 2-254 in the /24)
> and verify a firewall setup which goes so 1:1 into production
>
> in other words: i don't care what process after socket activation does,
> i just need to see in NMAP if the port is open cor closed through the
> firewall
>
> udpsvd is a long running process which don't cale up to 2014 processes
> and seems to only support ipv4 as i can see in "ss"
>
>> You can easily hack that up in C or some scripting language. I am not
>> aware of a ready-made tool that can do that for you, in particularly
>> of non that is capable of doing that for more than one listening UDP
>> socket at a time.
> well, not that easily obvious otherwise i would already have done, C is
> outside my scope, i don't find anything useful and there is nothing than
> ash on that system
>
> i guess someone could up with a simple and tiny c code working with
> socket activation and doe snot more than singnal "yes, i am up and
> running" to any client, sadly i can't :-(
i found at least something useable at
https://www.abc.se/~m6695/udp.html, changed the port to 53 and nmap
responds with "53/udp open|filtered domain" instead "53/udp filtered domain"
if someone with C skills could extend this with a param for the port and
the code to marry it with systemd-socket-activation would be cool
wonder that the socket activation code has no option for debugging to do
this without a service and binary which could be exposed to the unit...
-------------------------------------------------
ExecStart=/etc/systemd/system/demo-udp-53.bin
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
User=nobody
Group=nobody
-------------------------------------------------
#include <arpa/inet.h>
#include <netinet/in.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#define BUFLEN 512
#define NPACK 10
#define PORT 53
void diep(char *s)
{
perror(s);
exit(1);
}
int main(void)
{
struct sockaddr_in si_me, si_other;
int s, i, slen=sizeof(si_other);
char buf[BUFLEN];
if ((s=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))==-1)
diep("socket");
memset((char *) &si_me, 0, sizeof(si_me));
si_me.sin_family = AF_INET;
si_me.sin_port = htons(PORT);
si_me.sin_addr.s_addr = htonl(INADDR_ANY);
if(bind(s, &si_me, sizeof(si_me))==-1)
diep("bind");
for (i=0; i<NPACK; i++)
{
if (recvfrom(s, buf, BUFLEN, 0, &si_other, &slen)==-1)
diep("recvfrom()");
printf("Received packet from %s:%d\nData: %s\n\n",
inet_ntoa(si_other.sin_addr), ntohs(si_other.sin_port), buf);
}
close(s);
return 0;
}
-------------------------------------------------
not sure about that compiler warnings, fixed some by add includes
demo-udp-53.c: In function 'main':
demo-udp-53.c:33:13: warning: passing argument 2 of 'bind' from
incompatible pointer type [-Wincompatible-pointer-types]
if(bind(s, &si_me, sizeof(si_me))==-1)
^~~~~~
In file included from /usr/include/netinet/in.h:23,
from /usr/include/arpa/inet.h:22,
from demo-udp-53.c:3:
/usr/include/sys/socket.h:112:49: note: expected 'const struct sockaddr
*' but argument is of type 'struct sockaddr_in *'
extern int bind (int __fd, __CONST_SOCKADDR_ARG __addr, socklen_t __len)
^
demo-udp-53.c:37:35: warning: passing argument 5 of 'recvfrom' from
incompatible pointer type [-Wincompatible-pointer-types]
if (recvfrom(s, buf, BUFLEN, 0, &si_other, &slen)==-1)
^~~~~~~~~
In file included from /usr/include/netinet/in.h:23,
from /usr/include/arpa/inet.h:22,
from demo-udp-53.c:3:
/usr/include/sys/socket.h:164:33: note: expected 'struct sockaddr *
restrict' but argument is of type 'struct sockaddr_in *'
int __flags, __SOCKADDR_ARG __addr,
More information about the systemd-devel
mailing list