Am 18.03.19 um 10:54 schrieb Lennart Poettering: > On Sa, 16.03.19 05:52, Reindl Harald (h.reindl@xxxxxxxxxxxxx) wrote: > >> Hi >> >> for a firewall development setup (nested virtualization) i have running >> a tcp service like below on a VM liesting on a complete /24 network >> behind a NAT >> >> >> with "udpsvd" at least something works for "nmap -p 53 -sU -P0 host" on >> a single port and always running - is there some way to get a similar >> udp service? >> >> "ListenDatagram=53" works only without "Accept=yes" and without a >> template-serivce but even then it's finally failing >> >> goal would be listening on at least port 53 or better a ton of ports for >> udp to run port-scans and validate the fiewall ruleset without a ton of >> persistent running udpsvd-processes > > I am not fully grokking what you are trying to do, but to recv UDP > dgrams you'd have to write a tiny program that calls recvfrom() (or a > similar syscall) on the sockets passed, and then replies to it with > sendto() (or a similar syscall), using the address of the source > (i.e. the struct sockaddr recvfrom() returns) to respond to the dgram. listen on UDP 1-1024 with socket activation to NMAP scan over ac omplete network (the dummy machine has all ip addresses from 2-254 in the /24) and verify a firewall setup which goes so 1:1 into production in other words: i don't care what process after socket activation does, i just need to see in NMAP if the port is open cor closed through the firewall udpsvd is a long running process which don't cale up to 2014 processes and seems to only support ipv4 as i can see in "ss" > You can easily hack that up in C or some scripting language. I am not > aware of a ready-made tool that can do that for you, in particularly > of non that is capable of doing that for more than one listening UDP > socket at a time. well, not that easily obvious otherwise i would already have done, C is outside my scope, i don't find anything useful and there is nothing than ash on that system i guess someone could up with a simple and tiny c code working with socket activation and doe snot more than singnal "yes, i am up and running" to any client, sadly i can't :-( _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: udp socket-activation "fake-service"
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: udp socket-activation "fake-service"
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Date: Mon, 18 Mar 2019 11:31:20 +0100
- In-reply-to: <20190318095434.GA8864@gardel-login>
- Openpgp: id=9D2B46CDBC140A36753AE4D733174D5A5892B7B8; url=https://arrakis-tls.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt
- Organization: the lounge interactive design
- References: <d3a75564-e15d-dc86-9b0a-2f51b6bce4a5@thelounge.net> <20190318095434.GA8864@gardel-login>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
- Follow-Ups:
- Re: udp socket-activation "fake-service"
- From: Reindl Harald
- Re: udp socket-activation "fake-service"
- References:
- udp socket-activation "fake-service"
- From: Reindl Harald
- Re: udp socket-activation "fake-service"
- From: Lennart Poettering
- udp socket-activation "fake-service"
- Prev by Date: Re: system-wide MemoryMax - possible?
- Next by Date: Re: system-wide MemoryMax - possible?
- Previous by thread: Re: udp socket-activation "fake-service"
- Next by thread: Re: udp socket-activation "fake-service"
- Index(es):
 |