Am 18.03.19 um 11:31 schrieb Reindl Harald: > Am 18.03.19 um 10:54 schrieb Lennart Poettering: >> I am not fully grokking what you are trying to do, but to recv UDP >> dgrams you'd have to write a tiny program that calls recvfrom() (or a >> similar syscall) on the sockets passed, and then replies to it with >> sendto() (or a similar syscall), using the address of the source >> (i.e. the struct sockaddr recvfrom() returns) to respond to the dgram. > > listen on UDP 1-1024 with socket activation to NMAP scan over ac omplete > network (the dummy machine has all ip addresses from 2-254 in the /24) > and verify a firewall setup which goes so 1:1 into production > > in other words: i don't care what process after socket activation does, > i just need to see in NMAP if the port is open cor closed through the > firewall > > udpsvd is a long running process which don't cale up to 2014 processes > and seems to only support ipv4 as i can see in "ss" > >> You can easily hack that up in C or some scripting language. I am not >> aware of a ready-made tool that can do that for you, in particularly >> of non that is capable of doing that for more than one listening UDP >> socket at a time. > well, not that easily obvious otherwise i would already have done, C is > outside my scope, i don't find anything useful and there is nothing than > ash on that system > > i guess someone could up with a simple and tiny c code working with > socket activation and doe snot more than singnal "yes, i am up and > running" to any client, sadly i can't :-( i found at least something useable at https://www.abc.se/~m6695/udp.html, changed the port to 53 and nmap responds with "53/udp open|filtered domain" instead "53/udp filtered domain" if someone with C skills could extend this with a param for the port and the code to marry it with systemd-socket-activation would be cool wonder that the socket activation code has no option for debugging to do this without a service and binary which could be exposed to the unit... ------------------------------------------------- ExecStart=/etc/systemd/system/demo-udp-53.bin CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE User=nobody Group=nobody ------------------------------------------------- #include <arpa/inet.h> #include <netinet/in.h> #include <stdio.h> #include <sys/types.h> #include <sys/socket.h> #include <unistd.h> #include <string.h> #include <stdlib.h> #define BUFLEN 512 #define NPACK 10 #define PORT 53 void diep(char *s) { perror(s); exit(1); } int main(void) { struct sockaddr_in si_me, si_other; int s, i, slen=sizeof(si_other); char buf[BUFLEN]; if ((s=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))==-1) diep("socket"); memset((char *) &si_me, 0, sizeof(si_me)); si_me.sin_family = AF_INET; si_me.sin_port = htons(PORT); si_me.sin_addr.s_addr = htonl(INADDR_ANY); if(bind(s, &si_me, sizeof(si_me))==-1) diep("bind"); for (i=0; i<NPACK; i++) { if (recvfrom(s, buf, BUFLEN, 0, &si_other, &slen)==-1) diep("recvfrom()"); printf("Received packet from %s:%d\nData: %s\n\n", inet_ntoa(si_other.sin_addr), ntohs(si_other.sin_port), buf); } close(s); return 0; } ------------------------------------------------- not sure about that compiler warnings, fixed some by add includes demo-udp-53.c: In function 'main': demo-udp-53.c:33:13: warning: passing argument 2 of 'bind' from incompatible pointer type [-Wincompatible-pointer-types] if(bind(s, &si_me, sizeof(si_me))==-1) ^~~~~~ In file included from /usr/include/netinet/in.h:23, from /usr/include/arpa/inet.h:22, from demo-udp-53.c:3: /usr/include/sys/socket.h:112:49: note: expected 'const struct sockaddr *' but argument is of type 'struct sockaddr_in *' extern int bind (int __fd, __CONST_SOCKADDR_ARG __addr, socklen_t __len) ^ demo-udp-53.c:37:35: warning: passing argument 5 of 'recvfrom' from incompatible pointer type [-Wincompatible-pointer-types] if (recvfrom(s, buf, BUFLEN, 0, &si_other, &slen)==-1) ^~~~~~~~~ In file included from /usr/include/netinet/in.h:23, from /usr/include/arpa/inet.h:22, from demo-udp-53.c:3: /usr/include/sys/socket.h:164:33: note: expected 'struct sockaddr * restrict' but argument is of type 'struct sockaddr_in *' int __flags, __SOCKADDR_ARG __addr, _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: udp socket-activation "fake-service"
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: udp socket-activation "fake-service"
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Date: Mon, 18 Mar 2019 17:29:39 +0100
- In-reply-to: <04f2fa75-53c9-1195-f06b-813a3d48a1e9@thelounge.net>
- Openpgp: id=9D2B46CDBC140A36753AE4D733174D5A5892B7B8; url=https://arrakis-tls.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt
- Organization: the lounge interactive design
- References: <d3a75564-e15d-dc86-9b0a-2f51b6bce4a5@thelounge.net> <20190318095434.GA8864@gardel-login> <04f2fa75-53c9-1195-f06b-813a3d48a1e9@thelounge.net>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
- Follow-Ups:
- Re: udp socket-activation "fake-service"
- From: Reindl Harald
- Re: udp socket-activation "fake-service"
- References:
- udp socket-activation "fake-service"
- From: Reindl Harald
- Re: udp socket-activation "fake-service"
- From: Lennart Poettering
- Re: udp socket-activation "fake-service"
- From: Reindl Harald
- udp socket-activation "fake-service"
- Prev by Date: Re: system-wide MemoryMax - possible?
- Next by Date: Why ExecStop when service receives SIGTERM?
- Previous by thread: Re: udp socket-activation "fake-service"
- Next by thread: Re: udp socket-activation "fake-service"
- Index(es):
 |