Am 18.03.19 um 17:29 schrieb Reindl Harald: > Am 18.03.19 um 11:31 schrieb Reindl Harald: >> Am 18.03.19 um 10:54 schrieb Lennart Poettering: >>> I am not fully grokking what you are trying to do, but to recv UDP >>> dgrams you'd have to write a tiny program that calls recvfrom() (or a >>> similar syscall) on the sockets passed, and then replies to it with >>> sendto() (or a similar syscall), using the address of the source >>> (i.e. the struct sockaddr recvfrom() returns) to respond to the dgram. >> >> listen on UDP 1-1024 with socket activation to NMAP scan over ac omplete >> network (the dummy machine has all ip addresses from 2-254 in the /24) >> and verify a firewall setup which goes so 1:1 into production >> >> in other words: i don't care what process after socket activation does, >> i just need to see in NMAP if the port is open cor closed through the >> firewall FWIW attached the c-code, a sample socket/service and php code which deals with the fact that systemd activation obviously don't buffer and forward already received packets after spawn up the service that "RuntimeMaxSec=1" has no option to not fail but just stop the service isn't that funny but it works for the usecase
Attachment:
check.php
Description: application/php
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <systemd/sd-daemon.h>
#define MAXLINE 1024
int main()
{
if(sd_listen_fds(0) != 1)
{
fprintf(stderr, "No or too many file descriptors received\n");
exit(EXIT_FAILURE);
}
int len;
int sockfd;
char buffer[MAXLINE];
char *pong = "PONG\n";
struct sockaddr_in6 servaddr, cliaddr;
sockfd = SD_LISTEN_FDS_START + 0;
memset(&servaddr, 0, sizeof(servaddr));
memset(&cliaddr, 0, sizeof(cliaddr));
while(1)
{
recvfrom(sockfd, (char *)buffer, MAXLINE, MSG_WAITALL, (struct sockaddr *) &cliaddr, &len);
sendto(sockfd, (const char *)pong, strlen(pong), MSG_CONFIRM, (const struct sockaddr *) &cliaddr, len);
}
}
[Unit] Description=Demo UDP Server StartLimitIntervalSec=1 StartLimitBurst=5 [Service] Type=simple ExecStart=/etc/systemd/system/demo-udp-systemd-activation.bin RuntimeMaxSec=1 StandardOutput=null StandardError=null User=nobody Group=nobody LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=strict RestrictAddressFamilies=AF_INET AF_INET6 AF_LOCAL AF_UNIX AF_NETLINK RestrictNamespaces=yes RestrictRealtime=yes SystemCallArchitectures=native SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap ReadWritePaths=-/run ReadWritePaths=-/tmp
[Unit] Description=Demo UDP 172.16.0.4:53 Socket StartLimitIntervalSec=1 StartLimitBurst=5 [Socket] ListenDatagram=172.16.0.4:53 [Install] WantedBy=sockets.target
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
