* [PATCH xtables-addons 0/3] pknlusr improvements
@ 2020-10-22 17:30 Jeremy Sowden
2020-10-22 17:30 ` [PATCH xtables-addons 1/3] pknock: pknlusr: fix formatting Jeremy Sowden
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Jeremy Sowden @ 2020-10-22 17:30 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Devel
Since pknlusr is now installed, here are a few improvements.
Jeremy Sowden (3):
pknock: pknlusr: fix formatting.
pknock: pknlusr: fix hard-coded netlink multicast group ID.
pknock: pknlusr: add man-page.
extensions/pknock/Makefile.am | 2 ++
extensions/pknock/pknlusr.8 | 23 +++++++++++++++++++++++
extensions/pknock/pknlusr.c | 35 +++++++++++++++++++++++++++++++++--
3 files changed, 58 insertions(+), 2 deletions(-)
create mode 100644 extensions/pknock/pknlusr.8
--
2.28.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH xtables-addons 1/3] pknock: pknlusr: fix formatting.
2020-10-22 17:30 [PATCH xtables-addons 0/3] pknlusr improvements Jeremy Sowden
@ 2020-10-22 17:30 ` Jeremy Sowden
2020-10-22 17:30 ` [PATCH xtables-addons 2/3] pknock: pknlusr: fix hard-coded netlink multicast group ID Jeremy Sowden
2020-10-22 17:30 ` [PATCH xtables-addons 3/3] pknock: pknlusr: add man-page Jeremy Sowden
2 siblings, 0 replies; 8+ messages in thread
From: Jeremy Sowden @ 2020-10-22 17:30 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Devel
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
extensions/pknock/pknlusr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/extensions/pknock/pknlusr.c b/extensions/pknock/pknlusr.c
index 6153bf6de099..161a9610a018 100644
--- a/extensions/pknock/pknlusr.c
+++ b/extensions/pknock/pknlusr.c
@@ -76,7 +76,7 @@ int main(void)
return 1;
}
- nlmsg = (struct xt_pknock_nl_msg *) (buf + sizeof(struct cn_msg) + sizeof(struct nlmsghdr));
+ nlmsg = (struct xt_pknock_nl_msg *) (buf + sizeof(struct cn_msg) + sizeof(struct nlmsghdr));
ip = inet_ntop(AF_INET, &nlmsg->peer_ip, ipbuf, sizeof(ipbuf));
printf("rule_name: %s - ip %s\n", nlmsg->rule_name, ip);
--
2.28.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH xtables-addons 2/3] pknock: pknlusr: fix hard-coded netlink multicast group ID.
2020-10-22 17:30 [PATCH xtables-addons 0/3] pknlusr improvements Jeremy Sowden
2020-10-22 17:30 ` [PATCH xtables-addons 1/3] pknock: pknlusr: fix formatting Jeremy Sowden
@ 2020-10-22 17:30 ` Jeremy Sowden
2020-10-23 9:13 ` Jan Engelhardt
2020-10-22 17:30 ` [PATCH xtables-addons 3/3] pknock: pknlusr: add man-page Jeremy Sowden
2 siblings, 1 reply; 8+ messages in thread
From: Jeremy Sowden @ 2020-10-22 17:30 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Devel
The group ID used by xt_pknock is configurable, but pknlusr hard-codes
it to 1. Modify pknlusr to accept an optional ID from the command-line.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
extensions/pknock/pknlusr.c | 33 ++++++++++++++++++++++++++++++++-
1 file changed, 32 insertions(+), 1 deletion(-)
diff --git a/extensions/pknock/pknlusr.c b/extensions/pknock/pknlusr.c
index 161a9610a018..ca3af835c9a8 100644
--- a/extensions/pknock/pknlusr.c
+++ b/extensions/pknock/pknlusr.c
@@ -7,6 +7,8 @@
#include <arpa/inet.h>
#include <linux/netlink.h>
#include <linux/connector.h>
+#include <libgen.h>
+#include <limits.h>
#include "xt_pknock.h"
@@ -19,7 +21,19 @@ static unsigned char *buf;
static struct xt_pknock_nl_msg *nlmsg;
-int main(void)
+static void
+usage(const char *argv0)
+{
+ char *prog;
+ if (!(prog = strdup (argv0))) {
+ perror("strdup()");
+ } else {
+ fprintf(stderr, "%s [ group-id ]\n", basename(prog));
+ free(prog);
+ }
+}
+
+int main(int argc, char **argv)
{
socklen_t addrlen;
int status;
@@ -30,6 +44,23 @@ int main(void)
const char *ip;
char ipbuf[48];
+ if (argc > 2) {
+ usage(argv[0]);
+ exit(EXIT_FAILURE);
+ }
+
+ if (argc == 2) {
+ long n;
+ char *end;
+
+ n = strtol(argv[1], &end, 10);
+ if (*end || n < INT_MIN || n > INT_MAX) {
+ usage(argv[0]);
+ exit(EXIT_FAILURE);
+ }
+ group = n;
+ }
+
sock_fd = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR);
if (sock_fd == -1) {
--
2.28.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH xtables-addons 3/3] pknock: pknlusr: add man-page.
2020-10-22 17:30 [PATCH xtables-addons 0/3] pknlusr improvements Jeremy Sowden
2020-10-22 17:30 ` [PATCH xtables-addons 1/3] pknock: pknlusr: fix formatting Jeremy Sowden
2020-10-22 17:30 ` [PATCH xtables-addons 2/3] pknock: pknlusr: fix hard-coded netlink multicast group ID Jeremy Sowden
@ 2020-10-22 17:30 ` Jeremy Sowden
2020-10-23 9:24 ` Jan Engelhardt
2 siblings, 1 reply; 8+ messages in thread
From: Jeremy Sowden @ 2020-10-22 17:30 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Devel
Since pknlusr is now being installed, let's give it a man-page.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
extensions/pknock/Makefile.am | 2 ++
extensions/pknock/pknlusr.8 | 23 +++++++++++++++++++++++
2 files changed, 25 insertions(+)
create mode 100644 extensions/pknock/pknlusr.8
diff --git a/extensions/pknock/Makefile.am b/extensions/pknock/Makefile.am
index dcb3096afd35..fb419ede0d2b 100644
--- a/extensions/pknock/Makefile.am
+++ b/extensions/pknock/Makefile.am
@@ -6,3 +6,5 @@ AM_CFLAGS = ${regular_CFLAGS} ${libxtables_CFLAGS}
include ../../Makefile.extra
sbin_PROGRAMS = pknlusr
+
+dist_man8_MANS = pknlusr.8
diff --git a/extensions/pknock/pknlusr.8 b/extensions/pknock/pknlusr.8
new file mode 100644
index 000000000000..da8798a463db
--- /dev/null
+++ b/extensions/pknock/pknlusr.8
@@ -0,0 +1,23 @@
+.TH pknlusr 8 "2020-10-22" "xtables-addons" "xtables-addons"
+.
+.SH NAME
+pknlusr \- userspace monitor for successful xt_pknock matches
+.
+.SH SYNOPSIS
+.SY pknlusr
+.RI [ group-id ]
+.YS
+.
+.SH DESCRIPTION
+\fIxt_pknock\fP is an xtables match extension that implements so-called \fIport
+knocking\fP. It can be configured to send information about each successful
+match via a netlink socket to userspace. \fBpknluser\fP listens for these
+notifications.
+.
+.SH OPTIONS
+.TP 9
+.B group-id
+The ID of the netlink multicast group used by \fIxt_pknock\fP. Defaults to \fB1\fP.
+.
+.SH SEE ALSO
+.IR xtables-addons (8)
--
2.28.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH xtables-addons 2/3] pknock: pknlusr: fix hard-coded netlink multicast group ID.
2020-10-22 17:30 ` [PATCH xtables-addons 2/3] pknock: pknlusr: fix hard-coded netlink multicast group ID Jeremy Sowden
@ 2020-10-23 9:13 ` Jan Engelhardt
2020-10-25 10:58 ` Jeremy Sowden
0 siblings, 1 reply; 8+ messages in thread
From: Jan Engelhardt @ 2020-10-23 9:13 UTC (permalink / raw)
To: Jeremy Sowden; +Cc: Netfilter Devel
On Thursday 2020-10-22 19:30, Jeremy Sowden wrote:
>The group ID used by xt_pknock is configurable, but pknlusr hard-codes
>it to 1. Modify pknlusr to accept an optional ID from the command-line.
According to netlink(7), that is not a group ID but a bitmask of groups.
That changes the semantic quite significantly and would make this patch faulty.
>+ n = strtol(argv[1], &end, 10);
>+ if (*end || n < INT_MIN || n > INT_MAX) {
>+ usage(argv[0]);
>+ exit(EXIT_FAILURE);
>+ }
It's a u32. It can never be less than 0, but it can very well be more than
INT_MAX.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH xtables-addons 3/3] pknock: pknlusr: add man-page.
2020-10-22 17:30 ` [PATCH xtables-addons 3/3] pknock: pknlusr: add man-page Jeremy Sowden
@ 2020-10-23 9:24 ` Jan Engelhardt
2020-10-25 10:59 ` Jeremy Sowden
0 siblings, 1 reply; 8+ messages in thread
From: Jan Engelhardt @ 2020-10-23 9:24 UTC (permalink / raw)
To: Jeremy Sowden; +Cc: Netfilter Devel
On Thursday 2020-10-22 19:30, Jeremy Sowden wrote:
>Since pknlusr is now being installed, let's give it a man-page.
There's a lot of.. markup I have never seen before (and thus did not feel would
be necessary).
I pushed a shortened version; if anything should be different, please send more
patches on top. Thanks!
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH xtables-addons 2/3] pknock: pknlusr: fix hard-coded netlink multicast group ID.
2020-10-23 9:13 ` Jan Engelhardt
@ 2020-10-25 10:58 ` Jeremy Sowden
0 siblings, 0 replies; 8+ messages in thread
From: Jeremy Sowden @ 2020-10-25 10:58 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Devel
[-- Attachment #1: Type: text/plain, Size: 461 bytes --]
On 2020-10-23, at 11:13:45 +0200, Jan Engelhardt wrote:
> On Thursday 2020-10-22 19:30, Jeremy Sowden wrote:
> > The group ID used by xt_pknock is configurable, but pknlusr
> > hard-codes it to 1. Modify pknlusr to accept an optional ID from
> > the command-line.
>
> According to netlink(7), that is not a group ID but a bitmask of
> groups. That changes the semantic quite significantly and would make
> this patch faulty.
Yup, v2 will follow shortly.
J.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH xtables-addons 3/3] pknock: pknlusr: add man-page.
2020-10-23 9:24 ` Jan Engelhardt
@ 2020-10-25 10:59 ` Jeremy Sowden
0 siblings, 0 replies; 8+ messages in thread
From: Jeremy Sowden @ 2020-10-25 10:59 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Devel
[-- Attachment #1: Type: text/plain, Size: 587 bytes --]
On 2020-10-23, at 11:24:16 +0200, Jan Engelhardt wrote:
> On Thursday 2020-10-22 19:30, Jeremy Sowden wrote:
> > Since pknlusr is now being installed, let's give it a man-page.
>
> There's a lot of.. markup I have never seen before (and thus did not
> feel would be necessary).
First man-page I've written from scratch in roff. I used the
groff_man(7) man-page as a reference.
> I pushed a shortened version; if anything should be different, please
> send more patches on top.
No problem with the man-page itself, but the patch to Makefile.am isn't
quite right. Will fix in v2.
J.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-10-25 10:59 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-22 17:30 [PATCH xtables-addons 0/3] pknlusr improvements Jeremy Sowden
2020-10-22 17:30 ` [PATCH xtables-addons 1/3] pknock: pknlusr: fix formatting Jeremy Sowden
2020-10-22 17:30 ` [PATCH xtables-addons 2/3] pknock: pknlusr: fix hard-coded netlink multicast group ID Jeremy Sowden
2020-10-23 9:13 ` Jan Engelhardt
2020-10-25 10:58 ` Jeremy Sowden
2020-10-22 17:30 ` [PATCH xtables-addons 3/3] pknock: pknlusr: add man-page Jeremy Sowden
2020-10-23 9:24 ` Jan Engelhardt
2020-10-25 10:59 ` Jeremy Sowden
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).