'Re: [Fwknop-discuss] EXTERNAL_CMD functionality'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwknop-discuss
Subject:    Re: [Fwknop-discuss] EXTERNAL_CMD functionality
From:       Michael Rash <michael.rash () gmail ! com>
Date:       2015-04-03 12:50:41
Message-ID: CAA9wn8kxrOMbEgjr+JK_w1swTzvPi3337zF0nxeoOi1+HkE_=g () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Wed, Apr 1, 2015 at 9:22 AM, Trent Hampton <trenthampton@gmail.com>
wrote:

> Has any of the EXTERNAL_CMD functionality been implemented?
>


Hi Trent,

(Apologies for the delayed response.)



>
> I can see that fwknop with -C will send a command in a SPA packet and that
> incoming_spa.c looks to call run_extcmd but the documentation in
> fwknop.conf says that external command functionality is not yet implemented.
>

There are sort of two levels of the EXTERNAL_CMD functionality. The first
is just raw execution of a command that is specified by the client, and
this functionality is currently implemented. The second part is to have
fwknopd execute a command pair together with a timeout as an "open" and
"close" cycle. The goal of this feature is to allow people to change how
fwknopd interacts with the firewall (i.e. suppose you wanted to execute
firewall commands on a remote system via SSH with pre-shared keys, or any
number of other scenarios). This later functionality has not been
implemented yet.


>
> It also looks to me that the result 'res' from running the external
> command is ignored. Is this what happens after an external command is
> executed?
>
>
In the current fwknop-2.6.5 release, the command exit status is logged here:

https://github.com/mrash/fwknop/blob/master/server/incoming_spa.c#L905

fwknopd doesn't take any other action with the exit status (I'm not sure
what else it would do with this info, but I'm open to suggestions).

Thanks,

--Mike

[Attachment #5 (text/html)]

<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr \
1, 2015 at 9:22 AM, Trent Hampton <span dir="ltr">&lt;<a \
href="mailto:trenthampton@gmail.com" \
target="_blank">trenthampton@gmail.com</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div>Has any of the \
EXTERNAL_CMD functionality been implemented? \
<br></div></div></div></div></blockquote><div><br></div><div><br>Hi \
Trent,<br><br>(Apologies for the delayed response.)<br><br></div><div>  \
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px \
solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div><br></div>I \
can see that fwknop with -C will send a command in a SPA packet and that \
incoming_spa.c looks to call run_extcmd but the documentation in fwknop.conf says \
that external command functionality is not yet \
implemented.<br></div></div></div></blockquote><div><br>There are sort of two levels \
of the EXTERNAL_CMD functionality. The  first is just raw execution of a command that \
is specified by the  client, and this functionality is currently implemented. The \
second part is to have fwknopd execute a command pair together with a timeout as an \
&quot;open&quot; and &quot;close&quot; cycle. The goal of this feature is to allow \
people to change how fwknopd interacts with the firewall (i.e. suppose you wanted to \
execute firewall commands on a remote system via SSH with pre-shared keys, or any \
number of other scenarios). This later functionality has not been implemented \
yet.<br>  </div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div><div><br></div>It also looks to me that the result &#39;res&#39; from \
running the external command is ignored. Is this what happens after an external \
command is executed?<br><br></div></div></blockquote><div><br></div><div>In the \
current fwknop-2.6.5 release, the command exit status is logged here:<br><br><a \
href="https://github.com/mrash/fwknop/blob/master/server/incoming_spa.c#L905">https:// \
github.com/mrash/fwknop/blob/master/server/incoming_spa.c#L905</a><br><br></div><div>fwknopd \
doesn&#39;t take any other action with the exit status (I&#39;m not sure what else it \
would do with this info, but I&#39;m open to \
suggestions).<br><br></div><div>Thanks,<br><br></div><div>--Mike<br></div><br></div></div></div>




------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic