>
> Yes, this would be an excellent addition. There is precedent on the
> fwknopd side of things to acquire SPA data via non-pcap means, and the
> safest right now - for those that consider linking against libpcap to be a
> security risk - is the UDP listener mode. I think reading from a log is
> another strategy that is right in line with this since fwknopd would not
> need to sniff the wire or listen on a socket. At the same time, it
> preserves the crypto model of SPA itself. The "single" part of SPA would
> not be preserved, but this is already the case with both the TCP and HTTP
> sending modes in the client.
>
> For implementation, on the server side, for Apache log reading mode we
> should skip linking against libpcap at compile time just as for the UDP
> listener mode.
>
Would we want this only available in a build that doesn't support pcap? I
can understand that it would be difficult to watch both a log and pcap at
the same time, but it would be useful for a single binary to support both
modes, depending on a flag in the config.
> For the client, I think we should probably leverage SSL/TLS via wget (when
> it supports it) just as for the IP resolution stuff instead of linking
> against an SSL library.
>
Wget is quite ubiquitous, and since we already use it, would be perfect.
> At least, this would be for the C client, but other clients could use
> different strategies. What would be the right way to do this in your
> Android client?
>
Android has a built-in http/https connection function. It should take a few
lines of code there to add https support.
>
> Would you like to open an issue on github on the fwknop repository for
> this feature? It would be nice to get this maybe even into 2.6.7.
>
I've opened issue #160 to track this.
Thanks,
Jonathan
> Thanks,
>
> --Mike
>
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
