Don't make it Apache only, think about other Web services like nginx and
lighttpd.
maybe just `tail` a file and look for predefine string or a regex which is
configure in fwknopd.conf.
--
Rabin
On Sun, Jun 28, 2015 at 3:32 PM, Michael Rash <[email protected]>
wrote:
>
>
> On Sun, Jun 28, 2015 at 1:01 AM, Jonathan Bennett <[email protected]>
> wrote:
>
>> Yes, this would be an excellent addition. There is precedent on the
>>> fwknopd side of things to acquire SPA data via non-pcap means, and the
>>> safest right now - for those that consider linking against libpcap to be a
>>> security risk - is the UDP listener mode. I think reading from a log is
>>> another strategy that is right in line with this since fwknopd would not
>>> need to sniff the wire or listen on a socket. At the same time, it
>>> preserves the crypto model of SPA itself. The "single" part of SPA would
>>> not be preserved, but this is already the case with both the TCP and HTTP
>>> sending modes in the client.
>>>
>>> For implementation, on the server side, for Apache log reading mode we
>>> should skip linking against libpcap at compile time just as for the UDP
>>> listener mode.
>>>
>>
>> Would we want this only available in a build that doesn't support pcap? I
>> can understand that it would be difficult to watch both a log and pcap at
>> the same time, but it would be useful for a single binary to support both
>> modes, depending on a flag in the config.
>>
>
> Ok, agreed that it would be nice to support reading from the Apache log in
> the default build of fwknop depending on a config flag. Some users may want
> to enable this mode, but also not link against libpcap at the same time.
> So, what we could do is add a new argument --without-libpcap to disable
> linking against libpcap to the autoconf script. This way, those users who
> are willing to recompile can have a non-libpcap version of fwknopd, but
> everyone else can have the ability to read from the Apache log if they want
> it by default. Actually this same stance should be extended to the UDP
> server mode too. This should satisfy both camps and provide the greatest
> usability at the same time.
>
>
>>
>>
>>> For the client, I think we should probably leverage SSL/TLS via wget
>>> (when it supports it) just as for the IP resolution stuff instead of
>>> linking against an SSL library.
>>>
>> Wget is quite ubiquitous, and since we already use it, would be perfect.
>>
>
> Agreed.
>
>
>>
>>
>>> At least, this would be for the C client, but other clients could use
>>> different strategies. What would be the right way to do this in your
>>> Android client?
>>>
>> Android has a built-in http/https connection function. It should take a
>> few lines of code there to add https support.
>>
>
> Excellent.
>
>
>>
>>> Would you like to open an issue on github on the fwknop repository for
>>> this feature? It would be nice to get this maybe even into 2.6.7.
>>>
>> I've opened issue #160 to track this.
>>
>
> Cool. I'll try to get this into 2.6.7.
>
> --Mike
>
>
>
>>
>> Thanks,
>> Jonathan
>>
>>
>>
>>> Thanks,
>>>
>>> --Mike
>>>
>>
>
>
> --
> Michael Rash | Founder
> http://www.cipherdyne.org/
> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
>
>
> ------------------------------------------------------------------------------
> Monitor 25 network devices or servers for free with OpManager!
> OpManager is web-based network management software that monitors
> network devices and physical & virtual servers, alerts via email & sms
> for fault. Monitor 25 devices for free with no restriction. Download now
> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
> _______________________________________________
> Fwknop-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>
>
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
