> On Jun 28, 2015, at 8:45 AM, Rabin Yasharzadehe <[email protected]> wrote:
>
> Don't make it Apache only, think about other Web services like nginx and
> lighttpd.
> maybe just `tail` a file and look for predefine string or a regex which is
> configure in fwknopd.conf.
>
Agreed, we'll support more than Apache with a strategy like this.
Thanks,
Mike
>
>
> --
> Rabin
>
>> On Sun, Jun 28, 2015 at 3:32 PM, Michael Rash <[email protected]> wrote:
>>
>>
>> On Sun, Jun 28, 2015 at 1:01 AM, Jonathan Bennett <[email protected]>
>> wrote:
>>>> Yes, this would be an excellent addition. There is precedent on the
>>>> fwknopd side of things to acquire SPA data via non-pcap means, and the
>>>> safest right now - for those that consider linking against libpcap to be a
>>>> security risk - is the UDP listener mode. I think reading from a log is
>>>> another strategy that is right in line with this since fwknopd would not
>>>> need to sniff the wire or listen on a socket. At the same time, it
>>>> preserves the crypto model of SPA itself. The "single" part of SPA would
>>>> not be preserved, but this is already the case with both the TCP and HTTP
>>>> sending modes in the client.
>>>>
>>>> For implementation, on the server side, for Apache log reading mode we
>>>> should skip linking against libpcap at compile time just as for the UDP
>>>> listener mode.
>>>
>>> Would we want this only available in a build that doesn't support pcap? I
>>> can understand that it would be difficult to watch both a log and pcap at
>>> the same time, but it would be useful for a single binary to support both
>>> modes, depending on a flag in the config.
>>
>> Ok, agreed that it would be nice to support reading from the Apache log in
>> the default build of fwknop depending on a config flag. Some users may want
>> to enable this mode, but also not link against libpcap at the same time. So,
>> what we could do is add a new argument --without-libpcap to disable linking
>> against libpcap to the autoconf script. This way, those users who are
>> willing to recompile can have a non-libpcap version of fwknopd, but everyone
>> else can have the ability to read from the Apache log if they want it by
>> default. Actually this same stance should be extended to the UDP server mode
>> too. This should satisfy both camps and provide the greatest usability at
>> the same time.
>>
>>>
>>>> For the client, I think we should probably leverage SSL/TLS via wget (when
>>>> it supports it) just as for the IP resolution stuff instead of linking
>>>> against an SSL library.
>>>
>>> Wget is quite ubiquitous, and since we already use it, would be perfect.
>>
>> Agreed.
>>
>>>
>>>> At least, this would be for the C client, but other clients could use
>>>> different strategies. What would be the right way to do this in your
>>>> Android client?
>>>
>>> Android has a built-in http/https connection function. It should take a few
>>> lines of code there to add https support.
>>
>> Excellent.
>>
>>>>
>>>> Would you like to open an issue on github on the fwknop repository for
>>>> this feature? It would be nice to get this maybe even into 2.6.7.
>>>
>>> I've opened issue #160 to track this.
>>
>> Cool. I'll try to get this into 2.6.7.
>>
>> --Mike
>>
>>
>>>
>>> Thanks,
>>> Jonathan
>>>
>>>
>>>> Thanks,
>>>>
>>>> --Mike
>>
>>
>>
>> --
>> Michael Rash | Founder
>> http://www.cipherdyne.org/
>> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
>>
>> ------------------------------------------------------------------------------
>> Monitor 25 network devices or servers for free with OpManager!
>> OpManager is web-based network management software that monitors
>> network devices and physical & virtual servers, alerts via email & sms
>> for fault. Monitor 25 devices for free with no restriction. Download now
>> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
>> _______________________________________________
>> Fwknop-discuss mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
