Server: Removes the dedicated tcp server code

server/Makefile.am

@@ -6,7 +6,7 @@ BASE_SOURCE_FILES   = fwknopd.h config_init.c config_init.h \
                       process_packet.h log_msg.c log_msg.h utils.c utils.h \
                       sig_handler.c sig_handler.h replay_cache.c replay_cache.h \
                       access.c access.h fwknopd_errors.c fwknopd_errors.h \
-                      tcp_server.c tcp_server.h udp_server.c udp_server.h \
+                      udp_server.c udp_server.h \
                       fw_util.c fw_util.h fw_util_ipf.c fw_util_ipf.h \
                       fw_util_firewalld.c fw_util_firewalld.h \
                       fw_util_iptables.c fw_util_iptables.h \

server/cmd_opts.h

@@ -56,8 +56,6 @@ static char *config_map[NUMBER_OF_CONFIG_ENTRIES] = {
     "CMD_EXEC_TIMEOUT",
     //"BLACKLIST",
     "ENABLE_SPA_OVER_HTTP",
-    "ENABLE_TCP_SERVER",
-    "TCPSERV_PORT",
     "ENABLE_UDP_SERVER",
     "UDPSERV_PORT",
     "UDPSERV_SELECT_TIMEOUT",

server/config_init.c

@@ -157,9 +157,6 @@ validate_int_var_ranges(fko_srv_options_t *opts)
     opts->rules_chk_threshold = range_check(opts,
             "RULES_CHECK_THRESHOLD", opts->config[CONF_RULES_CHECK_THRESHOLD],
             0, RCHK_MAX_RULES_CHECK_THRESHOLD);
-    opts->tcpserv_port = range_check(opts,
-            "TCPSERV_PORT", opts->config[CONF_TCPSERV_PORT],
-            1, RCHK_MAX_TCPSERV_PORT);
     opts->udpserv_port = range_check(opts,
             "UDPSERV_PORT", opts->config[CONF_UDPSERV_PORT],
             1, RCHK_MAX_UDPSERV_PORT);
@@ -912,16 +909,6 @@ validate_options(fko_srv_options_t *opts)
         set_config_entry(opts, CONF_ENABLE_SPA_OVER_HTTP,
             DEF_ENABLE_SPA_OVER_HTTP);
 
-    /* Enable TCP server.
-    */
-    if(opts->config[CONF_ENABLE_TCP_SERVER] == NULL)
-        set_config_entry(opts, CONF_ENABLE_TCP_SERVER, DEF_ENABLE_TCP_SERVER);
-
-    /* TCP Server port.
-    */
-    if(opts->config[CONF_TCPSERV_PORT] == NULL)
-        set_config_entry(opts, CONF_TCPSERV_PORT, DEF_TCPSERV_PORT);
-
 #if USE_LIBNETFILTER_QUEUE
     /* Enable NFQ Capture
     */

server/fwknopd.c

@@ -34,7 +34,6 @@
 #include "fw_util.h"
 #include "sig_handler.h"
 #include "replay_cache.h"
-#include "tcp_server.h"
 #include "udp_server.h"
 
 #if USE_LIBNETFILTER_QUEUE
@@ -270,23 +269,6 @@ main(int argc, char **argv)
             }
         }
 
-        /* If the TCP server option was set, fire it up here. Note that in
-         * this mode, fwknopd still acquires SPA packets via libpcap. If you
-         * want to use UDP only without the libpcap dependency, then fwknop
-         * needs to be compiled with --enable-udp-server. Note that the UDP
-         * server can be run even when fwknopd links against libpcap as well,
-         * but there is no reason to link against it if SPA packets are
-         * always going to be acquired via a UDP socket.
-        */
-        if(strncasecmp(opts.config[CONF_ENABLE_TCP_SERVER], "Y", 1) == 0)
-        {
-            if(run_tcp_server(&opts) < 0)
-            {
-                log_msg(LOG_ERR, "Fatal run_tcp_server() error");
-                clean_exit(&opts, FW_CLEANUP, EXIT_FAILURE);
-            }
-        }
-
 #if USE_LIBPCAP
         /* Intiate pcap capture mode...
         */
@@ -311,23 +293,6 @@ main(int argc, char **argv)
 
     log_msg(LOG_INFO, "Shutting Down fwknopd.");
 
-    /* Kill the TCP server (if we have one running).
-    */
-    if(opts.tcp_server_pid > 0)
-    {
-        log_msg(LOG_INFO, "Killing the TCP server (pid=%i)",
-            opts.tcp_server_pid);
-
-        kill(opts.tcp_server_pid, SIGTERM);
-
-        /* --DSS XXX: This seems to be necessary if the tcp server
-         *            was restarted by this program. We need to
-         *            investigate and fix this. For now, this works
-         *            (it is kludgy, but does no harm afaik).
-        */
-        kill(opts.tcp_server_pid, SIGKILL);
-    }
-
     clean_exit(&opts, FW_CLEANUP, EXIT_SUCCESS);
 
     return(EXIT_SUCCESS);  /* This never gets called */
@@ -609,8 +574,6 @@ static int handle_signals(fko_srv_options_t *opts)
         {
             log_msg(LOG_WARNING, "Got SIGHUP. Re-reading configs.");
             free_configs(opts);
-            if(opts->tcp_server_pid > 0)
-                kill(opts->tcp_server_pid, SIGTERM);
             usleep(1000000);
             got_sighup = 0;
             rv = 0;  /* this means fwknopd will not exit */

server/fwknopd.conf

@@ -158,19 +158,6 @@
 #
 #ENABLE_RULE_PREPEND         N;
 
-# Enable the fwknopd TCP server.  This is a "dummy" TCP server that will
-# accept TCP connection requests on the specified TCPSERV_PORT.
-# If set to "Y", fwknopd will fork off a child process to listen for and
-# accept incoming TCP requests.  This server only accepts the
-# request.  It does not otherwise communicate. This is only to allow the
-# incoming SPA over TCP packet which is detected via PCAP. The connection
-# is closed after 1 second regardless.
-# Note that fwknopd still only gets its data via pcap, so the filter
-# defined by PCAP_FILTER needs to be updated to include this TCP port.
-#
-#ENABLE_TCP_SERVER           N;
-#TCPSERV_PORT                62201;
-
 # Set/override the locale (via the LC_ALL locale category).  Leave this
 # entry commented out to  have fwknopd honor the default system locale.
 #

server/fwknopd_common.h

@@ -108,8 +108,6 @@
   #define DEF_SUDO_EXE                   "/usr/bin/sudo"
 #endif
 #define DEF_ENABLE_SPA_OVER_HTTP        "N"
-#define DEF_ENABLE_TCP_SERVER           "N"
-#define DEF_TCPSERV_PORT                "62201"
 #if USE_LIBPCAP
   #define DEF_ENABLE_UDP_SERVER           "N"
 #else
@@ -138,7 +136,6 @@
 #define RCHK_MAX_PCAP_LOOP_SLEEP        (2 << 22)
 #define RCHK_MAX_SPA_PACKET_AGE         100000  /* seconds, can disable */
 #define RCHK_MAX_SNIFF_BYTES            (2 << 14)
-#define RCHK_MAX_TCPSERV_PORT           ((2 << 16) - 1)
 #define RCHK_MAX_UDPSERV_PORT           ((2 << 16) - 1)
 #define RCHK_MAX_UDPSERV_SELECT_TIMEOUT (2 << 22)
 #define RCHK_MAX_PCAP_DISPATCH_COUNT    (2 << 22)
@@ -256,8 +253,6 @@ enum {
     CONF_CMD_EXEC_TIMEOUT,
     //CONF_BLACKLIST,
     CONF_ENABLE_SPA_OVER_HTTP,
-    CONF_ENABLE_TCP_SERVER,
-    CONF_TCPSERV_PORT,
     CONF_ENABLE_UDP_SERVER,
     CONF_UDPSERV_PORT,
     CONF_UDPSERV_SELECT_TIMEOUT,
@@ -667,7 +662,6 @@ typedef struct fko_srv_options
     unsigned char   pcap_any_direction;
 
     int             data_link_offset;
-    int             tcp_server_pid;
     int             lock_fd;
 
     /* Values used in --key-gen mode only
@@ -697,7 +691,6 @@ typedef struct fko_srv_options
     /* Data elements that are derived from configuration entries - avoids
      * calling strtol_wrapper() after the config is parsed.
     */
-    unsigned short tcpserv_port;
     unsigned short udpserv_port;
     int            udpserv_select_timeout;
     int            rules_chk_threshold;

server/nfq_capture.c

@@ -36,7 +36,6 @@
 #include "log_msg.h"
 #include "fwknopd_errors.h"
 #include "sig_handler.h"
-#include "tcp_server.h"
 #include <fcntl.h>
 #if HAVE_SYS_WAIT_H
   #include <sys/wait.h>
@@ -171,37 +170,6 @@ nfq_capture(fko_srv_options_t *opts)
     */
     while(1)
     {
-        /* If we got a SIGCHLD and it was the tcp server, then handle it here.
-        ** XXX: --DSS Do we need this here?  I'm guessing we would not be using
-        **            the TCP server in NF_QUEUE capture mode.
-        */
-        if(got_sigchld)
-        {
-            if(opts->tcp_server_pid > 0)
-            {
-                child_pid = waitpid(0, &status, WNOHANG);
-
-                if(child_pid == opts->tcp_server_pid)
-                {
-                    if(WIFSIGNALED(status))
-                        log_msg(LOG_WARNING, "TCP server got signal: %i",  WTERMSIG(status));
-
-                    log_msg(LOG_WARNING,
-                        "TCP server exited with status of %i. Attempting restart.",
-                        WEXITSTATUS(status)
-                    );
-
-                    opts->tcp_server_pid = 0;
-
-                    /* Attempt to restart tcp server ? */
-                    usleep(1000000);
-                    run_tcp_server(opts);
-                }
-            }
-
-            got_sigchld = 0;
-        }
-
         /* Any signal except USR1, USR2, and SIGCHLD mean break the loop.
         */
         if(got_signal != 0)

server/pcap_capture.c

@@ -41,7 +41,6 @@
 #include "log_msg.h"
 #include "fwknopd_errors.h"
 #include "sig_handler.h"
-#include "tcp_server.h"
 
 #if HAVE_SYS_WAIT_H
   #include <sys/wait.h>
@@ -63,9 +62,7 @@ pcap_capture(fko_srv_options_t *opts)
     int                 promisc = 0;
     int                 set_direction = 1;
     int                 pcap_file_mode = 0;
-    int                 status;
     int                 chk_rm_all = 0;
-    pid_t               child_pid;
 
 #if FIREWALL_IPFW
     time_t              now;
@@ -189,34 +186,6 @@ pcap_capture(fko_srv_options_t *opts)
     */
     while(1)
     {
-        /* If we got a SIGCHLD and it was the tcp server, then handle it here.
-        */
-        if(got_sigchld)
-        {
-            if(opts->tcp_server_pid > 0)
-            {
-                child_pid = waitpid(0, &status, WNOHANG);
-
-                if(child_pid == opts->tcp_server_pid)
-                {
-                    if(WIFSIGNALED(status))
-                        log_msg(LOG_WARNING, "TCP server got signal: %i",  WTERMSIG(status));
-
-                    log_msg(LOG_WARNING,
-                        "TCP server exited with status of %i. Attempting restart.",
-                        WEXITSTATUS(status)
-                    );
-
-                    opts->tcp_server_pid = 0;
-
-                    /* Attempt to restart tcp server ? */
-                    usleep(1000000);
-                    run_tcp_server(opts);
-                }
-            }
-
-            got_sigchld = 0;
-        }
 
         if(sig_do_stop())
         {