Hi all,
For a customer project I'm writing a "firewall proof" script.
This script, between two systems tries systematically all tcp ports (up
to a given parameter) of all target network.
Now, I've made a double loop (one for the IP addresses, one for the
ports) to browse this). For speed reasons, I fork all the network
"clients" and they all individually log their results in a global log
file opened before the fork.
Despite this, and the fact that I log both success and failure and that
I check that all children successfully died, I get some holes the log
files, means that some tests do not get logged (they most of the times
do show up in the firewall log) and I get no error message telling me
that a child unexpectedly died or crashed.
I don't show the "server" side activation, but the necessary listening
daemons are dynamically launched on the target system. I also get logs
on the target that prove this.
Any idea, the "core" of the script is attached below (some meaningless
instruction about local or remote network interfaces
activation/configuration/de-activation have been left aside, as well as
debug stuff).
Thanks,
Jean-Charles
$SIG{CHLD}='IGNORE';
foreach my $source (@sources) {
$source =~
/^(eth\d+)#(\d+\.\d+\.\d+\.\d+)\/(\d+\.\d+\.\d+\.\d+)>(\d+\.\d+\.\d+\.\d+)$/;
my ($sourceif, $sourceip, $srcnetmask, $defsrcgw) = ($1, $2, $3,
$4);
foreach (@targets) {
/^(eth\d+)#(\d+\.\d+\.\d+\.\d+)\/(\d+\.\d+\.\d+\.\d+)>(\d+\.\d+\.\d+\.\d+)$/;
my ($targetif, $targetip, $tgtnetmask, $deftgtgw) = ($1,
$2, $3, $4);
next if (&samesubnet($sourceip, $targetip));
foreach my $port ( 1 .. $endport ) {
my $pid = fork();
$logfile->print("Error : Could not fork
to test reachability of $targetip:$port from $sourceif#$sourceip")
unless (defined $pid);
die "Cannot fork\n" unless (defined $pid);
if ( $pid ) {
$child{$pid}="$targetip:$port:$sourceip:$sourceif";
} else {
my $socket =
IO::Socket::INET->new( PeerHost => $targetip,
PeerPort => $port,
Proto => "tcp",
Type => SOCK_STREAM,
Blocking => 1,
Timeout => $timeout );
if ($socket) {
$logfile->print("$targetip is reacheable on port $port from ip $sourceip
on interface $sourceif.\n");
} else {
$logfile->print("$targetip is NOT reacheable on port $port from ip
$sourceip on interface $sourceif.\n");
}
$logfile->flush();
$socket && usleep($closesleep);
$socket && $socket->close();
undef $socket;
exit;
}
}
usleep($childrensleep);
foreach (keys %child) {
delete $child{$_} unless (kill 0 => $_);
}
if (%child) {
usleep($childrensleep);
foreach (keys %child) {
if (kill 0 => $_) {
kill 9 => $_;
$child{$_} =~
/(.*):(.*):(.*):(.*)/;
$logfile->print("$1 is
NOT reacheable on port $2 from ip $3 on interface $4 (timeout kill).\n");
}
delete $child{$_} unless (kill 0
=> $_);
}
die "All children not dead\n" if (%child);
}
}
}
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
