On Mar 02, 2010, Steve D wrote: > How do I know what variables are available to me with external commands? > All of the examples use $SRC, but a few of the config files claim there are > many more. How would I find what these are? > > Specifically, I'd like to use the source IP address where the packet > originated (not the one specified in the message) and I'd like the > username. Is this possible?
The variable substitutions take place for any variable in the access.conf file. Most of these are documented in the fwknopd man page, but a few aren't yet. If you want to substitute the user, then the 'REQUIRE_USERNAME' variable will do the trick. For the source IP, the variable substitution is done for the source IP that is contained within the encrypted SPA packet, and this may or may not be the source IP in the IP header when the packet is sniffed by the fwknopd daemon. Using the source IP in the IP header instead is not currently supported. In general, fwknop tries to be careful about untrusted data, and the source IP in the header is much less trustworthy than the IP within the SPA packet. Perhaps I'm missing a compelling use case though - is there a good reason to use the IP in the header? Thanks, --Mike > I'd like to be able to do something along the lines of: > > EXTERNAL_CMD_OPEN: echo "$SRC $USERNAME" > /path/to/foo.txt; > > I see the message containing everything I want go through in the syslog, > fwknopd: received valid Rijndael encrypted packet from: 127.0.0.1, remote > user: testuser, client version: 1.9.11 (SOURCE line num: 27) > > But, the $SRC variable does not reference the ip in the syslog message, it > seems morpheus can't parse the external IP from the web anymore and I have > no idea how to get at the username variable. > - Steve > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Fwknop-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
