Public bug reported:
The package fwknop-server previously had PCAP support to sniff for
knocking information. This is important for us, because we don't have to
pre-open a UDP port to listen on. In previous Ubuntu LTS versions the
PCAP support was available and compiled into the packages.
We set the following configuration parameters in /etc/fwknop/fwknopd.conf
PCAP_INTF eth0;
PCAP_FILTER udp port 12345;
TCPSERV_PORT 12345;
Here is the current situation and log output:
Our current OS (with latest updates):
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
Our current fwknop-server version:
# apt-cache policy fwknop-server
fwknop-server:
Installed: 2.6.10-20.2build3
Candidate: 2.6.10-20.2build3
Version table:
*** 2.6.10-20.2build3 500
500 http://mirror.hetzner.de/ubuntu/packages noble/universe amd64
Packages
500 http://de.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
100 /var/lib/dpkg/status
This is the syslog extraction when starting fwknopd. As you can see, it warns
about PCAP not compiled into the package and it is also not picking up the port
12345, which we set in the configuration, but rather falls back to 62201 port:
2024-08-07T11:40:42.998970+02:00 ugi fwknopd[1697]: pcap capture not compiled
in, forcing UDP server mode
2024-08-07T11:40:42.999133+02:00 ugi fwknopd[1697]: Warning:
REQUIRE_SOURCE_ADDRESS not enabled for access stanza source: 'ANY'
2024-08-07T11:40:42.999641+02:00 ugi fwknopd[1698]: Starting fwknopd
2024-08-07T11:40:43.081144+02:00 ugi fwknopd[1698]: Added jump rule from chain:
INPUT to chain: FWKNOP_INPUT
2024-08-07T11:40:43.091031+02:00 ugi fwknopd[1698]: iptables 'comment' match is
available
2024-08-07T11:40:43.091107+02:00 ugi fwknopd[1698]: Kicking off UDP server to
listen on port 62201.
This is how it should behave and how it used to work in previous Ubuntu
versions:
Description: Ubuntu 22.04.4 LTS
Release: 22.04
# apt-cache policy fwknop-server
fwknop-server:
Installed: 2.6.10-13build1
Candidate: 2.6.10-13build1
Version table:
*** 2.6.10-13build1 500
500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
500 http://mirror.hetzner.de/ubuntu/packages jammy/universe amd64
Packages
100 /var/lib/dpkg/status
Here is the syslog output. Especially the last line says, it is using UDP port
12345 with pcap:
Aug 7 11:23:48 ting fwknopd[1900776]: Warning: REQUIRE_SOURCE_ADDRESS not
enabled for access stanza source: 'ANY'
Aug 7 11:23:48 ting fwknopd[1900777]: Starting fwknopd
Aug 7 11:23:48 ting systemd[1]: Started Firewall Knock Operator Daemon.
Aug 7 11:23:48 ting fwknopd[1900777]: Added jump rule from chain: INPUT to
chain: FWKNOP_INPUT
Aug 7 11:23:48 ting fwknopd[1900777]: iptables 'comment' match is available
Aug 7 11:23:48 ting fwknopd[1900777]: Sniffing interface: eth0
Aug 7 11:23:48 ting fwknopd[1900777]: PCAP filter is: 'udp port 12345'
Aug 7 11:23:48 ting fwknopd[1900777]: Starting fwknopd main event loop.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: fwknop-server 2.6.10-20.2build3
ProcVersionSignature: Ubuntu 5.15.0-117.127-generic 5.15.158
Uname: Linux 5.15.0-117-generic x86_64
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Wed Aug 7 11:40:51 2024
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
SourcePackage: fwknop
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.fwknop.access.conf: [modified]
mtime.conffile..etc.default.fwknop-server: 2024-08-07T11:36:22.796078
mtime.conffile..etc.fwknop.access.conf: 2024-08-07T11:36:19.339612
mtime.conffile..etc.fwknop.fwknopd.conf: 2024-08-07T11:39:24.952645
** Affects: fwknop (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2076224
Title:
fwknopd is missing PCAP support with new LTS
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwknop/+bug/2076224/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
