diff --git a/doc/fwknopd.man.asciidoc b/doc/fwknopd.man.asciidoc index 43f98d4d..1e143e78 100644 --- a/doc/fwknopd.man.asciidoc +++ b/doc/fwknopd.man.asciidoc @@ -181,6 +181,11 @@ COMMAND-LINE OPTIONS provided by SPA clients. This option is mostly useful for the fuzzing tests in the test suite to ensure broad code coverage under adverse conditions. +*-U, --udp-server*:: + Run *fwknopd* in UDP server mode so that SPA packets are acquired via a + UDP socket directly without having to use libpcap. See the discussion of + the ``ENABLE_UDP_SERVER'' configuration variable below for more information. + *-v, --verbose*:: Run *fwknopd* in verbose mode. This can option can be specified multiple times to increase the verbosity of the output to the system @@ -356,7 +361,7 @@ See the '@sysconfdir@/fwknop/fwknopd.conf' file for the full list and correspond is only spawned when ``ENABLE_TCP_SERVER'' is set to ``Y''. *ENABLE_UDP_SERVER* '':: - Enable the *fwknopd* UDP server. This enables *fwknopd* to acquire SPA + Enable the *fwknopd* UDP server. This instructs *fwknopd* to acquire SPA packets via a UDP socket directly without having to use libpcap. When this mode is enabled, *fwknop* should be compiled with *--enable-udp-server* (passed to the *configure* script) so that libpcap can be removed as a diff --git a/server/cmd_opts.h b/server/cmd_opts.h index 2db2899e..d51c1904 100644 --- a/server/cmd_opts.h +++ b/server/cmd_opts.h @@ -153,7 +153,7 @@ enum { /* Our getopt_long options string. */ -#define GETOPTS_OPTION_STRING "Aa:c:C:d:Dfhi:Kl:O:p:P:RStvV" +#define GETOPTS_OPTION_STRING "Aa:c:C:d:Dfhi:Kl:O:p:P:RStUvV" /* Our program command-line options... */ diff --git a/server/config_init.c b/server/config_init.c index a0523d24..704414bf 100644 --- a/server/config_init.c +++ b/server/config_init.c @@ -1205,17 +1205,16 @@ usage(void) MY_NAME, MY_VERSION, MY_DESC); fprintf(stdout, "Usage: fwknopd [options]\n\n" - " -h, --help - Print this usage message and exit.\n" " -a, --access-file - Specify an alternate access.conf file.\n" " -c, --config-file - Specify an alternate configuration file.\n" - " -C, --packet-limit - Limit the number of candidate SPA packets to\n" - " process and exit when this limit is reached.\n" - " -d, --digest-file - Specify an alternate digest.cache file.\n" - " -D, --dump-config - Dump the current fwknop configuration values.\n" " -f, --foreground - Run fwknopd in the foreground (do not become\n" " a background daemon).\n" " -i, --interface - Specify interface to listen for incoming SPA\n" " packets.\n" + " -C, --packet-limit - Limit the number of candidate SPA packets to\n" + " process and exit when this limit is reached.\n" + " -d, --digest-file - Specify an alternate digest.cache file.\n" + " -D, --dump-config - Dump the current fwknop configuration values.\n" " -K, --kill - Kill the currently running fwknopd.\n" " -l, --locale - Provide a locale setting other than the system\n" " default.\n" @@ -1231,10 +1230,14 @@ usage(void) " -S, --status - Display the status of any running fwknopd process.\n" " -t, --test - Test mode, process SPA packets but do not make any\n" " firewall modifications.\n" + " -U, --udp-server - Set UDP server mode.\n" " -v, --verbose - Set verbose mode.\n" " --syslog-enable - Allow messages to be sent to syslog even if the\n" " foreground mode is set.\n" " -V, --version - Print version number.\n" + " -A, --afl-fuzzing - Run in American Fuzzy Lop (AFL) fuzzing mode\n" + " plaintext SPA packets are accepted via stdin.\n" + " -h, --help - Print this usage message and exit.\n" " --dump-serv-err-codes - List all server error codes (only needed by the\n" " test suite).\n" " --exit-parse-config - Parse config files and exit.\n"