I'm working on a project, implementing everything in C language. As a part of the project, we need to be able to control and configure firewalld, firewall of the current system.
firewalld is implemented in Python and an interface is available. However, we don't want to make Python calls from C or vice versa.
There are command line tools to configure firewalld (e.g. firewall-cmd) but we don't want to make such calls from C either.
I recently started working on firewalld, I don't know much about its internals. I've read that it uses D-Bus, I also don't know much about D-Bus.
There is a C library developed by Thomas Woerner: libfirewall.
However, it's been more than a year and a half since the last commit so it's not maintained. Other than libfirewall, I don't know any firewalld interface in C.
I gave libfirewall a shot. It got me some problems when both compiling and running the examples and I still have problems to resolve. Is it worth to continue with libfirewall? Should I use it?
Is there any other interface that I'm not aware of?
Possibly naive question due to lack of understanding of D-Bus: I thought, maybe, with a D-Bus interface, I can issue commands to firewalld. Can it be done? (i.e. Does D-Bus work like that?) Can we write a program that mimics, say firewall-cmd, and interacts with D-Bus in the same way and at the end allows us to control firewalld?
If this is possible, how to do it and what to use? libdbus and GDBus have relatively good documentation although libdbus requires good deal of effort. They even said "If you use this low-level API directly, you're signing up for some pain." in the documentation. In any case I'll be in need of examples or any kind of text demonstrating their usage.
How should I approach this problem?
Yes, you can issue commands to firewalld via D-Bus. I haven't checked but expect that firewall-cmd is itself implemented as a D-Bus client.
The D-Bus API is extensively documented: https://firewalld.org/documentation/man-pages/firewalld.dbus.html. The documentation should give you a rough idea what can be accomplished through the API. You could try the D-Bus debugger d-feet to interact with firewalld without any code.
GDBus is definitely the easiest way use D-Bus from C but it's still not trivial and firewalld is a fairly complex API: Using it may require some expertise (completely depending on what you need to do).
Related
Goal
I'd like to write C/C++ applications and provide an API for them to communicate directly with systemd-managed services. Effectively, I'd like my applications to be able to do the equivalent of systemctl start service_name#unit_number.service without using system(), popen(), or exec() calls (hard requirement).
Question
Is there a simple C/C++ API for communicating with systemd, assuming systemd version 219 (i.e. CentOS v7.4, also a hard requirement)?
Work So Far
I've scoured online for examples of controlling systemd-managed services in C/C++ and found the odd discussion on the topic, but haven't found any good examples.
I could always reverse-engineer systemctl version 219 from source, but then I potentially run afoul of GPL licensing.
Since I'm stuck with CentOS v7.4, which means I can't get at version 221 or later of systemd, I can't use the newer "SD Bus" API. Nobody would allow manually upgrading libsystemd just for an application-specific benefit, and I'm apparently not the first person to raise this concern.
I'm hesitant to use the low-level C API for DBUS, since the maintainers themselves state "If you use this low-level API directly, you're signing up for some pain.".
Hard Requirements
systemd v219.
CentOS v7.4
C/C++.
No system()/popen()/exec() calls to the systemctl CLI utility.
Non-propagating license (i.e. LGPLv2 is OK, though BSD/MIT is preferred).
Question (Redux)
Is there a simpler API that I could use on CentOS v7.4 (even if I have to supply the shared library myself) that can be used to communicate with systemd in a simple, reliable manner directly via C/C++ code? If the existing libdbus-1.so API is complicated but still reliable, and I can create a reliable/stable wrapper library around it, I'm open to exploring that option. Also, if it's possible to manually build and deploy the SD-BUS components independent of systemd and use them without having to modify/upgrade the systemd library/daemon already on the system, I could potentially go that route too.
Edits & Comments
I would be open to using a mature C++ library, so long as it doesn't require total release of all source.
Thank you.
As you already figured out, you should only interact with systemd using a dbus library, there is no other supported way to do so.
Even if you lifted the requirement of no execution of binaries, it will remain frowned upon, as the *ctl tools are command line user interfaces not intended or designed to be called from other programs.
I am not finding documentation for custom protocol support.
From what I understand, Gatling has core engine that does scheduling, thread management etc, and protocol support is designed as an Actor ?
I am trying to develop a custom protocol (thats basically a shell script that will talk to an external service). The latest reference documentation does not seem to have any reference to how to do this ? Any pointers will be greatly appreciated.
If you need to stress test something that is implemented in a shell script, then Gatling probably isn't the best fit. Gatling is designed for stress testing networking protocols. So unless you can duplicate what your shell script is doing in Gatling expressed in networking protocols, you then might want to use something else.
Secondly, if you did implement it, I would check with the core developers of Gatling if it's something that they would consider including (use a github issue to ask). Since the applications of this might not be widespread, they may choose to not include it in their project. If that's the case you would have to either run your own fork with the implementation or add some sort of plugin architecture to Gatling for 3rd part extensibility.
So my suggestions are:
Decompose your shell script into the specific network protocol parts you're interested in stress testing implementing in Gatling.
Use a different tool that's designed to running multiple shell scripts at once for stress testings. Something like GNU Parallel if you're on a Linux box.
Implement it yourself. There's no documentation on how to do this. However a good starting example would be the JMS Protocol Implementation to give you an idea of all that's involved.
I am looking for a NIO type of library for C. I want to implement a multi threaded UDP network server that will have a lot of clients connecting to it.
Instead of attempting to code my own program to handle packets and 'connections'. I thought I would have a look if there is not already an existing library that has been tested and build for scalability and high performance.
I have found a few for Java but none for C. such as Apache Mina.
I am hoping that some one out there knows of a good one that may assist me.
Thaks
It sounds like you want something to abstract select(), poll(), or whatever the most efficient mechanism is for your platform.
Have you looked at libevent and libev? There is a nice writeup here.
First of all, C has no classes. Secondly, C provides you with everything you need to implement a scalable and high performance solution. It's more low level than java's NIO, but there are good tutorials out there in google.
And if you want a library - try boosts' asio. It is C++, but perhaps you can use it.
If you are using Linux I strongly recommend you to use the POSIX API. It gives you resources for multithreading and networking acrosss any Linux box.
GNU C library
I am interested in making a simple HTTP server in C to play with (of course I'm only expecting to learn more about how a server works and gain some knowledge from there). I saw some topics regarding the same question as well as providing code but that didnt help. Are there any books for what I'm looking for?
First, there are many HTTP server C code out there. At least, have a look into some of them.
There are also several libraries for adding HTTP server abilities to your software. I do like the onion library, but there are others (libmicrohttpd, Wt for C++, etc...).
You need to be fluent with
advanced unix programming
unix networking programming
HTTP protocol
The C10K problem
FastCGI perhaps
I'm not sure it is worth the effort to re-implement a simple HTTP server. You probably won't do better than existing stuff in a reasonable time.
You might learn more by studying and improving existing code.
At last, your question is perhaps off-topic here. Did you consider asking on programmers's forum?
Actually, since HTTP is a complex protocol (above TCP/IP which is itself complex, implemented e.g. on operating systems like Posix or Linux which are complex), you won't be able to make a simple but standard compliant implementation (if you want it robust enough, which is required by HTTP specs). It has to be complex!
You definitely will learn a lot by implementing something simple. Just read a little bit about HTTP (e.g. wikipedia's page on HTTP, and start implementing some simple GET and HEAD requests); but you should have some knowledge about e.g. basic Linux network programming. However, you'll then implement only a subset of HTTP.
Almost the same question as this one here:
What's the easiest way to grab a web page in C?
however the conditions have changed and I need to connect via https, this is a bit more tricky, anyone got any snippets?
I am on a qnx platform, building and compiling additional libraries and rolling it out onto our product is very, very hard given the contraints. So things like libcurl are not possible.
Results:
It turns out I had to install libcurl on QNX after all. This involved installing perl and openSSL to build libcurl, but once that was built it was good to go. This was the least desirable option but it ended up being worth it.
libcurl should be able to handle anything you need to do.
If you're not able to use a library, then I guess you're either forced to cheat, as in "call out to a shell or some other environment that already has this capability". I'm not very familiar with QNX or the environments where it's typically run, not enough to dicount this possibility on my own anyway.
By the way, before skipping this: libcurl is known to build on QNX, so try that before even reading further.
Failing that, taking the question literally, I guess you need to implement the relevant parts of the HTTP protocol yourself. Since you now need secure access too, you're in a world of hurt. You just don't want to implement that type of code on your own, it is a lot of work, many many wheels to re-invent.
At the very least, I'd recommend taking a hard look around to see if any of the things you need to do this are already implemented. This page implies that OpenSSH is available for the QNX platform, which is encouraging.
I was away when you posted this followup question.
I've now posted an SSL-capable example program at http://pastebin.com/f1cd08b33
This needs to be linked against OpenSSL (-lssl) but doesn't need libcurl at all.