BPQ Packet Radio Node conversd Interlink

Usually, use of a plain telnet session is sufficient to connect to remote services in BPQ however when the remote service requires a login to occur, sending a prompt to the user and trusting them to input the correct information is unsatisfactory as in some circumstances this can lead to spoofing.

Automating with Expect

The expect tool is used in here to replace the interactive process of logging in with a preset behaviour.

The wrapper script connects to the remote service, in this case- conversd, and sends the command sequence including the callsign of the user to initialize the connection and log the person in with their current callsign connected through the BPQ node.

The callsign itself is provided to the wrapper script by BPQ32 automatically upon connect. The problem with conversd is that it requires a command prefix before the callsign to actually log in.

Install expect

You will need to ensure that the expect tool is installed on your system, and that the path to ‘expect’ matches in the script provided down below, by default this is /usr/bin/expect.

sudo apt install expect

The wrapper script

#!/usr/bin/expect 
gets stdin callsign
spawn -noecho nc IPADDRESS 3600
send "/n $callsign\n"
interact
exit

In the above example, substitute the IPADDRESS with the DNS host name or static IP address of the conversd server you wish to connect to.

You may need to substitute the port number for the one provided to you by the conversd owner. The default is usually port 3600, but it can sometimes differ system to system.

Place this script in a familiar directory, for the sake of example this document will use a sub directory “scripts” within the linbpq home directory.

/home/bpq/scripts/convwrap

Set the correct permissions:

chmod 755 /home/bpq/scripts/convwrap

Calling the wrapper script

The wrapper script by itself doesn’t do all of the work. Incoming connections from BPQ have to pass through to a TCP port that is connected to the wrapper script, this is easily achieved with the openbsd-inetd package.

Install ‘openbsd-inetd’ on your system, if using a Raspbian or Debian based install this is accomplished with:

sudo apt install openbsd-inetd

The openbsd-inetd utilizes two configuration files, these are:

/etc/inetd.conf
/etc/services

Edit the /etc/inetd.conf, insert the following tab-delimited configuration line.

convwrap    stream    tcp    nowait    bpq    /home/bpq/scripts/convwrap

Note that the references to ‘bpq’ here refer to the user ID that the service will run under. In the example, user ‘bpq’ runs the convwrap script from its own home directory. See Appendix 1 for more information on the inetd.conf syntax.

Edit the /etc/services file and insert a fresh port number for this service, e.g port 63000:

convwrap  63000/tcp

Restart inetd so that it loads the above configuration.

sudo service inetd restart

Configuring BPQ32

Insert an APPLICATION line below your existing application definitions, ensure that you select an unused unique application number (the digit after APPLICATION). BPQ has a maximum of 32 application definitions.

APPLICATION 9,WWC,ATTACH 10 127.0.0.1 63000 S,NOCALL-2,ALIAS,255

In the above example:

  • 9’ refers to application number 9, it is important that you choose an application number between 1-32 that is not already in use.
  • WWC is the command alias, a user connected to the BPQ node issues this command to initiate the connection to the wrapper.
  • ATTACH is the internal node command that requires a telnet PORTNUM.
  • 10’ is the telnet PORTNUM associated in bpq32.cfg, it will differ system to system, if your system does not have a telnet port defined, now is the time to do that
  • 127.0.0.1 63000 is the host and TCP port number where the wrapper script is provided (see /etc/services from earlier). 127.0.0.1 always refers to ‘localhost’ or ‘self’ in human terms
  • S’ is the internal node flag that instructs the node to keep the user connected to the node after disconnecting from the wrapper. This is known as ‘Stay’.
  • NOCALL-2 is the optional callsign and SSID you want the wrapper to be reachable via ax25 and NETROM.
  • ALIAS is the optional 1-6 character maximum unique ax25 and NETROM alias of the wrapper. Do NOT use the default- make sure you pick one that does not collide with anyone else on the NETROM network.
  • ‘255’ is the optional NETROM quality to add the prior optional call sign/alias to the NETROM broadcast, as it is a local and hard-wired service, this can be maximum, 255.

Testing

Test the wrapper using the simple telnet program. Connect to the wrapper port, it should show the following:

bpq@pe1rrr:~/scripts $ telnet localhost 63000
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

In order to emulate what BPQ will do, type in your callsign and hit enter.

pe1rrr
/n pe1rrr
*
* Access to channel 0 has been removed from this server.
*

FYI: No password found.
Try /help mkpass.

conversd @ Rijen_NL Ping-Pong conversd saupp-1.62a
* Type /HELP for help.
* Welcome to RRRWWC Worldwide Converse Server
* Use /help for commands.
* ========================================================
*
*** There are 18 users on 9 channels online.
*** Will try local default channel 3333.
*** You created a new channel 3333.
*** Personal data set from file: Red, Rijen, JO21LO
*** Nickname set from file: Red

🙂


Appendix 1

From the inetd.conf documentation:

service type protocol wait user server cmdline
service

The service name. Service names are translated to port numbers by looking them up in the services file (often /etc/services) for TCP and UDP services, or the portmap daemon for RPC services.

type

The type of socket the service will use. This will be either stream, for connection-oriented protocols, or dgram, for datagram protocols. TCP-based services should always use stream, while UDP-based services should use dgram.

protocol

The communication protocol used by the service. This must be a protocol listed in the protocols file (usually found in the same directory as the inetd configuration file). This is usually tcp or udp. RPC services prepend rpc/ to the type.

wait

Whether the service can process multiple requests at one time. This option applies only to dgram sockets. If the service in question can process multiple requests, this should be wait. Otherwise, and for stream sockets, this should be nowait.

user

The user under which the process should run. Oftentimes this will be root, but if the daemon does not require root privileges, you should consider running it under a less privileged user. Programs which you do not particularly trust, or that you know have security problems are prime candidates to be run under a less privileged user.

server

The absolute pathname of the daemon to be executed. Internal services are marked by the keyword internal.

cmdline

The command-line arguments to the daemon. The first argument should be the short name of the program. This is a traditional Unix convention which is normally hidden by the shell.

Packet Radio: Building & Configuring Conversd Server

Synopsis

Building & configuring conversd and creating the systemd service file for conversd.


Build & Install

Download and then fix filename (thanks wordpress) before decompressing (gzip -d <file.tar.gz>) and then extracting (tar xvf <file.tar>)

vi Makefile

#Directories:
BASE_DIR = /usr/local
DATA_DIR = /var/cache/conversd
#/etc/conversd if you…
CONF_DIR = $(BASE_DIR)/etc/conversd
BIN_DIR = $(BASE_DIR)/bin
SBIN_DIR = $(BASE_DIR)/sbin
MAN_DIR = $(BASE_DIR)/man
#
INIT_DIR = /etc/init.d 
sudo apt install libreadline-dev
sudo make clean
sudo make install-all

Lots of compile warnings. Ignore. It should install all of the files after compilation. If you got fatal errors, you are missing libraries.

Remove the no longer necessary SYSV init script:

sudo rm /etc/init.d/conversd
sudo rm /etc/init.d/lconversd
sudo rm /etc/init.d/wconversd
sudo rm /etc/init.d/ppconversd

Create the Service file for systemd

cd /etc/systemd/system
sudo vi conversd.service

Paste this into conversd.service:

[Unit]
Description=Conversd Server On %I
After=network.target
[Service]
PrivateTmp=true
Type=forking
ExecStart=/usr/local/sbin/conversd
[Install]
WantedBy=multi-user.target

Run these commands as root:

sudo systemctl daemon-reload
sudo systemctl enable conversd

Configuration

Configure your server, make sure to change the secret number to a completely different one, as well as make sure it is smaller than the default as that is there to deliberately stop the server working (so pay attention).

vi /usr/local/etc/conversd/conversd.conf

Modify /etc/services to include the service name and port:

sudo vi /etc/services

Insert:

conversd 3600/tcp

Testing

Start the daemon

sudo service conversd start

Check it is running

ps -ef | grep conv
daemon 7448 1 0 02:41 ? 00:00:00 /usr/local/sbin/conversd

Log in using the convers client:

convers -l <callsign>
conversd @ Rijen_NB Ping-Pong conversd saupp-1.62a
Type /HELP for help.
*
Enjoy the convers. Type /version to see where comments go to.
Set your /personal text if you haven't already done so. /? gives help.
*
*** There is 1 user online
*** Will try local default channel 31.
*** You created a new channel 31.
*** ( 1:51) conversd made you a channel operator for channel 31