Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

7547 lines (5746 sloc) 308.852 kB
commit a36082b543178695cd97508b920b682be0fa983e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 2 18:33:42 2012 -0500
moved ChangeLog-v2.0 to ChangeLog
ChangeLog | 3916 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ChangeLog-v2.0 | 3916 --------------------------------------------------------
2 files changed, 3916 insertions(+), 3916 deletions(-)
commit 36f21f95ceda35eefd5a6a8224308f38c2a6d6cd
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 2 18:32:35 2012 -0500
removed old ChangeLog files
ChangeLog | 3020 ---------------------------------------------------------
ChangeLog.old | 227 -----
2 files changed, 0 insertions(+), 3247 deletions(-)
commit 305708aa27587793a76b478bf9e7a4fafe957666
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 2 18:26:05 2012 -0500
Added ChangeLog, ShortLog, and diffstat files for the 2.0 release.
ChangeLog-v2.0 | 3916 +++++++++++++++++++++++++++++++++++++++++++++++++++++
ChangeLog-v2.0rc5 | 815 -----------
ShortLog-v2.0 | 453 +++++++
ShortLog-v2.0rc5 | 123 --
diffstat-v2.0 | 1434 ++++++++++++++++++++
diffstat-v2.0rc5 | 211 ---
6 files changed, 5803 insertions(+), 1149 deletions(-)
commit 4ecbcba77c8e16986222c3218e35e3ff0deffd82
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 2 17:47:01 2012 -0500
bumped version to 2.0
extras/fwknop-launcher/fwknop-launcher-lsof.pl | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit 9dae73d972946d588636753e3342166d68b1847e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 2 15:26:42 2012 -0500
added FKO_CHECK_COMPILER_ARG_LDFLAGS_ONLY to fix ro-relocations and immediate binding protection compliation warnings on FreeBSD
configure.ac | 34 ++++++++++++++++++++++++++++++++--
1 files changed, 32 insertions(+), 2 deletions(-)
commit 6f6a9d727dc52f294064aec44e1a1c6d16a67ed9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 2 15:25:35 2012 -0500
minor test suite update to look for linker warnings in a more generic way
test/test-fwknop.pl | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit 1bd2592d15bb89c1a6ce4462ff9c685f0186d09a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 2 15:10:55 2012 -0500
minor test suite addition to check for linker input file warnings
test/test-fwknop.pl | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit a6a6a004d462b693c86eb27ddb220cd5a0b82aa7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 2 11:29:16 2012 -0500
bumped version to 2.0
VERSION | 2 +-
android/project/jni/config.h | 6 +++---
extras/openwrt/package/fwknop/Makefile | 2 +-
win32/config.h | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
commit ac0bf15ea7b4cf94ad1fbc4524f14784e721322e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 2 09:53:36 2012 -0500
minor wording update subversion -> git
README | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit aff8832d66a7fbf3cc867cd24149ccfb29df6504
Author: Damien S. Stuart <dstuart@dstuart.org>
Date: Thu Dec 29 14:19:16 2011 -0500
Refactored configure.ac to use a custom macro for compiler flag checks.
Set version to 2.0 (non-release candidate).
Minor typo fixes.
Makefile.am | 2 +-
README | 13 +-
configure.ac | 387 +++++++++++++++--------------------------------
fwknop.spec | 5 +-
server/pcap_capture.c | 2 +-
server/process_packet.c | 2 +-
server/tcp_server.c | 2 +-
7 files changed, 133 insertions(+), 280 deletions(-)
commit 99b1a487568235c0a76373024498e5a50af36621
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Dec 12 20:41:39 2011 -0500
updated copyright and license statement - fwknop is GPL software
AUTHORS | 10 +++-------
1 files changed, 3 insertions(+), 7 deletions(-)
commit 7ac5319847b6cf75dc5d5cdb4cdd41b55ee711b3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Dec 5 22:23:00 2011 -0500
minor addition of the local_spa.key file for 'make dist'
ChangeLog-v2.0rc5 | 18 ++++++++++++++++++
ShortLog-v2.0rc5 | 5 ++++-
diffstat-v2.0rc5 | 10 ++++++----
3 files changed, 28 insertions(+), 5 deletions(-)
commit 7a231a3b72758d93b4b9425fd403247aa2018499
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Dec 5 22:21:31 2011 -0500
added local_spa.key file
Makefile.am | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
commit 3d0ceccf65010a84dd30fc5e9c567e24f03104ce
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Dec 5 22:20:39 2011 -0500
added local_spa.key file
test/local_spa.key | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
commit 710f98a9b572cd126cd3f662b29244bc0d6e6533
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Dec 5 22:16:38 2011 -0500
minor addition of the CREDITS file for 'make dist'
ChangeLog-v2.0rc5 | 12 ++++++++++++
ShortLog-v2.0rc5 | 4 +++-
diffstat-v2.0rc5 | 10 +++++-----
3 files changed, 20 insertions(+), 6 deletions(-)
commit 9bcd7cb137103db89400f4f652ab834e05ea5eba
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Dec 5 22:16:03 2011 -0500
Added the CREDITS file for 'make dist'
Makefile.am | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
commit 3b2ec921be16db4bcccb4a0bfe13ebdb620a5b31
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Dec 5 22:11:58 2011 -0500
change log doc updates
ChangeLog-v2.0rc5 | 18 ++++++++++++++++++
ShortLog-v2.0rc5 | 6 +++++-
diffstat-v2.0rc5 | 19 ++++++++++++++++---
3 files changed, 39 insertions(+), 4 deletions(-)
commit 474a18b57d054939e6f4063d5ef491b4cee4a240
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Dec 5 22:10:47 2011 -0500
Added various files to Makefile.am so that 'make dist' continues to work
Makefile.am | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 66 insertions(+), 0 deletions(-)
commit 690fe25fa4201af8f76c28450177581ce14a1459
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Dec 5 21:14:31 2011 -0500
added CREDITS file, bumped software version, added ChangeLog files
VERSION | 2 +-
android/project/jni/config.h | 6 +++---
configure.ac | 2 +-
extras/openwrt/package/fwknop/Makefile | 2 +-
fwknop.spec | 2 +-
win32/config.h | 2 +-
6 files changed, 8 insertions(+), 8 deletions(-)
commit bcba9d6bdef6032a992e64a8bd6bd7604b83b006
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Dec 5 21:14:14 2011 -0500
added CREDITS file, bumped software version, added ChangeLog files
CREDITS | 17 ++
ChangeLog-v2.0rc5 | 767 +++++++++++++++++++++++++++++++++++++++++++++++++++++
ShortLog-v2.0rc5 | 114 ++++++++
diffstat-v2.0rc5 | 196 ++++++++++++++
4 files changed, 1094 insertions(+), 0 deletions(-)
commit 893b89a3eba5fa9945095f8df4460f912fdb0cbc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Dec 3 21:21:29 2011 -0500
minor compiler warning fix on OpenBSD
server/fw_util_pf.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit 860b4527a455d1d50f2b563f4939ee1990b53bd8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Dec 3 13:10:35 2011 -0500
minor compile fixes for FreeBSD
server/access.c | 8 ++++++++
server/fw_util_ipfw.c | 4 ++--
server/incoming_spa.c | 12 ++++++++++++
3 files changed, 22 insertions(+), 2 deletions(-)
commit 9b7c1a8ce69fe51337458cce4e7b5e9cb3d7654b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Nov 30 20:51:19 2011 -0500
Added FORCE_NAT mode to the access.conf file
This commit adds a new configuration variable "FORCE_NAT" to the access.conf
file:
For any valid SPA packet, force the requested connection to be NAT'd
through to the specified (usually internal) IP and port value. This is
useful if there are multiple internal systems running a service such as
SSHD, and you want to give transparent access to only one internal system
for each stanza in the access.conf file. This way, multiple external
users can each directly access only one internal system per SPA key.
This commit also implements a few minor code cleanups.
client/config_init.c | 24 +++++-----
client/fwknop_common.h | 4 +-
client/http_resolve_host.c | 6 +-
common/common.h | 4 +-
doc/fwknop.man.asciidoc | 4 +-
doc/fwknopd.man.asciidoc | 18 +++++--
server/access.c | 51 ++++++++++++++++++--
server/fw_util.h | 2 +-
server/fw_util_ipf.c | 4 +-
server/fw_util_ipfw.c | 2 +-
server/fw_util_iptables.c | 32 +++++++-----
server/fw_util_pf.c | 2 +-
server/fwknopd.c | 2 +-
server/fwknopd_common.h | 8 ++-
server/incoming_spa.c | 2 +-
server/tcp_server.c | 6 +-
test/conf/expired_stanza_access.conf | 2 +-
test/conf/force_nat_access.conf | 4 ++
test/conf/future_expired_stanza_access.conf | 4 ++
test/conf/invalid_expire_access.conf | 4 ++
test/test-fwknop.pl | 70 +++++++++++++++++++++++++++
21 files changed, 199 insertions(+), 56 deletions(-)
commit 8585958e6e164d47c3d9dc106d4a15aee18599b9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Nov 28 23:20:11 2011 -0500
minor newline fix for access.conf output dump
server/access.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit 2a1243fee6d618096bc402b5a56ae3c2670b8b50
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Nov 28 23:18:07 2011 -0500
memory leak bugfix as a follow up to commit b280f5cde0246cdef33dee3f8be66a2bcef77336
server/incoming_spa.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
commit b280f5cde0246cdef33dee3f8be66a2bcef77336
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Nov 28 22:03:21 2011 -0500
Added access stanza expiration feature, multiple access stanza bug fix
This commit does two major things:
1) Two new access.conf variables are added "ACCESS_EXPIRE" and
"ACCESS_EXPIRE_EPOCH" to allow access stanzas to be expired without having
to modify the access.conf file and restart fwknopd.
2) Allow an access stanza that matches the SPA source address to not
automatically short circuit other stanzas if there is an error (such as when
there are multiple encryption keys involved and an incoming SPA packet is
meant for, say, the second stanza and the first therefore doesn't allow
proper decryption).
doc/fwknopd.man.asciidoc | 11 +
server/access.c | 99 +++--
server/access.h | 2 +-
server/fw_util_iptables.c | 2 +-
server/fwknopd_common.h | 2 +
server/incoming_spa.c | 642 ++++++++++++++-----------
server/incoming_spa.h | 2 +-
test/conf/expired_epoch_stanza_access.conf | 4 +
test/conf/expired_stanza_access.conf | 4 +
test/conf/multi_stanzas_with_broken_keys.conf | 19 +
test/test-fwknop.pl | 51 ++-
11 files changed, 530 insertions(+), 308 deletions(-)
commit 9e884e9759362ce401bf77dab819b24e10caca62
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Nov 22 22:56:48 2011 -0500
added SPA packet aging tests
test/test-fwknop.pl | 27 +++++++++++++++++++++++++++
1 files changed, 27 insertions(+), 0 deletions(-)
commit 72a4353fd850c099816f6e1acb9fad12bcb2ff27
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Nov 22 22:56:36 2011 -0500
bug fix to exclude SPA packets with timestamps in the future that are too great (old packets were properly excluded already)
server/incoming_spa.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
commit 644b9e943214ed6ede762af72f395b73ea03faf0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Nov 22 22:40:26 2011 -0500
added test for --test mode in the fwknop client
test/test-fwknop.pl | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
commit 0015da44427bf988372818b26916a6229e9f68ca
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Nov 22 22:34:10 2011 -0500
bug fix to honor the fwknop client --time-offset-plus and --time-offset-minus options
client/fwknop.c | 21 +++++++++++++++++++++
1 files changed, 21 insertions(+), 0 deletions(-)
commit 05b189ff4fe61c7149efcf4f18cada14553e6dbe
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Nov 22 22:13:27 2011 -0500
added DNAT mode tests, minor memory leak fix in NAT mode, added fwknopd check for ENABLE_IPT_FORWARDING variable before attempting NAT access
server/fw_util_iptables.c | 11 +-
server/fwknopd_errors.h | 3 +-
server/incoming_spa.c | 18 ++++-
test/conf/nat_fwknopd.conf | 5 +
test/test-fwknop.pl | 224 +++++++++++++++++++++++++++-----------------
5 files changed, 169 insertions(+), 92 deletions(-)
commit dd2deec73dc5f0d630ab86e92fe1e0073d692414
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Nov 18 23:23:50 2011 -0500
added tests for various access.conf variables
server/access.c | 4 +
test/conf/mismatch_open_ports_access.conf | 4 +
test/conf/mismatch_user_access.conf | 4 +
test/conf/multi_gpg_access.conf | 7 +
test/conf/multi_stanzas_access.conf | 15 ++
test/conf/open_ports_access.conf | 4 +
test/conf/require_src_access.conf | 5 +
test/conf/require_user_access.conf | 4 +
test/test-fwknop.pl | 270 ++++++++++++++++++++++++-----
9 files changed, 274 insertions(+), 43 deletions(-)
commit 63498c9032bfe74bc91de5d6607391e7b7cdfe36
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Nov 17 21:17:50 2011 -0500
added IP/subnet match tests, added --Anonymize-results mode
server/access.c | 25 +++-
server/access.h | 2 +-
server/incoming_spa.c | 20 ++--
test/conf/multi_source_match_access.conf | 3 +
test/conf/no_multi_source_match_access.conf | 3 +
test/conf/no_subnet_source_match_access.conf | 3 +
test/test-fwknop.pl | 190 ++++++++++++++++++++------
7 files changed, 189 insertions(+), 57 deletions(-)
commit 34cd0c7a78a62e1df2533641ca08adaaafa2aa7d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Nov 15 21:45:51 2011 -0500
simplified the client/server interaction code, started on IP filtering tests, added spoof username tests
test/conf/ip_source_match_access.conf | 3 +
test/conf/no_source_match_access.conf | 3 +
test/conf/subnet_source_match_access.conf | 3 +
test/test-fwknop.pl | 358 ++++++++++++++---------------
4 files changed, 181 insertions(+), 186 deletions(-)
commit 3d94aaa9205e5703c50635b9007efab485d9b2da
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Nov 10 22:54:25 2011 -0500
minor test wording consolidation
test/test-fwknop.pl | 42 +++++++++++++++++++++---------------------
1 files changed, 21 insertions(+), 21 deletions(-)
commit 50b48147c0392cd91f7ad83af56b20d0abbd3c3e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Nov 10 22:33:32 2011 -0500
This commit fixes two memory leaks and adds a common exit function.
The two memory leaks were found with the test suite running in
--enable-valgrind mode - here are the relevant error messages:
For fwknopd server GPG clean up:
==345== 9 bytes in 1 blocks are definitely lost in loss record 2 of 2
==345== at 0x4C2815C: malloc (vg_replace_malloc.c:236)
==345== by 0x52F6B81: strdup (strdup.c:43)
==345== by 0x10FA57: add_string_list_ent (access.c:308)
==345== by 0x110513: parse_access_file (access.c:387)
==345== by 0x10B5FB: main (fwknopd.c:193)
For fwknop client rc file processing:
==8045== 568 bytes in 1 blocks are still reachable in loss record 12 of 12
==8045== at 0x4C2815C: malloc (vg_replace_malloc.c:236)
==8045== by 0x50A53AA: __fopen_internal (iofopen.c:76)
==8045== by 0x10C3FF: process_rc (config_init.c:446)
==8045== by 0x10C8F6: config_init (config_init.c:671)
==8045== by 0x10AC9E: main (fwknop.c:62)
There is also a new clean_exit() function that makes it easier to ensure that
resources are deallocated upon existing.
client/config_init.c | 3 ++-
client/fwknop.c | 9 +++++++++
client/fwknop_common.h | 2 ++
lib/fko_user.c | 1 -
server/access.c | 21 +++++++++++----------
server/config_init.c | 21 ++++++++++-----------
server/fw_util_ipf.c | 2 +-
server/fw_util_ipfw.c | 4 ++--
server/fw_util_pf.c | 2 +-
server/fwknopd.c | 38 ++++++++++++++++++++++++++------------
server/fwknopd_common.h | 6 ++++++
server/incoming_spa.c | 1 +
server/log_msg.c | 2 +-
server/pcap_capture.c | 12 ++++++------
server/replay_cache.c | 2 +-
15 files changed, 79 insertions(+), 47 deletions(-)
commit 9ebd55f52289d5904fbde3b8838ca92c7271d9e9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Nov 10 22:33:00 2011 -0500
remove CMD timestamps for --diff mode
test/test-fwknop.pl | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
commit 9e19b8bc267031900c555c55fc5c1e54b6093461
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Nov 6 13:51:23 2011 -0500
added --diff mode to the test suite to compare results from one execution to the next
test/test-fwknop.pl | 119 +++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 116 insertions(+), 3 deletions(-)
commit a5a3c06ef225c737acbd21c6cedd1a94f1a6c484
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Nov 4 23:46:31 2011 -0400
consolidated several test functions into a single generic_exec() function
test/test-fwknop.pl | 124 ++++++++++++++++++--------------------------------
1 files changed, 45 insertions(+), 79 deletions(-)
commit f41a26b389605311a21a95a9ad2b23f460ed02ee
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Nov 3 22:15:19 2011 -0400
Fixed fwknopd memory leak, several other fixes and updates
This commit does several things. First, a memory leak in fwknopd has been
fixed by ensuring to free access.conf stanzas. This bug was found with the
new test suite running in --enable-valgrind mode. Here is what some of the
valgrind output looked like to find the leak:
==19217== 11 bytes in 1 blocks are indirectly lost in loss record 3 of 5
==19217== at 0x4C2815C: malloc (vg_replace_malloc.c:236)
==19217== by 0x52F6B81: strdup (strdup.c:43)
==19217== by 0x10FC8B: add_acc_string (access.c:49)
==19217== by 0x1105C8: parse_access_file (access.c:756)
==19217== by 0x10B79B: main (fwknopd.c:194)
==19217==
==19217== 16 bytes in 1 blocks are indirectly lost in loss record 4 of 5
==19217== at 0x4C27480: calloc (vg_replace_malloc.c:467)
==19217== by 0x10FEC0: add_source_mask (access.c:88)
==19217== by 0x110100: expand_acc_source (access.c:191)
==19217== by 0x1104B0: parse_access_file (access.c:500)
==19217== by 0x10B79B: main (fwknopd.c:194)
==19217==
==19217== 183 (152 direct, 31 indirect) bytes in 1 blocks are definitely lost in loss record 5 of 5
==19217== at 0x4C27480: calloc (vg_replace_malloc.c:467)
==19217== by 0x1103E4: parse_access_file (access.c:551)
==19217== by 0x10B79B: main (fwknopd.c:194)
==19217==
==19217== LEAK SUMMARY:
==19217== definitely lost: 152 bytes in 1 blocks
==19217== indirectly lost: 31 bytes in 3 blocks
==19217== possibly lost: 0 bytes in 0 blocks
==19217== still reachable: 8 bytes in 1 blocks
==19217== suppressed: 0 bytes in 0 blocks
Second, this commit changes how fwknopd acquires packet data with
pcap_dispatch() - packets are now processed within the callback function
process_packet() that is provided to pcap_dispatch(), the global packet
counter is incremented by the return value from pcap_dispatch() (since this is
the number of packets processed per pcap loop), and there are two new
fwknopd.conf variables PCAP_DISPATCH_COUNT and PCAP_LOOP_SLEEP to control the
number of packets that pcap_dispatch() should process per loop and the number
of microseconds that fwknopd should sleep per loop respectively. Without this
change, it was fairly easy to cause fwknopd to miss packets by creating bursts
of packets that would all be processed one at time with the usleep() delay
between each. For fwknopd deployed on a busy network and with a permissive
pcap filter (i.e. something other than the default that causes fwknopd to look
at, say, TCP ACK's), this change should help.
Third, the criteria that a packet must reach before data copying into the
buffer designed for SPA processing has been tightened. A packet less than
/greater than the minimum/maximum expected sizes is ignored before data is
copied, and the base64 check is done as well.
doc/fwknopd.man.asciidoc | 30 ++++++++++++++++++++++--------
server/access.c | 30 +++++++++++++++++++++++-------
server/access.h | 1 +
server/cmd_opts.h | 2 ++
server/config_init.c | 15 +++++++++++++++
server/fwknopd.conf | 14 ++++++++++++++
server/fwknopd_common.h | 4 ++++
server/incoming_spa.c | 45 +++++++++++++++------------------------------
server/pcap_capture.c | 25 +++++++++----------------
server/process_packet.c | 17 +++++++++++++----
server/utils.c | 21 +++++++++++++++++++++
server/utils.h | 1 +
test/test-fwknop.pl | 5 -----
13 files changed, 140 insertions(+), 70 deletions(-)
commit 97a8d751c1b02271e812701d4cb938833d36918a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Oct 30 22:14:00 2011 -0400
added complete SPA cycle tests for tcp ports 23 and 9418 (git), and for udp 53 dns
test/test-fwknop.pl | 92 +++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 90 insertions(+), 2 deletions(-)
commit 044ea54d936745e29c856de71818f0497633d531
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 29 23:49:29 2011 -0400
updated client SPA verbose message to include the server IP/host
client/fwknop.c | 38 --------------------------------------
client/spa_comm.c | 36 ++++++++++++++++++++++++++++++++++++
2 files changed, 36 insertions(+), 38 deletions(-)
commit 8e4b45dd568ef86ba773605662a5d058be714d33
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 29 23:48:42 2011 -0400
minor looping criteria update for valgrind tests
test/test-fwknop.pl | 26 ++++++++++++++++----------
1 files changed, 16 insertions(+), 10 deletions(-)
commit ea3e81787121e56e1a44cc0a5ee3b9ba64c4f5eb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 29 16:59:57 2011 -0400
[test-suite] added the ability to run all fwknop tests through valgrind
test/test-fwknop.pl | 230 ++++++++++++++++++++++++++++++---------------------
1 files changed, 134 insertions(+), 96 deletions(-)
commit f999e2e6720021328e2f34bf57d05b8081d8ffae
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 29 16:55:28 2011 -0400
bugfix to return preprocess_spa_data() result properly to calling function
server/incoming_spa.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
commit b1b830f744b01e0a3f0d4a19b6d38dd51afaae1f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Oct 28 23:01:06 2011 -0400
update to remove packet direction requirement when sniffing on OpenBSD loopback interfaces
server/pcap_capture.c | 24 +++++++++++++++---------
1 files changed, 15 insertions(+), 9 deletions(-)
commit cde71b1b274cae5af3b6e986e5ac369d79c0cc3a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Oct 28 23:00:26 2011 -0400
minor whitespace removal
server/process_packet.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
commit dbbbe60fe4b6908bff56d026d886381c83a44087
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Oct 28 22:59:52 2011 -0400
added stack protection detection for OpenBSD systems
test/hardening-check | 16 ++++++++++++++++
1 files changed, 16 insertions(+), 0 deletions(-)
commit 2e96ece4b074beff06aaca2f51bd90c84bfeeef8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Oct 28 22:42:27 2011 -0400
Update to ensure libfko.so path is detected properly on OpenBSD
test/test-fwknop.pl | 26 +++++++++++++++++++++-----
1 files changed, 21 insertions(+), 5 deletions(-)
commit 464dbe95d07657794aaac9e230153ffd84a2ed06
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 27 21:51:55 2011 -0400
Update to print all firewall commands in --verbose mode
This commit makes it easier to determine exactly which commands fwknopd
runs in --verbose mode when interacting with the underlying firewall.
This commit also adds --verbose --verbose mode to the test suite.
server/access.c | 1 +
server/config_init.c | 4 +-
server/fw_util.h | 2 +-
server/fw_util_ipfw.c | 96 ++++++++++++++++++++++++++++++----------
server/fw_util_iptables.c | 108 +++++++++++++++++++++++++++++++-------------
server/fw_util_pf.c | 6 +-
server/fwknopd.c | 4 +-
server/incoming_spa.c | 4 +-
server/log_msg.c | 2 +-
test/test-fwknop.pl | 59 +++++++-----------------
10 files changed, 179 insertions(+), 107 deletions(-)
commit 6388e8ac7fab3d89b164862c9e113fed37e9f397
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Oct 25 21:00:40 2011 -0400
added 'const' to function prototype vars where possible
Added the 'const' qualifier to function prototype variables where possible.
In addition, reduced some functions to file-scope with 'static' where possible.
Also made a few minor changes to remove extra whitespace, and fixed a bug
in create_fwknoprc() to ensure the new fwknoprc filehandle is closed.
client/config_init.c | 24 ++--
client/fwknop.c | 26 ++--
client/getpasswd.c | 4 +-
client/spa_comm.c | 26 +++--
client/spa_comm.h | 2 +-
client/utils.c | 2 +-
client/utils.h | 2 +-
lib/base64.c | 2 +-
lib/base64.h | 2 +-
lib/cipher_funcs.c | 22 ++--
lib/cipher_funcs.h | 4 +-
lib/digest.c | 4 +-
lib/fko.h | 28 +++---
lib/fko_client_timeout.c | 6 +-
lib/fko_decode.c | 34 +++---
lib/fko_digest.c | 24 ++--
lib/fko_encode.c | 16 ++--
lib/fko_encryption.c | 58 +++++-----
lib/fko_error.c | 2 +-
lib/fko_funcs.c | 18 ++--
lib/fko_message.c | 10 +-
lib/fko_nat_access.c | 2 +-
lib/fko_rand_value.c | 4 +-
lib/fko_server_auth.c | 2 +-
lib/fko_timestamp.c | 6 +-
lib/gpgme_funcs.c | 2 +-
lib/gpgme_funcs.h | 2 +-
lib/rijndael.c | 268 ++++++++++++++++++++++----------------------
server/access.c | 32 +++---
server/access.h | 4 +-
server/config_init.c | 21 ++--
server/config_init.h | 2 +-
server/extcmd.c | 8 +-
server/extcmd.h | 4 +-
server/fw_util.h | 8 +-
server/fw_util_ipf.c | 8 +-
server/fw_util_ipfw.c | 14 +-
server/fw_util_ipfw.h | 2 +-
server/fw_util_iptables.c | 16 ++--
server/fw_util_pf.c | 10 +-
server/fwknopd.c | 8 +-
server/fwknopd_errors.c | 29 +++---
server/fwknopd_errors.h | 4 +-
server/incoming_spa.c | 6 +-
server/process_packet.c | 12 +-
server/tcp_server.c | 4 +-
server/utils.c | 2 +-
server/utils.h | 2 +-
48 files changed, 402 insertions(+), 396 deletions(-)
commit 85377267e299118d5302afde3dfeed426b353879
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Oct 24 21:52:13 2011 -0400
compiler warning fix for sscanf() on freebsd
This commit fixes the following gcc warning on freebsd systems:
replay_cache.c: In function 'replay_file_cache_init':
replay_cache.c:312: warning: format '%ld' expects type 'long int *', but argument 9 has type 'time_t *'
server/replay_cache.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
commit 1c6fc0f3f80e086b43471e756f8249015fe2e4b2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Oct 24 20:48:56 2011 -0400
update to detect loopback interface
test/test-fwknop.pl | 70 +++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 62 insertions(+), 8 deletions(-)
commit 3299fb25815bcec09b5410d3393ab806f8b78a68
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Oct 24 20:48:20 2011 -0400
minor whitespace removal
server/fw_util_ipfw.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit c9860811f5de4b28f674d53d16b1bca10f12bed8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 22 22:29:27 2011 -0400
added LD_LIBRARY_PATH to all fwknop/fwknopd commands to make manual command execution easier
test/test-fwknop.pl | 71 +++++++++++++++++++++++++++-----------------------
1 files changed, 38 insertions(+), 33 deletions(-)
commit 50bcc537eea23e9cd269a51e63d9da525c0a91ac
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 22 22:06:00 2011 -0400
added digest cache validation after GPG tests
test/test-fwknop.pl | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
commit 1b8606461cc21108b190f871bf2d8b0929589fce
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 22 21:54:22 2011 -0400
minor update to match include/exclude criteria on the whole test message
test/test-fwknop.pl | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
commit 9e3a4b4c920444df10b6a74eb574a542091adbfc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 22 21:29:44 2011 -0400
extended packet validity tests in GPG mode
test/test-fwknop.pl | 112 +++++++++++++++++++++++++++++++--------------------
1 files changed, 68 insertions(+), 44 deletions(-)
commit 09e6ed1405436b975cb41c89dc2517f0e73c54bb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 22 16:48:30 2011 -0400
added first GPG complete cycle SPA test
test/conf/client-gpg/pubring.gpg | Bin 0 -> 2480 bytes
test/conf/client-gpg/secring.gpg | Bin 0 -> 1350 bytes
test/conf/client-gpg/trustdb.gpg | Bin 0 -> 1360 bytes
test/conf/gpg_access.conf | 7 ++++
test/conf/server-gpg/pubring.gpg | Bin 0 -> 2480 bytes
test/conf/server-gpg/secring.gpg | Bin 0 -> 1352 bytes
test/conf/server-gpg/trustdb.gpg | Bin 0 -> 1360 bytes
test/test-fwknop.pl | 65 ++++++++++++++++++++++++++++++++++++++
8 files changed, 72 insertions(+), 0 deletions(-)
commit 2d9dbe1fca011cd6bf726b86fb21af97da11ce49
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 22 15:19:54 2011 -0400
minor whitespace removal
server/fwknopd.conf | 11 +++++------
1 files changed, 5 insertions(+), 6 deletions(-)
commit e4f4ee78253f1f44c8809173ad2209ba8364e2c5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 22 14:25:56 2011 -0400
added test to validate digest.cache structure
test/test-fwknop.pl | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 53 insertions(+), 1 deletions(-)
commit 266150218a021894e6dab0a8b4d7525183fe004a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 22 10:57:25 2011 -0400
added -P bpf test for complete SPA cycle over non standard SPA port
test/test-fwknop.pl | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 48 insertions(+), 0 deletions(-)
commit 0ab39a64a5b86babdd0c5f7412fe160bca13cb69
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Oct 22 10:48:37 2011 -0400
added -P bpf filter test
test/test-fwknop.pl | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 68 insertions(+), 0 deletions(-)
commit 6848983b474d4571b1434a349d10ac21b278ebda
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Oct 21 23:43:08 2011 -0400
added Rijndael SPA validity tests
test/test-fwknop.pl | 310 +++++++++++++++++++++++++++++++++++++++++++++++----
1 files changed, 290 insertions(+), 20 deletions(-)
commit 081b58d9510e4bbafb6dd57b4e55a02d7105e43a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Oct 21 23:13:24 2011 -0400
added rule timeout detection
test/conf/default_access.conf | 1 +
test/test-fwknop.pl | 18 ++++++++++++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
commit 9b816ed29af1be3a259d9c154418cbe624c2a93f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Oct 21 22:55:45 2011 -0400
added replay attack detection test
test/test-fwknop.pl | 201 +++++++++++++++++++++++++++++++++++++--------------
1 files changed, 148 insertions(+), 53 deletions(-)
commit 0bda4ee1e5f671c2e64a2b961de2f2ed0f9170a5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Oct 21 22:54:49 2011 -0400
minor removal of whitespace
server/fw_util_iptables.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
commit caf458ad3fb2ce9408035630869e877f0c97768d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 20 23:33:41 2011 -0400
added first complete SPA cycle test
test/test-fwknop.pl | 243 ++++++++++++++++++++++++++++++++++++++++++---------
1 files changed, 201 insertions(+), 42 deletions(-)
commit 44598fd7dd6be8207bae512b8b6e13f08e265d2a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 20 23:31:59 2011 -0400
Added --digest-file and --pid-file args
Added --digest-file and --pid-file args so that the user can easily alter
these paths from the command line.
doc/fwknopd.man.asciidoc | 12 +++++++++++-
server/cmd_opts.h | 6 ++++--
server/config_init.c | 20 ++++++++++++++++----
server/fwknopd.c | 7 +------
4 files changed, 32 insertions(+), 13 deletions(-)
commit 6f699f7e5d28ac1d8e66d66b9cedb3094a35439e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 20 00:06:58 2011 -0400
added client/server interaction test capability
test/test-fwknop.pl | 351 +++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 283 insertions(+), 68 deletions(-)
commit b8571bcc05cc81448b8d52ef8eef71f2eaefa987
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Oct 18 21:28:38 2011 -0400
Minor PID string length fix
Changed PID string length to 7 to accomodate an ending newline and NULL
char when writing to the fwknopd .pid file. Without this fix, with a
5 digit PID the trailing newline would be truncated (no room for the
ending NULL char).
server/fwknopd.c | 13 ++++++++-----
server/fwknopd.h | 2 ++
2 files changed, 10 insertions(+), 5 deletions(-)
commit 0e7a0e9a378c5b9605228075718f53012e87cadd
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Oct 17 23:03:28 2011 -0400
Added --fw-list-all and --fw-flush
Added new command line options --fw-list-all and --fw-flush to allow all
firewall rules to be displayed including those not created by fwknopd, and
allow all firewall rules created by fwknopd to be deleted.
Also switched -D config dump output to stdout.
doc/fwknopd.man.asciidoc | 11 +++++-
server/access.c | 8 ++--
server/cmd_opts.h | 4 ++
server/config_init.c | 13 +++++-
server/fw_util_ipf.c | 3 +
server/fw_util_ipfw.c | 90 +++++++++++++++++++++++++++++---------------
server/fw_util_ipfw.h | 1 +
server/fw_util_iptables.c | 74 +++++++++++++++++++++++++++---------
server/fw_util_iptables.h | 25 ++++++------
server/fw_util_pf.c | 5 ++-
server/fwknopd.c | 9 ++++-
server/fwknopd_common.h | 2 +
12 files changed, 173 insertions(+), 72 deletions(-)
commit e479e776dbd848ba82e65e22b35e7e479a788161
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Oct 17 22:55:01 2011 -0400
Added usage of sudo for recompilation test
The test suite now recompiles fwknop only if the --enable-recompile-check
option is used, and if so, uses sudo (if installed) to have the resulting
binaries own by the original user (instead of by root). Also made a couple
of API changes to create test output files automatically if they don't
exist.
test/test-fwknop.pl | 187 ++++++++++++++++++++++++++++++++++-----------------
1 files changed, 125 insertions(+), 62 deletions(-)
commit 11c240c41b74c110068b8748b28a074ac121608c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 13 22:44:35 2011 -0400
minor update to allow fw rules to be dumped before parsing the access.conf file
server/fwknopd.c | 28 ++++++++++++++--------------
1 files changed, 14 insertions(+), 14 deletions(-)
commit e36c833f554f59312c02e5efec0bbc77ab0ee301
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 13 22:02:21 2011 -0400
minor whitespace fixes
server/fwknopd.c | 55 +++++++++++++++++++++++++++--------------------------
1 files changed, 28 insertions(+), 27 deletions(-)
commit 9962dc08088b31d116b7b5d41bf8e3ced8cfa814
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 13 20:59:30 2011 -0400
minor wording update netfilter -> iptables
doc/fwknopd.man.asciidoc | 9 +++++----
server/fwknopd.8.in | 5 +++--
2 files changed, 8 insertions(+), 6 deletions(-)
commit 45ecc6f39932271f7a70b1fe8dec99dc9d2438c0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 13 20:41:12 2011 -0400
minor bugfix to ensure that the proper firewall is used to collect system specs
test/test-fwknop.pl | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
commit 103cd2a8fb0ebe7919a5647ae90a9425242ca0ae
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 13 20:30:05 2011 -0400
added the test/conf/ directory for config files use by the test suite
test/conf/default_access.conf | 2 ++
test/conf/default_fwknopd.conf | 4 ++++
test/conf/override_fwknopd.conf | 1 +
3 files changed, 7 insertions(+), 0 deletions(-)
commit 6f0d2c509121de45f470dae4c17b6a7e46ea19d0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 13 20:29:37 2011 -0400
minor typo fix
doc/libfko.texi | 8 ++++----
lib/fko_error.c | 8 ++++----
lib/fko_message.c | 2 +-
3 files changed, 9 insertions(+), 9 deletions(-)
commit 64160a0c57aee0c406be5158836fe10b3f38e3f9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 13 20:29:19 2011 -0400
started on basic SPA generation, updated to use LD_LIBRARY_PATH for local libfko instance
test/test-fwknop.pl | 182 +++++++++++++++++++++++++++++++++++++++++++-------
1 files changed, 156 insertions(+), 26 deletions(-)
commit a1f4a65f27b73ebe5744c7ae4bf64a0876032e13
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Oct 12 23:37:28 2011 -0400
interim commit to add major functionality to the fwknop test suite
test/test-fwknop.pl | 437 ++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 342 insertions(+), 95 deletions(-)
commit 4a41ecc9556fedd4bb04206081b4096a2fddaeee
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Oct 12 23:36:51 2011 -0400
removed
server/fwknopd.c.orig | 664 --------------------------------------------
server/fwknopd.c.rej | 39 ---
server/incoming_spa.c.orig | 541 ------------------------------------
server/replay_cache.c.orig | 326 ----------------------
4 files changed, 0 insertions(+), 1570 deletions(-)
commit 88d8eb03b30a03ebb43a7da33c5f65d2de2c3289
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Oct 12 23:36:04 2011 -0400
minor update to switch to stdout when exiting with success
server/fwknopd.c | 10 +-
server/fwknopd.c.orig | 664 ++++++++++++++++++++++++++++++++++++++++++++
server/fwknopd.c.rej | 39 +++
server/incoming_spa.c.orig | 541 ++++++++++++++++++++++++++++++++++++
server/replay_cache.c.orig | 326 ++++++++++++++++++++++
5 files changed, 1575 insertions(+), 5 deletions(-)
commit 41c0be29b7a3ea6a0c859b43e43ccdc3aa5e30ba
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 6 23:02:29 2011 -0400
switched --help output to stdout from stderr
client/config_init.c | 6 +++---
server/config_init.c | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
commit 26f58a705dbdf9a07e430fc2558871d491c27d63
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Oct 6 22:53:27 2011 -0400
minor update to account for hardening-check return values
test/test-fwknop.pl | 24 ++++++++++--------------
1 files changed, 10 insertions(+), 14 deletions(-)
commit 1a3e1caffe707e71fd3cf99ffaa4547f7fda017a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Oct 4 23:15:04 2011 -0400
Initial start on a test suite
This commit begins development on a comprehensive test suite for fwknop.
The initial tests are focused on compilation correctness and security options
as determined by the "hardening-check" script from Kees Cook of the Debian
security team.
test/hardening-check | 269 ++++++++++++++++++++++++++++
test/test-fwknop.pl | 481 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 750 insertions(+), 0 deletions(-)
commit 05f3cec96a03251d1a308d90200c9dc479ae4558
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Sep 25 21:12:30 2011 -0400
Added --help usage information
With the --help command line argument, the following information is printed:
$ ./fwknop-launcher-lsof.pl --help
Usage: fwknop-launcher-lsof.pl [options]
Options:
-c, --config <file> - Path to fwknop-launcher.conf config file.
-l, --lsof-cmd <path> - Path to lsof command.
-f, --fwknop-cmd <path> - Path to fwknop client command.
-s, --sleep <seconds> - Specify sleep interval (default:
1 seconds)
-n --no-daemon - Run in foreground mode.
-u, --user <username> - Specify username (usually this is not
needed).
--home-dir <dir> - Path to user's home directory (usually
this is not needed).
-v --verbose - Print verbose information to the terminal
(requires --no-daemon).
--help - Print usage info and exit.
extras/fwknop-launcher/fwknop-launcher-lsof.pl | 23 ++++++++++++++++++++++-
1 files changed, 22 insertions(+), 1 deletions(-)
commit 71ea0c6bfd3be6ff8d95e6f1d1029394e51c07f4
Merge: 7748423 35ee5a2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Sep 25 21:02:54 2011 -0400
Merge branch 'master' into fwknop-launcher
commit 7748423b15958fedfcaeb942f3f26cdc5b40dcde
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Sep 24 22:24:30 2011 -0400
Added the fwknop lsof launcher under the extras/ directory
The fwknop lsof launcher (extras/fwknop-launcher/fwknop-launcher-lsof.pl) is a
lightweight daemon that allows the user to not have to manually run the fwknop
client when attempting to gain access to a service that is protected by Single
Packet Authorization via fwknopd. This is accomplished by checking the output
of lsof to look for pending connections in the SYN_SENT state, which (usually)
indicate that a remote firewall is blocking the attempted connection. At this
point, the launcher executes the fwknop client with the --get-key arg (so the
user must place the key in the local filesystem) to generate an SPA packet for
the attempted connection. The remote fwknopd daemon will reconfigure the
firewall to allow temporary access, and this usually happens fast enough that
the original connection attempt will then succeed.
The idea for this was originally for a pcap-based connection watcher by
Sebastien Jeanquier.
extras/fwknop-launcher/fwknop-launcher-lsof.pl | 329 ++++++++++++++++++++++++
extras/fwknop-launcher/fwknop-launcher.conf | 30 +++
2 files changed, 359 insertions(+), 0 deletions(-)
commit 35ee5a202debe2e7c15227f7704753c977281de2
Merge: 35abc34 668ed90
Author: Michael Rash <michael.rash@gmail.com>
Date: Wed Sep 21 18:10:16 2011 -0700
Merge pull request #5 from maxkas/master
Fwknop client for iPhone devices - contributed by Max Kastanas
commit 668ed9033f601f052fe58ebf87a8eff144b50fcf
Author: Max Kastanas <max2idea@users.sf.net>
Date: Fri Sep 16 22:51:53 2011 -0700
Codebase of Fwknop client for iOS (iPhone) devices
iphone/COPYING | 340 +++
iphone/Classes/FwknopController.h | 30 +
iphone/Classes/FwknopController.m | 309 +++
iphone/Classes/MyAppDelegate.h | 33 +
iphone/Classes/MyAppDelegate.m | 53 +
iphone/Classes/bridge_fwknop.c | 28 +
iphone/Classes/bridge_fwknop.h | 21 +
iphone/Classes/config.h | 346 ++++
iphone/Classes/fwknop/fwknop_client.c | 162 ++
iphone/Classes/fwknop/fwknop_client.h | 60 +
iphone/Classes/fwknop/send_spa_packet.c | 94 +
iphone/Classes/libfwknop/README | 11 +
iphone/Classes/libfwknop/config.h | 14 +
iphone/Classes/libfwknop/fko_common.b | 140 ++
iphone/Classes/libfwknop/get_libfko_files.sh | 38 +
iphone/Classes/logutils.h | 33 +
iphone/Fwknop.pch | 23 +
iphone/Fwknop.xcodeproj/dev.mode1v3 | 1539 ++++++++++++++
iphone/Fwknop.xcodeproj/dev.pbxuser | 2859 ++++++++++++++++++++++++++
iphone/Fwknop.xcodeproj/project.pbxproj | 413 ++++
iphone/Info.plist | 30 +
iphone/README | 42 +
iphone/lock_57x57.png | Bin 0 -> 3466 bytes
iphone/main.m | 29 +
24 files changed, 6647 insertions(+), 0 deletions(-)
commit 35abc349ab91ff40f0706a66e9ba50188cb94cb2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Sep 12 23:04:41 2011 -0400
minor typo fix: fwkop -> fwknop
doc/fwknop.man.asciidoc | 4 ++--
doc/fwknopd.man.asciidoc | 4 ++--
doc/libfko.texi | 4 ++--
fwknop.spec | 2 +-
4 files changed, 7 insertions(+), 7 deletions(-)
commit f693a2721cf499815853639c8dfb924ab4c427cd
Merge: e07ccdd 87416c0
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sat Sep 10 11:30:09 2011 -0400
Merge branch 'master' of https://github.com/mrash/fwknop
commit e07ccdd5508c488a818790c16728ebdc13be284c
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sat Sep 10 11:25:08 2011 -0400
Added the cmd_opts.h file to server and client's Makefile.am so they are included with make dist.
client/Makefile.am | 2 +-
fwknop.spec | 4 +++-
server/Makefile.am | 2 +-
3 files changed, 5 insertions(+), 3 deletions(-)
commit 87416c0cdf544ff636ea963bd90f1f22dd7ca49a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Sep 9 22:09:37 2011 -0400
Replaced all strcpy() calls with strlcpy()
OpenBSD especially gives compiler warnings whenever strcpy() is used. All such
calls have been replaced with strlcpy().
client/config_init.c | 2 +-
client/fwknop.c | 2 +-
client/http_resolve_host.c | 2 +-
lib/fko_encode.c | 2 +-
server/fwknopd.c | 4 ++--
server/log_msg.c | 8 +++++++-
server/replay_cache.c | 6 ++++--
7 files changed, 17 insertions(+), 9 deletions(-)
commit 0b8c4890758bfd6612780c28041d7b1e3e9f1a15
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Sep 8 23:44:50 2011 -0400
Added read-only relocations and immediate bindings
Commit 4248b2687054b38e79e2ab9eecf71e5b299172f4 removed read-only relocations
and immediate bindings for FreeBSD systems (and the same was done for OpenBSD
systems too). This commit adds these security features back in as linker
options by only changing LDFLAGS as opposed to also adding the corresponding
flags to CFLAGS. The end result is that the following errors are fixed:
gcc: -z: linker input file unused because linking not done
gcc: relro: linker input file unused because linking not done
configure.ac | 28 ----------------------------
1 files changed, 0 insertions(+), 28 deletions(-)
commit c65e25c6568c53d44d0163ebd4889260466bcdfa
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Sep 8 21:33:52 2011 -0400
Check for active_rules > 0 before decrementing
In the fw_config struct the active_rules member is unsigned, so this change
ensures that we don't try to decrement it below zero whenever a firewall rule
is deleted or an error condition occurs.
server/fw_util_ipfw.c | 25 ++++++++++++++++++-------
server/fw_util_iptables.c | 23 ++++++++++++-----------
2 files changed, 30 insertions(+), 18 deletions(-)
commit 88b6d44f1f70daf951cf7e1d237114f96ad30a9a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Sep 8 00:20:20 2011 -0400
Update to make _exp_ string a #define
Replaced all instances of "_exp_" with the #define EXPIRE_COMMENT_PREFIX so
that the prefix can easily be changed. so
that the prefix can easily be changed. so
that the prefix can easily be changed. so
that the prefix can easily be changed.
server/fw_util.h | 2 ++
server/fw_util_ipfw.c | 6 +++---
server/fw_util_ipfw.h | 2 +-
server/fw_util_iptables.c | 6 +++---
server/fw_util_iptables.h | 10 +++++-----
server/fw_util_pf.c | 6 +++---
server/fw_util_pf.h | 2 +-
7 files changed, 18 insertions(+), 16 deletions(-)
commit 2531896ebf98d80380f462b4fae9e16940206a40
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Sep 7 23:24:18 2011 -0400
Added the ability to delete PF rules
This commit adds the ability to fwknopd to delete PF rules after the SPA timer
expires. The strategy implemented is similar to iptables and ipfw, except
that all PF rules are added to an 'anchor', and deleting a specific expired
rule is done by listing all rules in the anchor and reinstantiating it via
'pfctl -a <anchor> -f -' with the expired rule deleted. fwknopd uses the
"_exp_<expire time>" convention in a PF rule label similarly to how fwknopd
interfaces with iptables (via the 'comment' match), and ipfw (via the
"//<comment>" feature).
server/fw_util_pf.c | 216 +++++++++++++++++++++++++++++++++++++++++++++--
server/fw_util_pf.h | 2 -
server/fwknopd_common.h | 3 +
3 files changed, 210 insertions(+), 11 deletions(-)
commit f9810904c36c270a5d19111ae7566c6d410bed4a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Sep 3 21:00:12 2011 -0400
minor comment typo fixes
server/fw_util_pf.c | 2 +-
server/fwknopd.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
commit d60dde17b71b898a821a60d9a1166c32436c17c2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Sep 3 14:50:28 2011 -0400
PF rules are now added to the fwknop anchor
This commit implements the ability to add PF firewall rules to the fwknop
anchor after a valid SPA packet is sniffed off the wire. A subsequent commit
will add the ability to delete these rules.
server/fw_util_ipfw.c | 2 +-
server/fw_util_pf.c | 114 +++++++++++++++++++++++++++++++++++++++++++++----
server/fw_util_pf.h | 10 +++-
server/incoming_spa.c | 4 +-
4 files changed, 115 insertions(+), 15 deletions(-)
commit 6938f7a6aecb1395f750c56a4e10489d6d060fc9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 28 13:37:23 2011 -0400
Minor copyright holder update
Minor copyright holder update
server/fw_util_pf.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
commit 10ff421e1ef86c1b437645764abe11819a88c292
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 28 13:27:15 2011 -0400
For PF firewalls implemented a check for an active fwknop anchor
This commit ensures that for PF firewalls that the fwknop anchor is active and
linked into the running PF policy. This is accomplished by looking for the
string 'anchor "fwknop"' in the output of "pfctl -s rules". If the anchor
exists, then fwknopd will be able to influence traffic via rules added and
removed from the fwknop anchor.
server/fw_util_pf.c | 86 +++++++++++++++++++++++++++++++++++++++++++---
server/fw_util_pf.h | 8 +++-
server/fwknopd_common.h | 2 -
3 files changed, 86 insertions(+), 10 deletions(-)
commit 5bc5ef4305cafd26ee3faaf5eefb3f6b9f05441e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 27 11:07:19 2011 -0400
Added --fw-list info to --help
Added --fw-list output to usage info when --help is specified from the command
line.
server/config_init.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
commit 0649ef924a8c979fd815c2d2e8416a16aeabeb62
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 27 10:57:17 2011 -0400
PF support on OpenBSD in progress, fwknop --fw-list now works
This is the first commit that has fwknopd interact with the PF firewall on
OpenBSD (via fwknopd --fw-list to show any active fwknopd rules).
common/netinet_common.h | 11 +++-
configure.ac | 5 +-
server/Makefile.am | 7 +-
server/access.c | 14 ++--
server/cmd_opts.h | 7 +-
server/config_init.c | 16 +++-
server/fw_util.h | 2 +
server/fw_util_ipfw.c | 6 +-
server/fw_util_iptables.c | 2 +-
server/fw_util_pf.c | 187 +++++++++++++++++++++++++++++++++++++++++++++
server/fw_util_pf.h | 42 ++++++++++
server/fwknopd.conf | 16 ++++
server/fwknopd_common.h | 28 +++++--
13 files changed, 311 insertions(+), 32 deletions(-)
commit dcf2d94bf675a906c570814d9cd65e2a1bfd2e77
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Aug 24 23:55:36 2011 -0400
Added autoconf check for pf firewalls
On OpenBSD systems fwknop now checks for pf firewalls via autoconf. The next
step will be to fill in support for pf via the C code.
configure.ac | 44 +++++++++++++++++++++++++++++++++++---------
1 files changed, 35 insertions(+), 9 deletions(-)
commit 649b7a88c1d6caa0e3760c7694b9d5b5b855dd4c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Aug 24 23:17:45 2011 -0400
Disabled read-only relocations and immediate binding compiler protections
Similarly to FreeBSD systems, gcc throws the following warnings with read-only
relcations and immediate binding protections - disbabled for now:
gcc: -z: linker input file unused because linking not done
gcc: relro: linker input file unused because linking not done
gcc: -z: linker input file unused because linking not done
gcc: now: linker input file unused because linking not done
configure.ac | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
commit 47da588003b9bf1645a97823cfa940b8c5a93071
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Aug 22 21:39:28 2011 -0400
removed 2.0.0 branch specific ChangeLog, ShortLog and diffstat files
ChangeLog-v2.0.0 | 3020 ------------------------------------------------------
ShortLog-v2.0.0 | 654 ------------
diffstat-v2.0.0 | 1310 -----------------------
3 files changed, 0 insertions(+), 4984 deletions(-)
commit 17beb2d348a076aa86a5732b9b572b21c1fcb594
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 21 14:06:41 2011 -0400
bumped version to 2.0.0rc4
VERSION | 2 +-
android/project/jni/config.h | 6 +++---
configure.ac | 2 +-
extras/openwrt/package/fwknop/Makefile | 2 +-
fwknop.spec | 2 +-
win32/config.h | 2 +-
6 files changed, 8 insertions(+), 8 deletions(-)
commit b937ae234730241a25144b63ed1eadf3291da642
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 21 14:02:25 2011 -0400
Added version specific ChangeLog, ShortLog, and diffstat files.
Added version specific ChangeLog, ShortLog, and diffstat files (these go all
the way back to the beginning of the svn import since 2.0.0 will be the
first official non-"rc" release of the new C code).
ChangeLog-v2.0.0 | 3020 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
ShortLog-v2.0.0 | 654 ++++++++++++
diffstat-v2.0.0 | 1310 +++++++++++++++++++++++
3 files changed, 4984 insertions(+), 0 deletions(-)
commit 4ed4558192616adb737344710f9349ab4bc1db9c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 21 14:00:16 2011 -0400
Updated ChangeLog with all changes from 2.0.0-rc3
Updated ChangeLog with all changes from 2.0.0-rc3
ChangeLog | 143 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 143 insertions(+), 0 deletions(-)
commit 35456877fa257889c7d894cc24c98fba06106ca6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 21 13:50:16 2011 -0400
Bug fix for ipfw firewalls to not always require seeing 'Dynamic' rules
This commit fixes an issue on ipfw firewalls where fwknopd would always require
seeing ipfw 'Dynamic' rules associated with newly added connections. But, such
connections may never be established for various reasons. Previous to this
commit the following warning was frequently generated by fwknopd:
Unexpected error: did not find 'Dynamic rules' string in list output.
server/fw_util_ipfw.c | 97 ++++++++++++++++++++++++++-----------------------
1 files changed, 51 insertions(+), 46 deletions(-)
commit 4b2a96578bcc8ba07371989dcc124ef42813acea
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 21 13:28:16 2011 -0400
Bug fix for missing set existence check on ipfw firewalls
This commit fixes an issues on systems running the ipfw firewall where the
'set' where fwknopd puts new access rules was attempted to be deleted without
first checking to see whether it exists. The following errors would be
generated (now fixed):
ipfw: rule 16777217: setsockopt(IP_FW_DEL): Invalid argument
Error 17664 from cmd:'/sbin/ipfw delete set 1':
Fatal: Errors detected during ipfw rules initialization.
server/fw_util_ipfw.c | 28 ++++++++++++++++++++++++++--
1 files changed, 26 insertions(+), 2 deletions(-)
commit 03859387b6667839d8eb6eaf1601e2c14c24d355
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 20 22:34:24 2011 -0400
Bug fix to create the digest.cache file at init
Bug fix to ensure that the digest.cache file gets created at fwknopd init time
so fwknopd does not throw the following error:
Error opening digest cache file. Incoming digests will not be remembered.
server/replay_cache.c | 15 ++++++++++++---
1 files changed, 12 insertions(+), 3 deletions(-)
commit 04afd2846dd563296c40667557ef4ac0d47aeb0c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 20 22:02:21 2011 -0400
On FreeBSD, made gpgme header path inclusion optional
If gpgme is installed on FreeBSD systems it appears that
-I/usr/local/include/gpgme must be added to the include path, but this change
only adds the path if gpgme is installed and going to be used.
configure.ac | 21 +++++++++++++++------
1 files changed, 15 insertions(+), 6 deletions(-)
commit 6eeb41309401a0c8a47613bcc9f3ce58aa1f6436
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 20 13:33:00 2011 -0400
Fixed a few minor compiler warnings on FreeBSD
This commit fixes a few warnings about possible uninitialized and unused
variables.
configure.ac | 2 +-
server/fw_util_ipfw.c | 10 +++-------
server/fwknopd.c | 4 ++--
3 files changed, 6 insertions(+), 10 deletions(-)
commit 4248b2687054b38e79e2ab9eecf71e5b299172f4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 20 13:19:33 2011 -0400
On FreeBSD disable read-only relocations and immediate binding protections
gcc on FreeBSD generates the following errors when the -Wl,-z,relro -Wl,-z,now
flags are used:
gcc: -z: linker input file unused because linking not done
gcc: relro: linker input file unused because linking not done
gcc: -z: linker input file unused because linking not done
gcc: now: linker input file unused because linking not done
configure.ac | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
commit ff7c4219e8a946fa28aeec941a17d3998ab87ae7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 20 12:56:30 2011 -0400
Update to suppress additional compiler warning
This change fixes the following compiler warning that was seen with many of
the source files in server/
fwknopd_common.h:223: warning: ‘config_map’ defined but not used
client/cmd_opts.h | 31 +++++++++++++++++++-
server/cmd_opts.h | 71 +++++++++++++++++++++++++++++++++++++++++++++
server/fwknopd_common.h | 73 ++---------------------------------------------
3 files changed, 104 insertions(+), 71 deletions(-)
commit ab7226092dcf687a46916e1841cc05107a5fce8f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 20 12:34:57 2011 -0400
Minor restructuring to suppress compiler "defined but not used warnings"
This commit fixes several compiler warnings like the following (now that -Wall
is the default):
config_init.h:68: warning: ‘cmd_opts’ defined but not used
client/cmd_opts.h | 79 +++++++++++++++++++++++++++++++++++++++++++++
client/config_init.c | 2 +-
client/config_init.h | 71 ----------------------------------------
server/access.c | 1 -
server/cmd_opts.h | 74 ++++++++++++++++++++++++++++++++++++++++++
server/config_init.c | 2 +-
server/config_init.h | 59 ---------------------------------
server/fw_util.c | 1 -
server/fw_util_ipf.c | 1 -
server/fw_util_ipfw.c | 1 -
server/fw_util_iptables.c | 1 -
server/fwknopd.c | 2 +-
server/pcap_capture.c | 1 -
server/utils.h | 21 ++++++++++++
14 files changed, 177 insertions(+), 139 deletions(-)
commit db681fb7916470ec981f0d4e4514402cb49eca3f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Aug 19 22:00:16 2011 -0400
minor commit to fix minor compilations warnings
client/spa_comm.c | 1 +
lib/fko_encryption.c | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
commit 637f7a4c936d91a18ef71f364c5fe1c7c5256f5e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Aug 19 21:14:24 2011 -0400
Added -Wall for all gcc warnings during compile
Enable gcc compilation to include -Wall for all warnings (can be disabled
with --disable-wall to ./configure).
configure.ac | 49 ++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 48 insertions(+), 1 deletions(-)
commit bf59c2688f3dc11913c347c4d1e92c95dfcaa671
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Aug 19 20:51:50 2011 -0400
Bug fix for ./configure args to disable compile time security options
The ./configure script would generate the following error for the attempted
use of the --without-stackprotector (and other related options like
--without-pie):
configure: WARNING: unrecognized options: --without-stackprotect
configure.ac | 62 +++++++++++++++++++++++++++++++++------------------------
1 files changed, 36 insertions(+), 26 deletions(-)
commit 41fc93407e303a47a412ee91a54f136f80a903f1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Aug 18 22:26:52 2011 -0400
added the VERSION file
VERSION | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
commit 8b0787c270dc12552275d610bf38115f95cd5972
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Aug 18 22:25:12 2011 -0400
Bumped version to fwknop-2.0.0-rc3
Bumped version to fwknop-2.0.0-rc3
android/project/jni/config.h | 6 +++---
extras/openwrt/package/fwknop/Makefile | 2 +-
win32/config.h | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
commit 1e494aba2ec806bec8f670c5378cf6dd5624c012
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Aug 18 21:13:58 2011 -0400
Added ChangeLog derived from git commit messages.
There will be branch and release specific ChangeLog files as well.
ChangeLog | 2877 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 2877 insertions(+), 0 deletions(-)
commit 409c08ac5c3f6310306ddba9b34c985db491722c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Aug 18 21:10:09 2011 -0400
Renamed ChangeLog -> ChangeLog.old for new ChangeLog handling
The ChangeLog will be derived from commit messages.
ChangeLog | 227 ---------------------------------------------------------
ChangeLog.old | 227 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 227 insertions(+), 227 deletions(-)
commit b9122f648e57a9f3cfa84c3462ab2463fe04e275
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Aug 18 20:37:31 2011 -0400
Update to add any missing iptables jump rules
Upon the receipt of a valid SPA packet, a check is done to make sure that
a jump rule from the appropriate built-in iptables chains exists to the
fwknop chains. Such rules could have been deleted by other manipulations
of the iptables policy, so it is important to ensure they exist. Running
in foreground (-f) mode, here is an illustration of the jump rule being
added after it got deleted:
SPA Packet from IP: 127.0.0.1 received.
Added jump rule from chain: INPUT to chain: FWKNOP_INPUT
Added Rule to FWKNOP_INPUT for 127.0.0.1, tcp/22 expires at 1313680648
server/fw_util_iptables.c | 71 ++++++++++++++++++++++++++++++++++-----------
1 files changed, 54 insertions(+), 17 deletions(-)
commit acdf15f158c32bb12b141ecb8bd37fae5f7bfcb1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Aug 17 21:24:03 2011 -0400
Update to force base64 check for all SPA data
Previous to this change a check was done for base64 characters in incoming
SPA data only up to MIN_SPA_DATA_SIZE. This check may be reinstantiated for
SPA packets that are delivered over HTTP (and the packet data is embedded
within a URL that may also contain non-base64 chars), but in the meantime the
fwknopd daemon should not accept SPA packets over arbitrary ports with any
non-base64 chars.
server/incoming_spa.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
commit 92b7e2588ee64f253720cf8d819ee64f42333aee
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Aug 17 21:07:35 2011 -0400
Updated replay warnings to include proto/port info
Replay warnings now include port and protocol information. Here is an example:
SPA Packet from IP: 127.0.0.1 received.
Replay detected from source IP: 127.0.0.1
Destination proto/port: 17/62201
Original source IP: 127.0.0.1
Original dst proto/port: 17/62201
Entry created: 08/17/11 21:06:07
First replay: 08/17/11 21:06:32
Last replay: 08/17/11 21:06:45
Replay count: 7
server/replay_cache.c | 17 ++++++++++++++---
server/replay_cache.h | 4 ++--
2 files changed, 16 insertions(+), 5 deletions(-)
commit df96e42c51b6847d91575dfd68f8cb23ba3aa318
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Aug 17 20:36:28 2011 -0400
Added stack protection, PIE, fortify source, etc.
Added various security options that can be enabled at compile time. These
options include everything that the "hardening-check" script written by Kees
Cook checks for. After this change, the hardening-check script produces the
following output against the fwknopd binary:
$ hardening-check server/.libs/fwknopd
server/.libs/fwknopd:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
One of the compile outputs (for example) that shows the new options is:
/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -fstack-protector-all -fPIE -pie -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now -MT fko_decode.lo -MD -MP -MF .deps/fko_decode.Tpo -c -o fko_decode.lo fko_decode.c
From the hardening-check man page, here is a description of each of these
options:
NAME
hardening-check - check binaries for security hardening features
SYNOPSIS
Examine a given set of ELF binaries and check for several security
hardening features, failing if they are not all found.
DESCRIPTION
This utility checks a given list of ELF binaries for several security
hardening features that can be compiled into an executable. These
features are:
Position Independent Executable
This indicates that the executable was built in such a way
(PIE) that the "text" section of the program can be relocated
in memory. To take full advantage of this feature, the
executing kernel must support text Address Space Layout
Randomization (ASLR).
Stack Protected
This indicates that the executable was compiled with the
gcc(1) option -fstack-protector. The program will be
resistant to have its stack overflowed.
Fortify Source functions
This indicates that the executable was compiled with
-D_FORTIFY_SOURCE=2 and -O2 or higher. This causes certain
unsafe glibc functions with their safer counterparts (e.g.
strncpy instead of strcpy).
Read-only relocations
This indicates that the executable was build with -Wl,-z,relro
to have ELF markings (RELRO) that ask the runtime linker to
mark any regions of the relocation table as "read-only" if
they were resolved before execution begins. This reduces the
possible areas of memory in a program that can be used by an
attacker that performs a successful memory corruption exploit.
Immediate binding
This indicates that the executable was built with -Wl,-z,now
to have ELF markings (BIND_NOW) that ask the runtime linker to
resolve all relocations before starting program execution.
When combined with RELRO above, this further reduces the
regions of memory available to memory corruption attacks.
configure.ac | 240 +++++++++++++++++++++++++++++++++++++++++++++++++++++++---
1 files changed, 230 insertions(+), 10 deletions(-)
commit 60b6a5a4d8a3075ef5d0bc7025859f704ef90bb0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 14 22:46:09 2011 -0400
Minor variable cleanup to fix compiler warnings
Minor cleanup to fix compiler warnings about unused variables.
server/access.c | 2 --
server/pcap_capture.c | 3 +++
2 files changed, 3 insertions(+), 2 deletions(-)
commit e7d275ee312c618c3233a504c5aa54b72312f39a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 14 21:55:29 2011 -0400
Added fwknop-2.0.0rc2 openwrt support from Jonathan Bennett
Applied a patch sent from Jonathan Bennett to add fwknop-2.0.0rc2 support to
openwrt. One thing to note about this patch is that the +libgdbm library
dependency has been removed because fwknop now implements its own digest
tracking file without needing gdbm/ndbm on the system.
extras/openwrt/package/fwknop/Makefile | 61 ++++++++++++++++++++++++++++++++
1 files changed, 61 insertions(+), 0 deletions(-)
commit 878fae8e8a22ea2c34ca544e84e163347835f361
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 14 19:42:50 2011 -0400
Implemented memory clean up for digest cache list
Upon fwknopd shutdown, a new function free_replay_list() is now called in order
to free heap allocated memory dedicated to SPA digest tracking. Without this
fix, valgrind reports the following (some output snipped):
valgrind --leak-check=full ./server/.libs/fwknopd -f -i lo -P "udp port 62201"
==30864== 431 (48 direct, 383 indirect) bytes in 1 blocks are definitely lost in loss record 17 of 17
==30864== at 0x4C27480: calloc (vg_replace_malloc.c:467)
==30864== by 0x407CB7: replay_check_file_cache (replay_cache.c:461)
==30864== by 0x407B69: replay_check (replay_cache.c:413)
==30864== by 0x405813: incoming_spa (incoming_spa.c:363)
==30864== by 0x406275: pcap_capture (pcap_capture.c:223)
==30864== by 0x40317D: main (fwknopd.c:297)
server/fwknopd.c | 5 +++++
server/replay_cache.c | 32 ++++++++++++++++++++++++++++++++
server/replay_cache.h | 1 +
3 files changed, 38 insertions(+), 0 deletions(-)
commit 5ee6715cffe9dd4bbed3c0c3eaa75b5dc618b9a6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 14 12:36:25 2011 -0400
Consolidated replay warnings in a single function
For both the simple digest file cache and the gdbm/ndbm tracking methods, all
replay warnings are generated by a single function "replay_warning()".
server/replay_cache.c | 145 +++++++++++++++++++++++++------------------------
server/replay_cache.h | 3 +-
2 files changed, 75 insertions(+), 73 deletions(-)
commit c13cca4aa18317e462c4900e3779de67fa194e21
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 13 22:35:52 2011 -0400
Added digest file import code
The digest file is now imported as a linked list of digest cache entries at
init time for SPA replay attack detection.
server/replay_cache.c | 104 +++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 93 insertions(+), 11 deletions(-)
commit 941a4aa9a39ca5a42ecec92a6fa6908ebcc2c9f2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 13 21:00:54 2011 -0400
Added source port and protocol to digest tracking
Added the source port and protocol fields to valid SPA packets in the digest
cache. This can help to discover replay trends. The format of the digest
file cache is now:
<digest> <proto> <src_ip> <src_port> <dst_ip> <dst_port> <time>
server/fwknopd_common.h | 4 +++-
server/process_packet.c | 27 ++++++++++++++++-----------
server/replay_cache.c | 38 ++++++++++++++++++++++++++++++++++----
server/replay_cache.h | 3 +++
4 files changed, 56 insertions(+), 16 deletions(-)
commit 6982a72c07e11ef632922e7bc63d65141149a091
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Aug 12 22:00:44 2011 -0400
Added dst IP to tracked SPA data
The digest cache now contains destination IP addresses of valid SPA packets.
The complete format is now:
<digest> <src_ip> <dst_ip> <creation time>
server/fwknopd_common.h | 1 +
server/process_packet.c | 7 ++++---
server/replay_cache.c | 8 ++++++--
server/replay_cache.h | 1 +
4 files changed, 12 insertions(+), 5 deletions(-)
commit 4197e51c9d9421604c3a0985f1f4820e8547c731
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Aug 12 21:43:07 2011 -0400
Started on code to parse the digest cache file
At init time fwknopd will read in the digest cache file into the in-memory
linked list of digests for SPA replay detection. This commit starts on this
code, but the file format does not yet include destination IP addresses
(to be added in an upcoming commit).
server/replay_cache.c | 36 +++++++++++++++++++++++++++++++++---
1 files changed, 33 insertions(+), 3 deletions(-)
commit 459cfb4d45c40e62c5c74ed86db638f6a5b6bbbb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Aug 12 20:16:00 2011 -0400
Implemented linked list cache of SPA digests
When not using gdbm/ndbm support (the default now), fwknopd implements a linked
list of SPA packet digests for replay attack detection along with writing
digest data in ascii text down to disk (in the CONF_DIGEST_FILE file).
server/fwknopd_common.h | 4 ++
server/replay_cache.c | 85 ++++++++++++++++++++++++++++++-----------------
server/replay_cache.h | 11 ++++++
3 files changed, 69 insertions(+), 31 deletions(-)
commit e443550e5f7745b0958525713f4ad097c2c7a398
Merge: 52c7956 d2c5085
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Aug 10 22:41:18 2011 -0400
Merge branch 'master' into optional_dbm_support
commit d2c50858435eecb7f2d73574c7d03d44f1d02307
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Aug 10 22:38:01 2011 -0400
Added --pcap-filter to the fwknopd command line
To override the value of the PCAP_FILTER variable in the fwknopd.conf
config file, a new fwknopd command line argument "--pcap-filter" was
added. This assists in various activities by making it trivial to
change how fwknopd acquires packet data without editing the fwknopd.conf
file. Here is an example:
fwknopd -i lo -f --pcap-filter "udp port 12345"
doc/fwknopd.man.asciidoc | 11 ++++++++---
server/config_init.c | 5 +++++
server/config_init.h | 3 ++-
3 files changed, 15 insertions(+), 4 deletions(-)
commit 52c795634b75156b6fe87e656eef3a8e0f986aef
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Aug 10 22:07:25 2011 -0400
Updated digest file path for gdbm/ndbm support
If fwknopd is compiled with --disable-file-cache to the ./configure script
then it will assume that the default filename is "digest_db.cache" for the
digest cache. If the file cache method is used (this is the default), then
"digest.cache" is the default filename. A new variable DIGEST_DB_FILE in
the fwknopd.conf file controls the digest filename if gdbm/ndbm support is
required.
server/config_init.c | 11 ++++++++++-
server/fwknopd.c | 8 ++++++++
server/fwknopd.conf | 3 +++
server/fwknopd_common.h | 14 +++++++++++++-
server/replay_cache.c | 30 +++++++++++++++++++++++-------
5 files changed, 57 insertions(+), 9 deletions(-)
commit 0525cd4a5caebad8c7f16d33df81e8b9cae1f4d9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Aug 10 20:56:42 2011 -0400
Added autoconf support for non-dbm file cache.
This change starts on support for a simple file-based cache mechanism
for tracking SPA digests. This removes the libgdbm/libndbm dependency
by default, but it can be re-enabled with the --disable-file-cache
argument to the ./configure script.
configure.ac | 64 +++++++++++++++++----------
server/Makefile.am | 3 +
server/fwknopd.c | 11 +++--
server/replay_cache.c | 116 +++++++++++++++++++++++++++++++++++++++++++++++--
server/replay_cache.h | 15 +++++--
5 files changed, 173 insertions(+), 36 deletions(-)
commit 2dd7c4aac7a309ef51189d58eadb900a1e94615c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Aug 8 22:49:28 2011 -0400
Minor rename in support of non-dbm file cache
Added the optional_dbm_support branch and made a minor renaming change
on this branch for the coming non-dbm file cache support.
server/Makefile.am | 2 +-
server/fwknopd.c | 4 +-
server/incoming_spa.c | 2 +-
server/replay_cache.c | 326 +++++++++++++++++++++++++++++++++++++++++++++++++
server/replay_cache.h | 50 ++++++++
server/replay_dbm.c | 324 ------------------------------------------------
server/replay_dbm.h | 50 --------
7 files changed, 380 insertions(+), 378 deletions(-)
commit 1e47243574d96ad3aa1f98f31e76b312f275a9cb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Aug 8 22:24:22 2011 -0400
Bug fix for uninitialized variable found with splint static analyzer
In the save_args() function the args_str_len variable was being used before
being initialized as reported via the splint static code analysis tool. Here
is the splint output that found this bug:
client/fwknop.c:650:13: Variable args_str_len used before definition
An rvalue is used that may not be initialized to a value on some execution
path. (Use -usedef to inhibit warning)
client/fwknop.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit 69f41eb3999eea1e907a5a71c7e83cd18600fca6
Author: Damien Stuart <dstuart@dstuart.org>
Date: Thu Jul 7 08:12:49 2011 -0400
Set FD_CLOEXEC on pid file descriptor.
Added support for setting the URL for resolving source IP via command-line or the .fwknoprc file.
client/config_init.c | 34 +++++++++++++-
client/config_init.h | 2 +
client/fwknop.8.in | 14 +++++-
client/fwknop_common.h | 15 ++++---
client/http_resolve_host.c | 108 ++++++++++++++++++++++++++++++++++++++++++-
doc/fwknop.man.asciidoc | 9 ++++
server/fwknopd.c | 2 +
7 files changed, 172 insertions(+), 12 deletions(-)
commit ca5f82c067f837637356175cfd365cc4bf66bf5e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jun 18 20:53:40 2011 -0400
Removed legacy $Id$ tags from svn
$Id$ tags don't really mean anything to git so they have been removed from all
source files.
client/config_init.c | 2 +-
client/config_init.h | 2 +-
client/fwknop.c | 2 +-
client/fwknop.h | 2 +-
client/fwknop_common.h | 2 +-
client/getpasswd.c | 2 +-
client/http_resolve_host.c | 2 +-
client/spa_comm.c | 2 +-
client/utils.c | 2 +-
client/utils.h | 2 +-
lib/base64.c | 2 +-
lib/base64.h | 2 +-
lib/cipher_funcs.c | 2 +-
lib/cipher_funcs.h | 2 +-
lib/digest.c | 2 +-
lib/digest.h | 2 +-
lib/fko.h | 2 +-
lib/fko_client_timeout.c | 2 +-
lib/fko_common.h | 2 +-
lib/fko_context.h | 2 +-
lib/fko_decode.c | 2 +-
lib/fko_digest.c | 2 +-
lib/fko_encode.c | 2 +-
lib/fko_encryption.c | 2 +-
lib/fko_error.c | 2 +-
lib/fko_funcs.c | 2 +-
lib/fko_limits.h | 2 +-
lib/fko_message.c | 2 +-
lib/fko_nat_access.c | 2 +-
lib/fko_rand_value.c | 2 +-
lib/fko_server_auth.c | 2 +-
lib/fko_state.h | 2 +-
lib/fko_timestamp.c | 2 +-
lib/fko_user.c | 2 +-
lib/fko_util.h | 2 +-
lib/gpgme_funcs.c | 2 +-
lib/gpgme_funcs.h | 2 +-
lib/md5.c | 2 +-
lib/md5.h | 2 +-
lib/rijndael.c | 2 +-
lib/rijndael.h | 2 +-
lib/sha1.c | 2 +-
lib/sha1.h | 2 +-
lib/sha2.c | 2 +-
lib/sha2.h | 2 +-
lib/strlcat.c | 2 +-
lib/strlcpy.c | 2 +-
server/config_init.c | 2 +-
server/config_init.h | 2 +-
server/extcmd.c | 2 +-
server/extcmd.h | 2 +-
server/fw_util.c | 2 +-
server/fw_util.h | 2 +-
server/fw_util_ipf.c | 2 +-
server/fw_util_ipf.h | 2 +-
server/fw_util_ipfw.c | 2 +-
server/fw_util_ipfw.h | 2 +-
server/fw_util_iptables.c | 2 +-
server/fw_util_iptables.h | 2 +-
server/fwknopd.c | 2 +-
server/fwknopd.conf | 2 +-
server/fwknopd.h | 2 +-
server/fwknopd_common.h | 2 +-
server/fwknopd_errors.c | 2 +-
server/fwknopd_errors.h | 2 +-
server/incoming_spa.c | 2 +-
server/incoming_spa.h | 2 +-
server/log_msg.c | 2 +-
server/log_msg.h | 2 +-
server/pcap_capture.c | 2 +-
server/pcap_capture.h | 2 +-
server/process_packet.c | 2 +-
server/process_packet.h | 2 +-
server/replay_dbm.c | 2 +-
server/replay_dbm.h | 2 +-
server/sig_handler.c | 2 +-
server/sig_handler.h | 2 +-
server/tcp_server.c | 2 +-
server/tcp_server.h | 2 +-
server/utils.c | 2 +-
server/utils.h | 2 +-
win32/config.h | 2 +-
win32/getlogin.h | 2 +-
83 files changed, 83 insertions(+), 83 deletions(-)
commit 39e7412bb8958ed7af693b2d6d59e32b55e67901
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Mar 27 02:38:41 2011 +0000
Added a no-digest-cache configure option and capability (though it is not recommended).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@313 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 76 +++++++++++++++++++++++++++++++++++----------------
server/replay_dbm.c | 14 +++++++++
2 files changed, 66 insertions(+), 24 deletions(-)
commit 03361fea743dec2e975f31490058a2470394aec3
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Mar 26 16:33:02 2011 +0000
Fix check and handling of ndbm as an option for the digest cache.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@312 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 9 ++++++++-
server/replay_dbm.c | 13 ++++++++++---
2 files changed, 18 insertions(+), 4 deletions(-)
commit 6c050b481ca8b8d812d74de5ee6630ab3954f7a6
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Feb 12 13:18:31 2011 +0000
Added python/fko.py to Makefile.am so it is also included in distributions. Minor tweak to address compile error on Mac os X.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@311 510a4753-2344-4c79-9c09-4d669213fbeb
Makefile.am | 1 +
server/extcmd.c | 4 +++-
2 files changed, 4 insertions(+), 1 deletions(-)
commit 4b0c280948af39872082b0ae95ebf59f5670ce9e
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jan 2 03:32:46 2011 +0000
Minor update to the android README
git-svn-id: file:///home/mbr/svn/fwknop/trunk@310 510a4753-2344-4c79-9c09-4d669213fbeb
android/project/jni/libfwknop/README | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
commit a24a2eed8f4b75bdfae65d3c9eb7797b87f863e1
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jan 2 02:58:53 2011 +0000
Adding Max Kastanas's fwknop client app code for Android
git-svn-id: file:///home/mbr/svn/fwknop/trunk@309 510a4753-2344-4c79-9c09-4d669213fbeb
Makefile.am | 33 +
android/Application.mk | 2 +
android/COPYING | 674 ++++++++++++++++++
android/README | 142 ++++
android/project/AndroidManifest.xml | 19 +
android/project/build.properties | 16 +
android/project/build.xml | 67 ++
android/project/default.properties | 11 +
android/project/jni/Android.mk | 36 +
android/project/jni/config.h | 350 +++++++++
android/project/jni/fwknop/fwknop_client.c | 186 +++++
android/project/jni/fwknop/fwknop_client.h | 56 ++
android/project/jni/fwknop/send_spa_packet.c | 94 +++
android/project/jni/libfwknop/README | 10 +
android/project/jni/libfwknop/get_libfko_files.sh | 37 +
android/project/jni/logutils.h | 38 +
android/project/nbproject/build-impl.xml | 744 ++++++++++++++++++++
android/project/nbproject/genfiles.properties | 8 +
.../project/nbproject/private/private.properties | 5 +
android/project/nbproject/private/private.xml | 4 +
android/project/nbproject/project.properties | 67 ++
android/project/nbproject/project.xml | 17 +
android/project/res/drawable-hdpi/icon.png | Bin 0 -> 4147 bytes
android/project/res/drawable-ldpi/icon.png | Bin 0 -> 1723 bytes
android/project/res/drawable-mdpi/icon.png | Bin 0 -> 2574 bytes
android/project/res/drawable/lock_128x128.png | Bin 0 -> 13472 bytes
android/project/res/drawable/lock_32x32.png | Bin 0 -> 1257 bytes
android/project/res/drawable/lock_64x64.png | Bin 0 -> 4018 bytes
android/project/res/layout/main.xml | 180 +++++
android/project/res/values/strings.xml | 5 +
.../src/com/max2idea/android/fwknop/Fwknop.java | 531 ++++++++++++++
.../project/src/com/max2idea/android/fwknop/R.java | 52 ++
32 files changed, 3384 insertions(+), 0 deletions(-)
commit d8f282143ed1c32629a7f82e828a5f33410ed2d5
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Jan 1 21:00:24 2011 +0000
Removed unnecessary include.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@308 510a4753-2344-4c79-9c09-4d669213fbeb
client/spa_comm.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
commit 225e36414d25a421b84bc831111f0319c2ab13d6
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Dec 5 15:44:01 2010 +0000
Additional docs and classes added to the fko python module. Minor tweak and bumped version in the fwknop.spec file.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@307 510a4753-2344-4c79-9c09-4d669213fbeb
fwknop.spec | 10 ++--
python/fko.py | 162 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 165 insertions(+), 7 deletions(-)
commit 9d821548e79eb719e99eb8f45248fb5f7b3449ff
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Dec 5 14:57:01 2010 +0000
Fixed bug where libfko would segfault if fko_get_spa_data() was called before fko_spa_data_final() was called (and successful). Added include of time.h in fko.h.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@306 510a4753-2344-4c79-9c09-4d669213fbeb
lib/fko.h | 2 ++
lib/fko_funcs.c | 5 +++++
2 files changed, 7 insertions(+), 0 deletions(-)
commit 966b9bdccc32a3ba910cf09c50b8648ac1b4c4a5
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Dec 4 21:57:34 2010 +0000
Do not need parens around expression in if statements in python (still learning).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@305 510a4753-2344-4c79-9c09-4d669213fbeb
python/fko.py | 45 +++++++++++++++++++++++----------------------
1 files changed, 23 insertions(+), 22 deletions(-)
commit 4e5326660cd30ec2865609c14839a6cf4bcf9542
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Dec 4 04:12:17 2010 +0000
Added pydoc text to the fko python module. Minot tweak to setup.py.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@304 510a4753-2344-4c79-9c09-4d669213fbeb
python/fko.py | 387 +++++++++++++++++++++++++++++++++++++++++++++++++++----
python/setup.py | 10 +-
2 files changed, 368 insertions(+), 29 deletions(-)
commit b6bf1d28bf1e13af872585b7f2533727f8762525
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Nov 27 03:18:58 2010 +0000
Added the Fko class code to wrap the _fko wrapper around libfko.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@303 510a4753-2344-4c79-9c09-4d669213fbeb
python/README | 44 +++++++-
python/fko.py | 345 ++++++++++++++++++++++++++++++++++++++++++++++++++++
python/fkomodule.c | 8 +-
python/setup.py | 5 +-
4 files changed, 394 insertions(+), 8 deletions(-)
commit 00bc99a966a8e80126d2ab5bccb96e1c1d44e89e
Author: Damien Stuart <dstart@dstuart.org>
Date: Fri Nov 26 15:51:00 2010 +0000
Minor comment and documentation tweaks. Add the python directory which contains my first cut at a libfko Python wrapper module.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@302 510a4753-2344-4c79-9c09-4d669213fbeb
Makefile.am | 3 +
doc/libfko.texi | 14 +-
python/README | 19 +
python/fkomodule.c | 1444 +++++++++++++++++++++++++++++++++++++++++++++++++
python/setup.py | 33 ++
server/fw_util.h | 6 +-
server/fw_util_ipfw.c | 2 +-
server/fw_util_ipfw.h | 2 +-
server/pcap_capture.c | 2 +-
9 files changed, 1514 insertions(+), 11 deletions(-)
commit 04ebf6c2ad9109ec58038dbcb5a31157f8a4d664
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Nov 14 00:16:32 2010 +0000
Added code to zero out rcfile path before setting it. Also added a bounds check to that as well.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@301 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 21 +++++++++++++++++++--
1 files changed, 19 insertions(+), 2 deletions(-)
commit 0f6ca00ac492551e2a10cd220b7839f065042dc7
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Nov 13 03:04:36 2010 +0000
Updated the GPL blurb at the top of the source files. Added some missing copyright statements (Thanks to Franck Joncourt).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@300 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 23 +++++---
client/config_init.h | 23 +++++---
client/fwknop.c | 23 +++++---
client/fwknop.h | 23 +++++---
client/fwknop_common.h | 23 +++++---
client/getpasswd.c | 23 +++++---
client/getpasswd.h | 23 +++++---
client/http_resolve_host.c | 23 +++++---
client/spa_comm.c | 23 +++++---
client/spa_comm.h | 23 +++++---
client/utils.c | 23 +++++---
client/utils.h | 23 +++++---
common/common.h | 23 +++++---
common/netinet_common.h | 23 ++++++---
lib/base64.c | 24 ++++++---
lib/base64.h | 23 ++++++---
lib/cipher_funcs.c | 23 ++++++---
lib/cipher_funcs.h | 23 ++++++---
lib/digest.c | 25 ++++++---
lib/digest.h | 23 ++++++---
lib/fko.h | 23 +++++---
lib/fko_client_timeout.c | 23 +++++---
lib/fko_common.h | 23 +++++---
lib/fko_context.h | 23 +++++---
lib/fko_decode.c | 23 +++++---
lib/fko_digest.c | 23 +++++---
lib/fko_encode.c | 23 +++++---
lib/fko_encryption.c | 23 +++++---
lib/fko_error.c | 23 +++++---
lib/fko_funcs.c | 23 +++++---
lib/fko_limits.h | 25 +++++----
lib/fko_message.c | 23 +++++---
lib/fko_nat_access.c | 23 +++++---
lib/fko_rand_value.c | 23 +++++---
lib/fko_server_auth.c | 23 +++++---
lib/fko_state.h | 23 +++++---
lib/fko_timestamp.c | 23 +++++---
lib/fko_user.c | 23 +++++---
lib/fko_util.h | 23 +++++---
lib/gpgme_funcs.c | 23 +++++---
lib/gpgme_funcs.h | 23 ++++++---
lib/md5.c | 17 ++-----
lib/md5.h | 23 +++++---
lib/rijndael.c | 38 +++++++++-----
lib/rijndael.h | 116 +++++++++----------------------------------
lib/sha1.h | 30 ++++++-----
lib/sha2.c | 15 ++++--
lib/sha2.h | 14 +++--
lib/strlcat.c | 15 ++++--
lib/strlcpy.c | 15 ++++--
server/access.c | 23 +++++---
server/access.h | 23 +++++---
server/config_init.c | 23 +++++---
server/config_init.h | 23 +++++---
server/extcmd.c | 23 +++++---
server/extcmd.h | 23 +++++---
server/fw_util.c | 23 +++++---
server/fw_util.h | 23 +++++---
server/fw_util_ipf.c | 23 +++++---
server/fw_util_ipf.h | 23 +++++---
server/fw_util_ipfw.c | 23 +++++---
server/fw_util_ipfw.h | 23 +++++---
server/fw_util_iptables.c | 23 +++++---
server/fw_util_iptables.h | 23 +++++---
server/fwknopd.c | 23 +++++---
server/fwknopd.h | 23 +++++---
server/fwknopd_common.h | 23 +++++---
server/fwknopd_errors.c | 23 +++++---
server/fwknopd_errors.h | 23 +++++---
server/incoming_spa.c | 23 +++++---
server/incoming_spa.h | 23 +++++---
server/log_msg.c | 23 +++++---
server/log_msg.h | 23 +++++---
server/pcap_capture.c | 23 +++++---
server/pcap_capture.h | 23 +++++---
server/process_packet.c | 23 +++++---
server/process_packet.h | 23 +++++---
server/replay_dbm.c | 23 +++++---
server/replay_dbm.h | 23 +++++---
server/sig_handler.c | 23 +++++---
server/sig_handler.h | 23 +++++---
server/tcp_server.c | 23 +++++---
server/tcp_server.h | 23 +++++---
server/utils.c | 23 +++++---
server/utils.h | 23 +++++---
85 files changed, 1198 insertions(+), 838 deletions(-)
commit 67af7f7921df283985648e5110fc5e488095fa9c
Author: Damien Stuart <dstart@dstuart.org>
Date: Wed Nov 10 15:30:09 2010 +0000
Updated perl module for additional error messages.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@299 510a4753-2344-4c79-9c09-4d669213fbeb
perl/FKO/FKO.xs | 8 ++--
perl/FKO/lib/FKO_Constants.pl | 94 ++++++++++++++++++++++-------------------
perl/FKO/t/03_errors.t | 16 ++++----
3 files changed, 62 insertions(+), 56 deletions(-)
commit 781218e7e197e5e964876473a78b87b9d5496857
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Oct 31 01:45:28 2010 +0000
Bumped version to rc3 (even though we may go straight to release) and lib rev to 3.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@298 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 2 +-
fwknop.spec | 3 +++
lib/Makefile.am | 2 +-
3 files changed, 5 insertions(+), 2 deletions(-)
commit d84112adcab11303e549a31f50cdad36a0a54d8e
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Oct 31 01:36:25 2010 +0000
Update added HAVE_ERRNO_H 1 to win32/config.h.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@297 510a4753-2344-4c79-9c09-4d669213fbeb
win32/config.h | 407 ++++++++++++++++++++++++++++----------------------------
1 files changed, 205 insertions(+), 202 deletions(-)
commit a3bafdb36431d3b2c1acd5fc2c6b1e2dd12594ea
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Oct 30 16:19:54 2010 +0000
Needed to bump libfko revision to 2 do identify as part of newer dist.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@295 510a4753-2344-4c79-9c09-4d669213fbeb
fwknop.spec | 4 ++--
lib/Makefile.am | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
commit 3c83e899cba26a76a77658c42ebe1b4de7503bdf
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Oct 23 17:34:47 2010 +0000
Put the usleep back pcap_capture (oops).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@293 510a4753-2344-4c79-9c09-4d669213fbeb
server/pcap_capture.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
commit ce6fe8c705e393ae59fac3199fb6ff94f14a7416
Author: Damien Stuart <dstart@dstuart.org>
Date: Thu Oct 21 02:39:57 2010 +0000
Tweaks to the fwknop.spec file
git-svn-id: file:///home/mbr/svn/fwknop/trunk@291 510a4753-2344-4c79-9c09-4d669213fbeb
fwknop.spec | 13 ++++++++++---
1 files changed, 10 insertions(+), 3 deletions(-)
commit bbe8c9d7a16cf0c139631975b1c1f4aebf10638b
Author: Damien Stuart <dstart@dstuart.org>
Date: Thu Oct 21 01:53:04 2010 +0000
Set pcap non-block mode back on unless it is a freebsd system. Server verbose output no longer shows access key or GPG password.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@290 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 4 ++--
server/access.c | 8 ++++----
server/pcap_capture.c | 2 +-
server/pcap_capture.h | 11 +++++++++++
4 files changed, 18 insertions(+), 7 deletions(-)
commit 4f504848a009a43f8cc9131ca504f1207bfffdb4
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Oct 17 02:52:21 2010 +0000
Fixed handling of man page generation in Makefile.am so it works from alternate build directories.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@289 510a4753-2344-4c79-9c09-4d669213fbeb
README | 7 +++++--
client/Makefile.am | 5 +++--
server/Makefile.am | 4 ++--
3 files changed, 10 insertions(+), 6 deletions(-)
commit f1e82bc7aeaaec783b4072a19810e9287c939bdf
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Aug 29 02:06:13 2010 +0000
Minor fwknopd man page tweak.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@288 510a4753-2344-4c79-9c09-4d669213fbeb
doc/fwknopd.man.asciidoc | 8 +++++---
server/fwknopd.8.in | 8 ++++----
2 files changed, 9 insertions(+), 7 deletions(-)
commit 1381f183747caff1adca701c30f3b2996fcccda9
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Aug 29 01:50:58 2010 +0000
Made autoconf print an error message indicating ipf is not supported if it is specified. Changelog updates.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@287 510a4753-2344-4c79-9c09-4d669213fbeb
ChangeLog | 9 ++++++++-
configure.ac | 1 +
2 files changed, 9 insertions(+), 1 deletions(-)
commit 6bcebe565c9d2f691ba5f6d032ffeca379416973
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Aug 29 01:32:04 2010 +0000
Made fw_cleanup not remove rules from the expired rule set. Added code to read in any existing expired rules into the rule_map at startup.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@286 510a4753-2344-4c79-9c09-4d669213fbeb
server/fw_util_ipfw.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++--
server/fw_util_ipfw.h | 1 +
server/pcap_capture.c | 2 +-
3 files changed, 72 insertions(+), 4 deletions(-)
commit ff9dad6fd9eec3bfd32076a3c9847cb669c64388
Author: Damien Stuart <dstart@dstuart.org>
Date: Fri Aug 27 22:09:36 2010 +0000
Wrapped #ifdef around a linux-specific chunk.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@285 510a4753-2344-4c79-9c09-4d669213fbeb
server/pcap_capture.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
commit c4c158c1ba24158b48e842ea8a837a24b90c3d5d
Author: Damien Stuart <dstart@dstuart.org>
Date: Thu Aug 26 22:56:47 2010 +0000
Missed a config file update on the last check-in.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@284 510a4753-2344-4c79-9c09-4d669213fbeb
server/fwknopd.conf | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
commit cdff077bb67f158e60f4d3a1643d70a3e3ac871f
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Aug 24 03:09:35 2010 +0000
Added rule expire and purge for ipfw. Almost there...
git-svn-id: file:///home/mbr/svn/fwknop/trunk@283 510a4753-2344-4c79-9c09-4d669213fbeb
server/config_init.c | 6 +-
server/fw_util_ipfw.c | 352 +++++++++++++++++++++++++++++++++++++++++++++--
server/fw_util_ipfw.h | 26 +++-
server/fwknopd_common.h | 20 ++-
server/pcap_capture.c | 15 ++
5 files changed, 389 insertions(+), 30 deletions(-)
commit 51c21b318f01793012861018c83ff0040e867591
Author: Damien Stuart <dstart@dstuart.org>
Date: Mon Aug 23 02:43:43 2010 +0000
Start of addition of access requests via ipfw.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@282 510a4753-2344-4c79-9c09-4d669213fbeb
server/config_init.c | 120 ++++++++++++++++-------
server/fw_util.h | 4 +-
server/fw_util_ipf.c | 19 ++--
server/fw_util_ipf.h | 2 -
server/fw_util_ipfw.c | 239 ++++++++++++++++++++++++++++++++++++++++-----
server/fw_util_ipfw.h | 18 ++--
server/fw_util_iptables.c | 105 ++++++++++----------
server/fwknopd.c | 2 +-
server/fwknopd.conf | 44 ++++++++
server/fwknopd_common.h | 233 +++++++++++++++++++++++++++-----------------
10 files changed, 558 insertions(+), 228 deletions(-)
commit b0de05c70ada1893ea3ab6750196232c97f72f29
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 14 01:26:42 2010 +0000
minor off-by-one fix for home directory path separator
git-svn-id: file:///home/mbr/svn/fwknop/trunk@281 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit ea19245f99f59acc4ca056423828e6b06d036cbd
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Aug 12 02:19:03 2010 +0000
minor bug fix to account for PATH_SEP being defined as a character instead of a string
git-svn-id: file:///home/mbr/svn/fwknop/trunk@280 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit 838b80fd7d7b822cfeecce9f2dc34c6ca49f68cd
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Aug 10 02:29:09 2010 +0000
Refactored firewall rule code to separate files by firewall type. Stubbed in ipfw and ipf firewall types. Updated autoconf to set a firewall type and path depending on configure arguments.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@279 510a4753-2344-4c79-9c09-4d669213fbeb
common/netinet_common.h | 7 +
configure.ac | 74 +++-
server/Makefile.am | 4 +-
server/config_init.c | 16 +-
server/fw_util.c | 895 +--------------------------------------------
server/fw_util.h | 26 +-
server/fw_util_ipf.c | 172 +++++++++
server/fw_util_ipf.h | 43 +++
server/fw_util_ipfw.c | 173 +++++++++
server/fw_util_ipfw.h | 43 +++
server/fw_util_iptables.c | 881 ++++++++++++++++++++++++++++++++++++++++++++
server/fw_util_iptables.h | 47 +++
server/fwknopd.c | 6 +-
server/fwknopd.conf | 2 +-
server/fwknopd_common.h | 6 +-
server/pcap_capture.c | 4 +-
16 files changed, 1454 insertions(+), 945 deletions(-)
commit c1f67b900d4124084be115921e331533fb515b17
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Aug 8 19:01:36 2010 +0000
Uncommented call to check_firewall_rules (left in while debugging freebsd build).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@278 510a4753-2344-4c79-9c09-4d669213fbeb
server/pcap_capture.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit dcd6106a4bf0cc5646c790c252c9e246b4307b81
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Aug 8 18:56:53 2010 +0000
Oops left out new header for last update.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@277 510a4753-2344-4c79-9c09-4d669213fbeb
common/netinet_common.h | 158 +++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 158 insertions(+), 0 deletions(-)
commit 6126b7b7ca8b5b0db5c13b5b9f64a70d42b6402f
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Aug 8 18:53:35 2010 +0000
Updates to accomodate building and compiling on FreeBSD systems.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@276 510a4753-2344-4c79-9c09-4d669213fbeb
client/Makefile.am | 2 +-
client/spa_comm.h | 120 +----------------------------------------------
common/Makefile.am | 2 +-
common/common.h | 13 ++++--
configure.ac | 13 +++++-
server/Makefile.am | 2 +-
server/fwknopd.c | 10 ++--
server/fwknopd_common.h | 4 +-
server/incoming_spa.c | 10 ++--
server/pcap_capture.c | 25 ++++++----
server/process_packet.c | 7 +--
11 files changed, 54 insertions(+), 154 deletions(-)
commit 51adbe26a2e27d449a6dc439ee8354b5e7a9a31e
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Aug 1 02:13:03 2010 +0000
Tweaks to autoconf files.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@275 510a4753-2344-4c79-9c09-4d669213fbeb
Makefile.am | 8 +++++++-
configure.ac | 2 +-
2 files changed, 8 insertions(+), 2 deletions(-)
commit 55e9fe41e172e5f36557902b91e82155d62e39ab
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Jul 31 19:11:22 2010 +0000
Added some OpenWRT-related files to the extras directory.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@274 510a4753-2344-4c79-9c09-4d669213fbeb
extras/openwrt/README.openwrt | 19 +++++
extras/openwrt/package/fwknop/Makefile | 80 +++++++++++++++++++++
extras/openwrt/package/fwknop/files/fwknopd.init | 29 ++++++++
extras/openwrt/package/gpgme/Makefile | 82 ++++++++++++++++++++++
4 files changed, 210 insertions(+), 0 deletions(-)
commit 9c2cd267bffb88113acc486cda371a80257773b8
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Jul 31 18:04:08 2010 +0000
Fixed issue with spaces in in access.conf comma-separated values. Fixed issue with GPG signature check being forced when GPG_REMOTE_ID is set and GPG_REQUIRE_SIG was "N". Updated dependency in the spec file. Updates to ChangeLog.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@273 510a4753-2344-4c79-9c09-4d669213fbeb
ChangeLog | 2 +-
extras/fwknop.init.fedora | 115 ---------------------------------------------
extras/fwknop.init.redhat | 115 +++++++++++++++++++++++++++++++++++++++++++++
fwknop.spec | 6 +-
server/access.c | 32 ++++++++++++
server/incoming_spa.c | 11 +++--
6 files changed, 158 insertions(+), 123 deletions(-)
commit 7dc24c133e0a135ca891e20e62f718660bd49c02
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 29 11:01:53 2010 +0000
Bug fix for USE_NDBM variable so that client-only builds work. The specific
error before the patch along with the command line invocation of the
"configure" script appear below:
$ ./configure --prefix=/usr --disable-server
[...]
configure: error: conditional "USE_NDBM" was never defined.
Usually this means the macro was only invoked conditionally.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@272 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
commit 35f71a82fd02f4dbc99d65f5e931651c73d7709c
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jul 25 15:40:51 2010 +0000
Added extras directory. Bumped version in autoconf to 1.0.0rc2.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@271 510a4753-2344-4c79-9c09-4d669213fbeb
ChangeLog | 76 +++++++++++++++++
Makefile.am | 1 +
configure.ac | 2 +-
extras/fwknop.init.debian | 200 ++++++++++++++++++++++++++++++++++++++++++++
extras/fwknop.init.fedora | 115 +++++++++++++++++++++++++
extras/fwknop.init.openwrt | 29 +++++++
6 files changed, 422 insertions(+), 1 deletions(-)
commit 94130067a6554893601d81f0b1cf7812e810ca0d
Author: Damien Stuart <dstart@dstuart.org>
Date: Mon Jul 19 02:39:26 2010 +0000
Cleaned out some old commented-out sections configure.ac and fixed an issue where exteranl file checks would fail when running configure in cross-compiler environment. No code changes made.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@269 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 113 +++-------------------------------------------------------
1 files changed, 5 insertions(+), 108 deletions(-)
commit 3111e5868b56b16bd3eee39cdd8a4b64924a513c
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jul 18 01:56:19 2010 +0000
Removed a debug print statement.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@268 510a4753-2344-4c79-9c09-4d669213fbeb
client/http_resolve_host.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
commit bf8586922e9e81b74aa2ef35093f29ec9007c900
Author: Damien Stuart <dstart@dstuart.org>
Date: Fri Jul 16 20:47:50 2010 +0000
Added check to make sure a firewall program is set.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@267 510a4753-2344-4c79-9c09-4d669213fbeb
server/config_init.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
commit aa0cc1c699c7102598f7db2fa4e61ad6dc6cda9e
Author: Damien Stuart <dstart@dstuart.org>
Date: Fri Jul 16 20:14:35 2010 +0000
Per Franck Joncourt - Corrected misspelled word in fwknopd man page and access.conf.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@266 510a4753-2344-4c79-9c09-4d669213fbeb
doc/fwknopd.man.asciidoc | 2 +-
server/access.conf | 2 +-
server/fwknopd.8.in | 13 ++++++++++---
3 files changed, 12 insertions(+), 5 deletions(-)
commit b0886a1d4938d2ce940816b6ef857ef7a0acfa5f
Author: Damien Stuart <dstart@dstuart.org>
Date: Fri Jul 16 14:28:32 2010 +0000
Updates and clean-up to address the many compiler warnings when compiled with -Wall. Also some autoconf updates
git-svn-id: file:///home/mbr/svn/fwknop/trunk@265 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 1 -
client/http_resolve_host.c | 3 ++-
client/spa_comm.c | 6 ++++--
client/spa_comm.h | 10 +++++++++-
client/utils.h | 10 ++--------
common/common.h | 8 ++++++++
configure.ac | 2 +-
lib/fko_encryption.c | 2 +-
lib/fko_message.c | 3 +--
lib/gpgme_funcs.c | 1 -
server/access.c | 29 ++++++-----------------------
server/config_init.c | 2 --
server/config_init.h | 1 +
server/extcmd.c | 43 +++++++++++++++++++++++++++++++++++--------
server/fw_util.c | 28 +++++++++++++++++-----------
server/fwknopd.c | 15 ++++++++-------
server/incoming_spa.c | 30 ++++++++++++++++++------------
server/pcap_capture.c | 4 +++-
server/process_packet.c | 4 ++--
server/replay_dbm.c | 2 --
server/sig_handler.c | 4 ++++
server/sig_handler.h | 1 +
server/tcp_server.c | 15 ++++++++++-----
server/utils.h | 8 ++------
24 files changed, 135 insertions(+), 97 deletions(-)
commit c3da912fc282f22bab11aa1fd65c2b709a5a5344
Author: Damien Stuart <dstart@dstuart.org>
Date: Fri Jul 16 01:09:11 2010 +0000
Updated the version number in the win32 config.h copy
git-svn-id: file:///home/mbr/svn/fwknop/trunk@264 510a4753-2344-4c79-9c09-4d669213fbeb
win32/config.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit 8cfa222761f5282af16bccbdec569324bf0c689d
Author: Damien Stuart <dstart@dstuart.org>
Date: Fri Jul 16 00:39:17 2010 +0000
Fixed some misplaced dependencies in the fwknop.spec file.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@263 510a4753-2344-4c79-9c09-4d669213fbeb
fwknop.spec | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
commit 4c995c146badb1a4689b8e0889e2c04adcd8ef18
Author: Damien Stuart <dstart@dstuart.org>
Date: Thu Jul 15 01:38:16 2010 +0000
Almost all he conf variables have a default value if they are not there (or set). All the entries in the initial fwknop.conf file are not commented out adn can be override as needed.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@262 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 2 +-
fwknop.spec | 4 +-
server/config_init.c | 153 ++++++++++++++++++++++++++++++++++++++++++-----
server/config_init.h | 2 -
server/fw_util.c | 41 +++----------
server/fwknopd.c | 10 +--
server/fwknopd.conf | 63 +++++++++----------
server/fwknopd_common.h | 47 ++++++++++----
server/incoming_spa.c | 5 +-
server/pcap_capture.c | 13 ++---
10 files changed, 226 insertions(+), 114 deletions(-)
commit d904f5637f15a50b15d543a67181647dce63c9cb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jul 14 02:58:51 2010 +0000
removed additional wait() call from run_extcmd(), updated --fw-list to just use system() to execute the iptables listing commands
git-svn-id: file:///home/mbr/svn/fwknop/trunk@261 510a4753-2344-4c79-9c09-4d669213fbeb
server/extcmd.c | 6 ------
server/fw_util.c | 2 +-
2 files changed, 1 insertions(+), 7 deletions(-)
commit 6f4ff9cb69f6d3089791636d369b9698508e701f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 13 04:09:07 2010 +0000
added --fw-list arg to the fwknopd daemon to list all current firewall rules for any running fwknopd process
git-svn-id: file:///home/mbr/svn/fwknop/trunk@260 510a4753-2344-4c79-9c09-4d669213fbeb
doc/fwknopd.man.asciidoc | 4 +++
server/config_init.c | 3 ++
server/config_init.h | 4 ++-
server/extcmd.c | 8 ++++++-
server/fw_util.c | 55 +++++++++++++++++++++++++++++++++++++++++++--
server/fw_util.h | 4 ++-
server/fwknopd.c | 21 +++++++++++++++--
server/fwknopd_common.h | 1 +
8 files changed, 91 insertions(+), 9 deletions(-)
commit ed9170e506d104577caca79e849e0017ca8252b2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 12 01:48:49 2010 +0000
- added is_valid_dir() utility function for checking directory stat()/existence (this
is used for gpg keyring path validation).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@259 510a4753-2344-4c79-9c09-4d669213fbeb
server/access.c | 12 +++++++++++-
server/config_init.c | 12 +++++++++++-
server/incoming_spa.c | 11 ++++++++++-
server/utils.c | 19 +++++++++++++++++++
server/utils.h | 1 +
5 files changed, 52 insertions(+), 3 deletions(-)
commit f03b2786eba1c3d263494b249e48b534e9461773
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jul 11 20:16:32 2010 +0000
Added the fwknopd_errors.[ch] files which provides the get_errstr() and fwknopd_errstr() functions. The get_errstr() function takes and error_code, tries to determine the type, then calls the appropriate xxx_errstr function to return a description string. Fixed some minor errors in the libfko API docs.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@258 510a4753-2344-4c79-9c09-4d669213fbeb
doc/libfko.texi | 104 ++++++++++++++++++++++++----------------------
server/Makefile.am | 5 +-
server/fwknopd_common.h | 28 ------------
server/fwknopd_errors.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++
server/fwknopd_errors.h | 72 ++++++++++++++++++++++++++++++++
server/incoming_spa.c | 1 +
server/pcap_capture.c | 18 +-------
server/replay_dbm.c | 1 +
8 files changed, 240 insertions(+), 94 deletions(-)
commit 390ea80df7d4c9c8ad94bc135f0de100d2c35705
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jul 11 14:04:23 2010 +0000
Moved force set of verify flag on remote_id value to before decryption phase.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@257 510a4753-2344-4c79-9c09-4d669213fbeb
server/incoming_spa.c | 9 +++------
1 files changed, 3 insertions(+), 6 deletions(-)
commit 3c5c8f1da7c19da68a63a8571756105c8f75d17b
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jul 11 13:55:44 2010 +0000
Reverted last libfko change. Added set verify_sig flag when remote_ids are specified.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@256 510a4753-2344-4c79-9c09-4d669213fbeb
lib/fko_encryption.c | 18 ++++++------------
server/incoming_spa.c | 4 ++++
2 files changed, 10 insertions(+), 12 deletions(-)
commit 647fc3e64d9a9215b2066879528a6634d828638f
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jul 11 13:36:18 2010 +0000
Removed checks for sig verification flag on gpg_sig info related functions.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@255 510a4753-2344-4c79-9c09-4d669213fbeb
lib/fko_encryption.c | 18 ++++++++++++------
1 files changed, 12 insertions(+), 6 deletions(-)
commit eed35a8f1cec59d3de67d04666fc46e5ece5fe15
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 11 12:37:31 2010 +0000
minor update to check the gpg keyring path setting in access stanzas only if a decrypt password is specified
git-svn-id: file:///home/mbr/svn/fwknop/trunk@254 510a4753-2344-4c79-9c09-4d669213fbeb
server/access.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit 05fdf6f3196d4a64663d564c12385c1316bf5943
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 11 02:49:12 2010 +0000
minor macro update to define the default gpg keyring
git-svn-id: file:///home/mbr/svn/fwknop/trunk@253 510a4753-2344-4c79-9c09-4d669213fbeb
server/config_init.c | 2 +-
server/fwknopd_common.h | 4 ++++
2 files changed, 5 insertions(+), 1 deletions(-)
commit 688ae8d4f0a20b2f130acba3d25018a4d8ca0351
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 11 02:45:38 2010 +0000
Updated to define a default gpg keyring path of /root/.gnupg, and if the GPG_HOME_DIR variable
is not defined in the fwknopd.conf file or the access.conf file, then this default will take
over.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@252 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 24 +++++++++++++++++-------
server/access.c | 8 ++++++--
server/config_init.c | 7 +++++++
3 files changed, 30 insertions(+), 9 deletions(-)
commit a0b813ca55671cf7493df73d8b8db8f3e0792e95
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jul 11 01:27:12 2010 +0000
Reworked how man pages are generated. Now, man pages in the client and server directory are "fwknop(d).8.in" and a target was added to Makefile.am to create the man pages while doing variable substitutions based on directives specified via the configure script. Minor tweak to fwknop.spec file.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@251 510a4753-2344-4c79-9c09-4d669213fbeb
Makefile.am | 9 +
client/Makefile.am | 16 ++
client/fwknop.8 | 666 ----------------------------------------------
client/fwknop.8.in | 666 ++++++++++++++++++++++++++++++++++++++++++++++
doc/fwknopd.man.asciidoc | 10 +-
fwknop.spec | 8 +
server/Makefile.am | 15 +
server/fwknopd.8 | 476 ---------------------------------
server/fwknopd.8.in | 476 +++++++++++++++++++++++++++++++++
9 files changed, 1195 insertions(+), 1147 deletions(-)
commit 492b1db86101de2d31db3d0883ff29494f652b59
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Jul 10 16:41:52 2010 +0000
Slightly revamped how signals were setup.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@250 510a4753-2344-4c79-9c09-4d669213fbeb
doc/README | 2 +-
server/pcap_capture.c | 1 -
server/sig_handler.c | 44 ++++++++++++++++++++++++++++++--------------
3 files changed, 31 insertions(+), 16 deletions(-)
commit 4a85c6fd258c643333f90238f2fddc2fc3374408
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Jul 10 00:48:41 2010 +0000
Modified top-level Makefile.am so the legacy perl stuff is not packaged into the distribution tar file. More cleanup of the fwknopd man page.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@249 510a4753-2344-4c79-9c09-4d669213fbeb
Makefile.am | 1 -
doc/fwknopd.man.asciidoc | 114 ++++++++++++++++++++--------------------------
server/fwknopd.8 | 114 ++++++++++++++++-----------------------------
server/fwknopd.c | 1 -
server/fwknopd.conf | 30 +-----------
5 files changed, 92 insertions(+), 168 deletions(-)
commit 153d1ec96259398635e9ee32117904742bd42b16
Author: Damien Stuart <dstart@dstuart.org>
Date: Fri Jul 9 18:18:41 2010 +0000
Added AC_SYS_LARGE_FILE to configure.ac
git-svn-id: file:///home/mbr/svn/fwknop/trunk@248 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
commit 9c6377aff641034e45a63e31bd7c1fc3f64ce998
Author: Damien Stuart <dstart@dstuart.org>
Date: Fri Jul 9 02:09:22 2010 +0000
Manpage updates
git-svn-id: file:///home/mbr/svn/fwknop/trunk@247 510a4753-2344-4c79-9c09-4d669213fbeb
client/fwknop.8 | 92 ++++++++++++++++----------------
doc/fwknop.man.asciidoc | 132 +++++++++++++++++++++++++---------------------
doc/fwknopd.man.asciidoc | 5 +-
server/fwknopd.8 | 8 +--
4 files changed, 122 insertions(+), 115 deletions(-)
commit b83733f00dcf0e79e998cd2235c511bec6509934
Author: Damien Stuart <dstart@dstuart.org>
Date: Thu Jul 8 02:07:35 2010 +0000
Renamed the legacy perl verison of fwknop.spec to fwkop-legacy.spec to resolve rpmbuild confusion when using the -tx options.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@246 510a4753-2344-4c79-9c09-4d669213fbeb
perl/legacy/fwknop/packaging/fwknop-legacy.spec | 342 +++++++++++++++++++++++
perl/legacy/fwknop/packaging/fwknop.spec | 342 -----------------------
2 files changed, 342 insertions(+), 342 deletions(-)
commit a80b392d2720d0f05ea970436968ef0d2cf47545
Author: Damien Stuart <dstart@dstuart.org>
Date: Thu Jul 8 02:02:12 2010 +0000
Fixed another oops in the spec file.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@245 510a4753-2344-4c79-9c09-4d669213fbeb
fwknop.spec | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
commit 9d2a4c247175ef83bb40e4aadd2af81e19f4b423
Author: Damien Stuart <dstart@dstuart.org>
Date: Thu Jul 8 01:59:51 2010 +0000
Fixed autoconf config so libfko and fwknop client are not linked with libpcap and libgdbm. Fixed some issues in the fwknop.spec file.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@244 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 15 ++++++++++++---
fwknop.spec | 45 +++++++++++++++++++++++++--------------------
server/Makefile.am | 7 ++++++-
server/fw_util.h | 2 --
4 files changed, 43 insertions(+), 26 deletions(-)
commit 21e2c95364aa74b31c0223d657516f049e57f25b
Author: Damien Stuart <dstart@dstuart.org>
Date: Wed Jul 7 17:46:46 2010 +0000
Use USERPROFILE instead of HOME for homedir determination on win32 builds.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@243 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
commit e63f1de1e3edef0e23fc7911014ea4f5f2d84b5b
Author: Damien Stuart <dstart@dstuart.org>
Date: Wed Jul 7 17:36:20 2010 +0000
Removed unreferenced variables.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@242 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 1 -
client/spa_comm.c | 2 +-
2 files changed, 1 insertions(+), 2 deletions(-)
commit bbb8f7bcc6081900529162a2948cfd834de08fd9
Author: Damien Stuart <dstart@dstuart.org>
Date: Wed Jul 7 17:32:21 2010 +0000
Fixed issues found by the Windows compiler (that I would think would have been flagged by gcc).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@241 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 11 ++++-------
common/common.h | 1 +
2 files changed, 5 insertions(+), 7 deletions(-)
commit b098a07f045e00b03b678fc9fc9ee3ff35ffffcf
Author: Damien Stuart <dstart@dstuart.org>
Date: Wed Jul 7 15:47:22 2010 +0000
Fixed bug where ALLOW_IP of resolve was not overridden by an ALLOW_IP parameter in a named stanza. Removed erroneous invalid parameter from the initially generated .fwknoprc file.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@240 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
commit 2e03feabef665f8116ffaa0e69ea4ef46ff8e1b6
Author: Damien Stuart <dstart@dstuart.org>
Date: Wed Jul 7 02:39:55 2010 +0000
Minor cleanup on the spec file.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@239 510a4753-2344-4c79-9c09-4d669213fbeb
fwknop.spec | 14 +++-----------
1 files changed, 3 insertions(+), 11 deletions(-)
commit 2a67766589b7f629d604ab656f4143a6f3fa700b
Author: Damien Stuart <dstart@dstuart.org>
Date: Wed Jul 7 02:32:01 2010 +0000
Added fwknop.spec for rpm builds. Removed the server post install hook as it breaks make distcheck and rpm builds.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@238 510a4753-2344-4c79-9c09-4d669213fbeb
Makefile.am | 1 +
configure.ac | 2 +-
fwknop.spec | 129 ++++++++++++++++++++++++++++++++++++++++++++++++++++
server/Makefile.am | 3 -
4 files changed, 131 insertions(+), 4 deletions(-)
commit 7308180c22113acf0a4debf77360a030ad8b58db
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Jul 6 19:02:39 2010 +0000
Fixed bug where named-stanza was not being found when it indeed existed.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@237 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
commit d7fc21d254b803a3dfa5d50d7ebfc70e1269deea
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Jul 6 02:12:06 2010 +0000
Fixed bad param name in generated .fwknoprc file.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@236 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit e9c0f415414abb2b287ff15d0f973ed5d01aa38f
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Jul 6 00:59:33 2010 +0000
Added installation hook to set the perms on the .conf files to 600 during make install. Minot doc tweak.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@235 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 2 +-
doc/fwknop.man.asciidoc | 29 ++++++++++++++++-------------
server/Makefile.am | 3 +++
3 files changed, 20 insertions(+), 14 deletions(-)
commit 5035cf0fed040da379f4f81fea905bec837c9790
Author: Damien Stuart <dstart@dstuart.org>
Date: Mon Jul 5 22:49:03 2010 +0000
Added .fwknoprc file creation and processing. This allows for saved default and named configuration profiles. Updated fwknop manpage to reflect the new capability. Also cleaned up messages (errors, info) from the program.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@234 510a4753-2344-4c79-9c09-4d669213fbeb
README | 39 +++-
TODO | 3 +-
client/config_init.c | 530 ++++++++++++++++++++++++++++++++++++++++----
client/config_init.h | 7 +-
client/fwknop.8 | 144 ++++++++++++-
client/fwknop.c | 33 ++--
client/fwknop_common.h | 4 +-
client/getpasswd.c | 4 +-
client/http_resolve_host.c | 14 +-
client/spa_comm.c | 38 ++--
common/common.h | 19 ++
doc/fwknop.man.asciidoc | 108 +++++++++
12 files changed, 848 insertions(+), 95 deletions(-)
commit a1531a56e3668352279e04ebd1c85907d9eb0c29
Author: Damien Stuart <dstart@dstuart.org>
Date: Mon Jul 5 02:18:44 2010 +0000
Due to issues and usage restrictions on whatismyip.com, I am making the default resolve_ip_http url www.cipherdyne.org/cgi-bin/myip.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@233 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 104 +-----------------------------------------------
client/fwknop_common.h | 10 +++-
2 files changed, 8 insertions(+), 106 deletions(-)
commit 8129f86ddd069e928daa2e97561a51763a0aaa70
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jul 4 21:12:51 2010 +0000
More cleanup. Removed the direction field (src, dst, both) from the chain configuration directives. Remove the HOSTNAME parameter as it was not used.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@232 510a4753-2344-4c79-9c09-4d669213fbeb
doc/fwknopd.man.asciidoc | 33 +++++++--------------------------
server/access.conf | 12 +++++++-----
server/config_init.c | 15 ---------------
server/fw_util.c | 14 +++++++-------
server/fwknopd.8 | 16 +---------------
server/fwknopd.conf | 39 ++++++++++++++-------------------------
server/fwknopd_common.h | 26 ++++++++------------------
7 files changed, 44 insertions(+), 111 deletions(-)
commit 5f1f0650ead7e1b8a70e5bbbef6aa6befb18a247
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jul 4 13:34:31 2010 +0000
Put locale code back in. More cleanup of config directives and options.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@231 510a4753-2344-4c79-9c09-4d669213fbeb
server/config_init.c | 5 ++++
server/config_init.h | 3 +-
server/extcmd.c | 4 +-
server/fw_util.c | 2 -
server/fwknopd.8 | 35 ++++++++-----------------------
server/fwknopd.c | 36 +++++++++++++++++++++++--------
server/fwknopd.conf | 41 +++++++++--------------------------
server/fwknopd_common.h | 53 +++++-----------------------------------------
8 files changed, 61 insertions(+), 118 deletions(-)
commit b6c57aa6a0f8a7e29aeebd9588ca49278c870e62
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Jul 3 02:07:28 2010 +0000
Changed the way running external commands are hanlded to address issues with it not working on some systems/configurations. Just using system and popen and fw commands are run with stdout and stderr tied to gether.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@230 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 63 +++++++++++++-------------
server/extcmd.c | 121 +++++++++++++++++++++++++++++++++++++-----------
server/extcmd.h | 4 +-
server/fw_util.c | 49 ++++++++++----------
server/fw_util.h | 22 +++++-----
server/incoming_spa.c | 12 ++---
server/pcap_capture.c | 6 ++-
server/sig_handler.c | 1 +
server/tcp_server.c | 2 +-
9 files changed, 173 insertions(+), 107 deletions(-)
commit 3c3d75abb57b2513eca14df4951f8bdafce47340
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 1 03:44:42 2010 +0000
applied patch from Franck to catch a couple of man page typos
git-svn-id: file:///home/mbr/svn/fwknop/trunk@229 510a4753-2344-4c79-9c09-4d669213fbeb
perl/legacy/fwknop/fwknop_serv.8 | 2 +-
perl/legacy/fwknop/knoptm.8 | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
commit 14e844f3f2838dc4401c59cba54c1ffcff89e4fd
Author: Damien Stuart <dstart@dstuart.org>
Date: Thu Jul 1 03:12:32 2010 +0000
Updates to TCP server to close the lock file handle, use a non-blocking socket, and detect when the parent fwknop dies so it can exit as well.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@228 510a4753-2344-4c79-9c09-4d669213fbeb
server/fwknopd.c | 5 +++
server/fwknopd_common.h | 1 +
server/tcp_server.c | 84 +++++++++++++++++++++++++++++++++++++++++++----
3 files changed, 83 insertions(+), 7 deletions(-)
commit b217c6a1fa6fde872df0148d3cf1c4c05fd691e1
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Jun 29 02:40:59 2010 +0000
Added the GPG signature checking code. Added GPG_REQUIRE_SIG and GPG_IGNORE_SIG_VERIFY_ERROR parameters to access.conf. Implement the checking of GPG signature IDs against the GPG_REOMOTE_ID list.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@227 510a4753-2344-4c79-9c09-4d669213fbeb
doc/fwknopd.man.asciidoc | 19 ++++++++++--
server/access.c | 62 ++++++++++++++++++++++++++++++----------
server/access.conf | 23 +++++++++++----
server/access.h | 1 +
server/fwknopd.8 | 70 +++++++++++++++++++++++----------------------
server/fwknopd_common.h | 2 +
server/incoming_spa.c | 44 +++++++++++++++++++++--------
7 files changed, 150 insertions(+), 71 deletions(-)
commit b7ede1625d03323b60e0696eb37fff9355027e4e
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Jun 29 01:00:11 2010 +0000
Added support for COMMAND_MSG requests. Also added CMD_EXEC_USER to access.conf to allow for fwknopd to setuid to the specified user before running the command. Other minor tweaks.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@226 510a4753-2344-4c79-9c09-4d669213fbeb
server/access.c | 26 +++++++++++---
server/extcmd.c | 34 +++++++++++++++++--
server/extcmd.h | 2 +
server/fw_util.c | 4 +-
server/fwknopd.conf | 4 +-
server/fwknopd_common.h | 4 ++-
server/incoming_spa.c | 82 +++++++++++++++++++++++------------------------
7 files changed, 99 insertions(+), 57 deletions(-)
commit b95d222d3c8cab0ad7e9b68ef3279f3cbb8a0d69
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jun 27 21:07:56 2010 +0000
More tweaks, clean-up and documentation tweaks for the first release. Made client http-proxy option allow case insensitive match and to take an option :port as part of the argument.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@225 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 35 +++---------------------
client/config_init.h | 15 +---------
client/fwknop.8 | 53 ++++++++++++++++++------------------
client/spa_comm.c | 67 ++++++++++++++++++++++------------------------
doc/fwknop.man.asciidoc | 53 ++++++++++++++++--------------------
doc/fwknopd.man.asciidoc | 58 ++++++++++++++++++++++------------------
server/access.conf | 9 +-----
server/fwknopd.conf | 29 ++++++-------------
server/fwknopd_common.h | 12 ++++----
9 files changed, 134 insertions(+), 197 deletions(-)
commit fe09438921e45127cf4aae19621f135b20c098fb
Author: Damien Stuart <dstart@dstuart.org>
Date: Thu Jun 24 02:31:36 2010 +0000
Start of cleanup for beta release candidate. Removed locale-related code (for now) as it was breaking some things like logging. removed some unimplemented and/or unused parameters and config directives (as well as thier respective documentation references. Added a --rotate-digest-cache command-line arg to force a rename of the digest cache file and start a new one.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@224 510a4753-2344-4c79-9c09-4d669213fbeb
client/fwknop.8 | 161 ++++++++++++++++++++--------------------------
client/spa_comm.c | 4 +-
doc/fwknopd.man.asciidoc | 29 ++-------
server/access.c | 22 +++---
server/config_init.c | 48 ++-----------
server/config_init.h | 12 +---
server/fw_util.c | 22 +++----
server/fwknopd.8 | 47 +++-----------
server/fwknopd.c | 84 +++++++++++-------------
server/fwknopd.conf | 9 ---
server/fwknopd_common.h | 7 +-
server/incoming_spa.c | 38 ++++++------
server/pcap_capture.c | 26 ++++----
server/replay_dbm.c | 48 ++++++++++++--
server/sig_handler.c | 12 ++--
server/tcp_server.c | 10 ++--
16 files changed, 244 insertions(+), 335 deletions(-)
commit b57ada4c169be31cd481c63c61b2d11df72e1679
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Jun 22 01:28:49 2010 +0000
More updates to take care of warnings on Ubuntu systems (fixes for common sense warnings that should have come up om my Fedora system but didn't).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@223 510a4753-2344-4c79-9c09-4d669213fbeb
server/extcmd.c | 7 +++++--
server/extcmd.h | 3 ++-
server/fw_util.c | 3 ++-
3 files changed, 9 insertions(+), 4 deletions(-)
commit aef097a31f4c0afe508b878f23fc3dc4f54de287
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Jun 22 01:14:42 2010 +0000
Some tweaks to the sigchld handling in the server. Other misc minor cleanup.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@222 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 2 +-
configure.ac | 104 ++++++++++++++++++++++++-------------------------
server/fwknopd.c | 8 +--
server/pcap_capture.c | 80 +++++++++++++++++++++-----------------
4 files changed, 99 insertions(+), 95 deletions(-)
commit 68b171ddd4ce2cf97cd17eb2ba816589b66c1a00
Author: Damien Stuart <dstart@dstuart.org>
Date: Mon Jun 21 03:24:27 2010 +0000
More tweaks. Added SIGCHLD handler and code to try to restart the TCP server if it dies for whatever reason.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@221 510a4753-2344-4c79-9c09-4d669213fbeb
server/extcmd.c | 3 ---
server/fwknopd.c | 35 +++++++++++++++++++++++++++--------
server/pcap_capture.c | 42 ++++++++++++++++++++++++++++++++++++++++--
server/sig_handler.c | 10 ++++++++++
server/sig_handler.h | 1 +
server/tcp_server.c | 7 +++++--
6 files changed, 83 insertions(+), 15 deletions(-)
commit 315f3e677843ba9e1efc8d03104f759859aa0d62
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jun 20 23:15:52 2010 +0000
Tweak to client usage message output. Added TCP server funcionality to the server (call it a first cut).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@220 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 8 ++--
server/Makefile.am | 25 +++++----
server/config_init.c | 4 --
server/fwknopd.c | 23 ++++++++
server/fwknopd.conf | 4 +-
server/fwknopd_common.h | 15 +++---
server/incoming_spa.c | 5 ++-
server/pcap_capture.c | 4 +-
server/tcp_server.c | 133 +++++++++++++++++++++++++++++++++++++++++++++++
server/tcp_server.h | 35 ++++++++++++
10 files changed, 223 insertions(+), 33 deletions(-)
commit 3915f1b7aacd169ad7a82c1ba0e05c43514fa428
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jun 20 15:22:41 2010 +0000
Added support for parsing and processing SPA requests over HTTP. Beefed up verbose logging a bit. Added some more sanity checks on the validity of incoming SPA data before attempting to decode.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@219 510a4753-2344-4c79-9c09-4d669213fbeb
server/config_init.c | 8 ++-
server/config_init.h | 1 -
server/fwknopd.conf | 21 +++++---
server/fwknopd_common.h | 38 +++++++++------
server/incoming_spa.c | 120 ++++++++++++++++++++++++++++++++++++++--------
server/incoming_spa.h | 1 -
server/pcap_capture.c | 24 +++++++++-
server/process_packet.c | 5 +-
server/utils.c | 53 ++++++++++++++------
server/utils.h | 4 +-
10 files changed, 205 insertions(+), 70 deletions(-)
commit 63b4da38dcd320e18b74641fac42ddad11876aa4
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Jun 19 01:15:19 2010 +0000
Mostly documentation file updates.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@218 510a4753-2344-4c79-9c09-4d669213fbeb
README | 24 +++++++++++++++++++++++-
TODO | 14 +++-----------
doc/README | 21 +++++++++++++++++++++
doc/fwknop.man.asciidoc | 11 ++++++-----
doc/libfko.texi | 8 ++++----
5 files changed, 57 insertions(+), 21 deletions(-)
commit dc6058d3a5b325ae07bfa6309cccf90fcec3802f
Author: Damien Stuart <dstart@dstuart.org>
Date: Wed Jun 16 03:12:00 2010 +0000
Tweaked firewall rule creation code. Added SNAT/MASQUERADE support. Fixed rule processing code so an INPUT rule was not created for NAT request. Still needs more review and testing.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@217 510a4753-2344-4c79-9c09-4d669213fbeb
server/fw_util.c | 239 ++++++++++++++++++++++++++++++++----------------
server/fw_util.h | 5 +-
server/fwknopd.conf | 72 +++++++++------
server/incoming_spa.c | 14 +++-
4 files changed, 216 insertions(+), 114 deletions(-)
commit 579ec77698efeccbc933d7bcfbd0431577a1ed20
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Jun 15 02:50:17 2010 +0000
Added support for FWKNOP_OUTPUT_ACCESS and NAT_ACCESS modes (still needs testing and tweaking).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@216 510a4753-2344-4c79-9c09-4d669213fbeb
server/access.conf | 11 ++-
server/fw_util.c | 234 ++++++++++++++++++++++++++++++++++++++++++-----
server/fw_util.h | 3 +
server/fwknopd_common.h | 6 +-
server/incoming_spa.c | 135 ++++++++++++++--------------
5 files changed, 294 insertions(+), 95 deletions(-)
commit fa12602f096c7a8428d6265820b9b9f3db4f1e90
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Jun 8 02:02:44 2010 +0000
Very minor comment and code tweaks (mostly just an excuse to test the relocation of the svn server).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@215 510a4753-2344-4c79-9c09-4d669213fbeb
server/fw_util.c | 14 ++++++++++----
server/fw_util.h | 7 ++++---
2 files changed, 14 insertions(+), 7 deletions(-)
commit aad2daadbfe4285fb9ece3153d7517ce9041f8d0
Author: Damien Stuart <dstart@dstuart.org>
Date: Mon May 17 01:27:26 2010 +0000
First cut at creating access rules and removing them when they expire (not sure I like this implementation but it is a start).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@214 510a4753-2344-4c79-9c09-4d669213fbeb
server/access.c | 8 +-
server/access.h | 6 +-
server/extcmd.c | 2 +
server/fw_util.c | 283 ++++++++++++++++++++++++++++++++++++++++++++---
server/fw_util.h | 18 +++
server/fwknopd.c | 7 +-
server/fwknopd_common.h | 45 +++++---
server/incoming_spa.c | 208 +++++++++++++++++++---------------
server/pcap_capture.c | 4 +-
9 files changed, 447 insertions(+), 134 deletions(-)
commit bf9e165165021db01828da6a67a2488e3606a70e
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Apr 25 14:44:01 2010 +0000
Added the fwknopd.8 man page.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@213 510a4753-2344-4c79-9c09-4d669213fbeb
server/fwknopd.8 | 568 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 568 insertions(+), 0 deletions(-)
commit 0008cdc86c0e329a98f78cd786a5e0ac1c86bf0c
Author: Damien Stuart <dstart@dstuart.org>
Date: Wed Apr 14 01:59:02 2010 +0000
Minor tweaks to firewall rules processing and external command execution code.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@212 510a4753-2344-4c79-9c09-4d669213fbeb
server/extcmd.c | 14 ++++++++++----
server/fw_util.c | 7 -------
2 files changed, 10 insertions(+), 11 deletions(-)
commit 83a10b96f6a121240e738fda9a8b123a65bf1992
Author: Damien Stuart <dstart@dstuart.org>
Date: Mon Apr 12 12:41:57 2010 +0000
Started firewall rule processing. Added rule initialization. Added some of the initial routines for external command execution with ability to capture stdout, stderr, and exit status.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@211 510a4753-2344-4c79-9c09-4d669213fbeb
server/Makefile.am | 2 +-
server/config_init.c | 52 +++++--
server/extcmd.c | 261 ++++++++++++++++++++++++++++++++
server/extcmd.h | 71 +++++++++
server/fw_util.c | 384 +++++++++++++++++++++++++++++++++++++++++++++++
server/fw_util.h | 36 +++++
server/fwknopd.c | 5 +
server/fwknopd.conf | 17 ++-
server/fwknopd_common.h | 98 +++++++++++--
9 files changed, 894 insertions(+), 32 deletions(-)
commit 9282a0fd29ab1d5363daf68bee361eadf936363d
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Mar 14 03:45:03 2010 +0000
Changed to fix possible double-free bug under some circumstances.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@210 510a4753-2344-4c79-9c09-4d669213fbeb
lib/fko_funcs.c | 1 +
lib/fko_state.h | 2 +-
server/incoming_spa.c | 10 ++++++++--
3 files changed, 10 insertions(+), 3 deletions(-)
commit f3c33c273bf18fab710e31da19d1e2aeac4b3ddd
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Feb 9 20:23:42 2010 +0000
Added an initial fwknopd.8 man page (and source asciidoc). Added the --locale and --no-locale command-line option support. The set_config_entry function now allows setting a config entry to NULL to clear and free it.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@209 510a4753-2344-4c79-9c09-4d669213fbeb
ChangeLog | 6 +
doc/Makefile.am | 2 +-
doc/README | 19 ++
doc/fwknopd.man.asciidoc | 457 ++++++++++++++++++++++++++++++++++++++++++++++
server/Makefile.am | 2 +
server/config_init.c | 33 +++-
server/config_init.h | 5 +-
server/fwknopd.c | 2 +-
server/fwknopd.conf | 29 +---
server/fwknopd_common.h | 17 +-
10 files changed, 525 insertions(+), 47 deletions(-)
commit d24b19ec946e67d216eff3fa5d78dd1fda160fcc
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Feb 7 03:30:46 2010 +0000
Updated TODO list (removed items that were compled and/or deprecated).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@208 510a4753-2344-4c79-9c09-4d669213fbeb
TODO | 15 ---------------
lib/fko_rand_value.c | 2 +-
2 files changed, 1 insertions(+), 16 deletions(-)
commit 43731722892392820fa629c4402f547e5fa96efa
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Feb 6 19:27:54 2010 +0000
Tweaks to eliminate warnings on win32 build of libfko and client.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@207 510a4753-2344-4c79-9c09-4d669213fbeb
client/fwknop.c | 2 +-
client/spa_comm.c | 3 ++-
lib/fko_rand_value.c | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
commit 7ba6482afb1823b8562cda590394df347d922243
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Feb 6 18:58:13 2010 +0000
Forgot to remove the m4 dir from Makefil.am
git-svn-id: file:///home/mbr/svn/fwknop/trunk@206 510a4753-2344-4c79-9c09-4d669213fbeb
Makefile.am | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
commit d0373a5b3386f5e459d069bb619a572207ec1e57
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Feb 6 03:43:54 2010 +0000
Fixed libfko so gpgme engine is gpg by default. Added functions to libfko to set/get path to gpgme engine. Fixed some memory leaks. Reworkd the get_user_pw routine. Added code in fwknopd to put back the "hQ" string on the front of incoming GPG-encypted message data. Removed the previously add pretty-print routine to configure. Updated configure to check for path to gpg executable. Updated docs accordingly.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@205 510a4753-2344-4c79-9c09-4d669213fbeb
ChangeLog | 14 +++
autogen.sh | 2 +-
client/fwknop.c | 44 +++++---
configure.ac | 52 ++++++---
doc/libfko.texi | 17 +++-
lib/cipher_funcs.h | 11 +-
lib/fko.h | 16 ++-
lib/fko_context.h | 1 +
lib/fko_encryption.c | 158 +++++++++++++++++++++-----
lib/fko_error.c | 5 +-
lib/fko_funcs.c | 28 +++--
lib/gpgme_funcs.c | 53 +++------
m4/acinclude.m4 | 273 -------------------------------------------
m4/gpgme.m4 | 307 -------------------------------------------------
server/incoming_spa.c | 110 ++++++++++++++----
15 files changed, 370 insertions(+), 721 deletions(-)
commit 02e5d45bf0ca861acc89d206d80404689949f7c2
Author: Damien Stuart <dstart@dstuart.org>
Date: Sun Jan 31 01:42:49 2010 +0000
Bumped working version to 2.0.0-alpha-pre2 to differentiate from the tagged 2.0.0-alpha-pre1. Updated Changelog.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@204 510a4753-2344-4c79-9c09-4d669213fbeb
ChangeLog | 22 +++++++++++++++++-----
configure.ac | 2 +-
2 files changed, 18 insertions(+), 6 deletions(-)
commit e3bd3b703e8a6cab07c0e0d24f145da40b0fe1cb
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Jan 30 20:22:53 2010 +0000
Added additional sanity checks and clean-up of access.conf processing and functionality. Fixes require source and added check for required username. Added fallback to use GPG_DECRYPT_PW if it was set and the normal KEY failed with a decyption error. Fixed packet count checks to allow a limit of 0 to mean unlimited number of packets.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@203 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 1 +
doc/libfko.texi | 10 +++--
server/access.c | 70 ++++++++++++++++++++++++++----
server/access.conf | 2 +-
server/fwknopd_common.h | 2 +-
server/incoming_spa.c | 111 ++++++++++++++++++++++++++++++++++++----------
server/pcap_capture.c | 28 ++++++------
7 files changed, 172 insertions(+), 52 deletions(-)
commit 903f5f466c76d4bf617e93bdf50a67d02f4108a6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jan 20 01:34:23 2010 +0000
updated to call dump_access_list() if -D was given to dump config information
git-svn-id: file:///home/mbr/svn/fwknop/trunk@202 510a4753-2344-4c79-9c09-4d669213fbeb
server/fwknopd.c | 18 ++++++++++--------
1 files changed, 10 insertions(+), 8 deletions(-)
commit e8b875789b107283cad7d4079e9e86d4273bf53c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jan 20 01:20:36 2010 +0000
Update to call parse_proto_and_port() before allocating a new port list. This
fixes the following stack trace when generating an SPA packet that contains
"none/0" for the port list:
Program received signal SIGABRT, Aborted.
0x00007ffff74574b5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) where
#0 0x00007ffff74574b5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007ffff745af50 in *__GI_abort () at abort.c:92
#2 0x00007ffff748fc97 in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3 0x00007ffff7499dd6 in malloc_printerr (action=3, str=0x7ffff755b748 "double free or corruption (fasttop)", ptr=<value optimized out>) at malloc.c:6217
#4 0x00007ffff749e74c in *__GI___libc_free (mem=<value optimized out>) at malloc.c:3716
#5 0x000000000040570c in free_acc_port_list (acc=0x60a1c0, port_str=0x7fffffffdc20 "none/0") at access.c:390
#6 acc_check_port_access (acc=0x60a1c0, port_str=0x7fffffffdc20 "none/0") at access.c:892
#7 0x0000000000403f4a in incoming_spa (opts=<value optimized out>) at incoming_spa.c:229
#8 0x00000000004041eb in pcap_capture (opts=0x7fffffffde40) at pcap_capture.c:155
#9 0x0000000000402ba7 in main (argc=9, argv=0x7fffffffe6e8) at fwknopd.c:241
git-svn-id: file:///home/mbr/svn/fwknop/trunk@201 510a4753-2344-4c79-9c09-4d669213fbeb
server/access.c | 15 ++++++---------
1 files changed, 6 insertions(+), 9 deletions(-)
commit b34c506a90e9fe4eda22c5dec367179f5ca36d5c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jan 20 01:18:12 2010 +0000
bug fix to ensure the --last-cmd re-parsing of command line args via getopt_long() has a reset index
git-svn-id: file:///home/mbr/svn/fwknop/trunk@200 510a4753-2344-4c79-9c09-4d669213fbeb
client/fwknop.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
commit daca01a2c656a3103db502b1aca6c338b31d2534
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jan 19 02:51:37 2010 +0000
Added minor validation code to access.conf parsing to ensure that a SOURCE stanza
begins with the SOURCE variable and that there is at least one usage of the
OPEN_PORTS and KEY variables. The OPEN_PORTS requirement might be relaxed when
PERMIT_CLIENT_PORTS handling is added.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@199 510a4753-2344-4c79-9c09-4d669213fbeb
server/access.c | 27 ++++++++++++++++++++++++---
1 files changed, 24 insertions(+), 3 deletions(-)
commit ca531c3dccc804acad9101d61eeb5daa5c09d065
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jan 19 02:48:41 2010 +0000
bug fix in --packet-limit handling to ensure multi-packet processing when the arg is not used
git-svn-id: file:///home/mbr/svn/fwknop/trunk@198 510a4753-2344-4c79-9c09-4d669213fbeb
server/fwknopd.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
commit 33cb0d48269ec95866eade22bbe854d6955bed35
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jan 16 22:09:14 2010 +0000
added --server-cmd arg to fwknop client man page and help output
git-svn-id: file:///home/mbr/svn/fwknop/trunk@197 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 3 ++-
client/config_init.h | 2 +-
doc/fwknop.man.asciidoc | 27 +++++++++++++++++----------
3 files changed, 20 insertions(+), 12 deletions(-)
commit cee622aab5779012d0d233cec118c4a37538ac34
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jan 16 21:11:27 2010 +0000
added --last-cmd argument to fwknop(8) man page via the fwknop.man.asciidoc file
git-svn-id: file:///home/mbr/svn/fwknop/trunk@196 510a4753-2344-4c79-9c09-4d669213fbeb
doc/fwknop.man.asciidoc | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
commit 1092e6ef4676562518899ddb37fbda7b485567e3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jan 16 14:59:36 2010 +0000
* Fixed a few minor warnings like the following:
cipher_funcs.c:85: warning: ignoring return value of ‘fread’, declared with attribute warn_unused_result
A few of these were in code in the lib/ directory, and required adding a
new error code 'FKO_ERROR_FILESYSTEM_OPERATION' and associated error
string 'Read/write bytes mismatch'.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@195 510a4753-2344-4c79-9c09-4d669213fbeb
lib/cipher_funcs.c | 25 ++++++++++++++++++-------
lib/fko.h | 1 +
lib/fko_encode.c | 2 +-
lib/fko_error.c | 3 +++
lib/fko_rand_value.c | 6 +++++-
lib/gpgme_funcs.c | 11 +++++++++--
server/fwknopd.c | 12 +++++++-----
7 files changed, 44 insertions(+), 16 deletions(-)
commit 80bde174adb5378a1589dd66a14feba19bc21454
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jan 16 14:35:22 2010 +0000
(legacy code) (test suite) Bug fix for GnuPG SPA/HTTP tests not pointing to the proper HTTP output file
git-svn-id: file:///home/mbr/svn/fwknop/trunk@194 510a4753-2344-4c79-9c09-4d669213fbeb
perl/legacy/fwknop/test/fwknop_test.pl | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
commit d1fae9bee1e0c9a8b2afa8c4a90b9a78e2e7b2d8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jan 16 01:05:41 2010 +0000
* Added a new command line argument "--last-cmd" to run the fwknop client
with the same command line arguments as the previous time it was
executed. The previous arguments are parsed out of the ~/.fwknop.run
file (if it exists).
* Bug fix to not send any SPA packet out on the wire if a NULL password/key
is provided to the fwknop client. This could happen if the user tried to
abort fwknop execution by sending the process a SIGINT while being
prompted to enter the password/key for SPA encryption.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@193 510a4753-2344-4c79-9c09-4d669213fbeb
ChangeLog | 10 +++++
client/config_init.c | 13 +++++-
client/config_init.h | 3 +-
client/fwknop.c | 106 +++++++++++++++++++++++++++++++++++++++++------
client/fwknop_common.h | 1 +
5 files changed, 116 insertions(+), 17 deletions(-)
commit 4e128083457b775ab552a620016f0623761490f3
Author: Damien Stuart <dstart@dstuart.org>
Date: Mon Jan 11 01:33:38 2010 +0000
Added support for multiple GPG_REMOTE_ID values from access.conf (still need to implement the use of those however). Also, went back to support colons (:) as an optional part of the access.conf parameter name (better to keep backward compatibility).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@192 510a4753-2344-4c79-9c09-4d669213fbeb
server/access.c | 102 +++++++++++++++++++++++++++++++++++++++++++++++
server/access.conf | 6 +-
server/fwknopd_common.h | 10 +++++
3 files changed, 115 insertions(+), 3 deletions(-)
commit d2ec56b6ce493d81ffb293386212c0f578836534
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jan 9 14:22:22 2010 +0000
minor update to the fwknop client to use '#define GETOPTS_OPTION_STRING' for
getopt() command line arg processing.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@191 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 2 +-
client/config_init.h | 4 ++++
2 files changed, 5 insertions(+), 1 deletions(-)
commit bcdef1938a75a625394ee892457a3142af57e4c2
Author: Damien Stuart <dstart@dstuart.org>
Date: Wed Jan 6 03:05:45 2010 +0000
Commented out AM_MAINTAINER_MODE.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@190 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit b32c23e12ec45d270478f4ff8a94dc3ee9c18fcb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jan 6 00:53:23 2010 +0000
added -a arg to fwknopd usage() output
git-svn-id: file:///home/mbr/svn/fwknop/trunk@189 510a4753-2344-4c79-9c09-4d669213fbeb
server/config_init.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
commit be37cecda17f44c9ef875b894b47d5239a8916a9
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Jan 5 00:06:56 2010 +0000
Updated changelog. Made the fwknop.man.asciidoc match the changes made to the fwknopd.8 manpage.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@188 510a4753-2344-4c79-9c09-4d669213fbeb
ChangeLog | 16 ++++++++++++++++
doc/fwknop.man.asciidoc | 5 +++++
2 files changed, 21 insertions(+), 0 deletions(-)
commit 11cedcf3eb610e9e747cd74d7d5de897cff4f02a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 4 04:08:58 2010 +0000
Added --access-file command line arg to fwknopd so that the path to the
access.conf file can be specified from the command line.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@187 510a4753-2344-4c79-9c09-4d669213fbeb
server/access.c | 16 ++++++++--------
server/access.h | 2 +-
server/config_init.c | 9 +++++++++
server/config_init.h | 3 ++-
server/fwknopd.c | 2 +-
server/fwknopd.conf | 2 +-
server/fwknopd_common.h | 4 ++--
7 files changed, 24 insertions(+), 14 deletions(-)
commit ed6a01d9965e692f4455c7d80ac89c1e68e67054
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 4 00:36:39 2010 +0000
removed unnecessary --no-save arg since --no-save-args covers it
git-svn-id: file:///home/mbr/svn/fwknop/trunk@186 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.h | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
commit 1d91143a25d1bc17fd9228195423d41c61a4af69
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 4 00:36:03 2010 +0000
added --http-proxy argument to the fwknop.8 man page
git-svn-id: file:///home/mbr/svn/fwknop/trunk@185 510a4753-2344-4c79-9c09-4d669213fbeb
client/fwknop.8 | 24 +++++++++++++++++++++---
1 files changed, 21 insertions(+), 3 deletions(-)
commit 5c5d8d92dfdeae86f878add69f866d38efe0c205
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jan 4 00:35:06 2010 +0000
added --http-proxy and --no-save-args to usage() output
git-svn-id: file:///home/mbr/svn/fwknop/trunk@184 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
commit 055aa365cb91b8c937113736b96d9c7757084fe4
Author: Damien Stuart <dstart@dstuart.org>
Date: Mon Jan 4 00:20:19 2010 +0000
Added access.conf handling and processing. Added a new acces.conf parameter: RESTRICT_PORTS for specifying 1 or more proto/ports that are explicitly not allowed.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@183 510a4753-2344-4c79-9c09-4d669213fbeb
server/Makefile.am | 17 +-
server/access.c | 832 +++++++++++++++++++++++++++++++++++++++++++++++
server/access.conf | 159 +++++++++
server/access.h | 41 +++
server/config_init.c | 4 +-
server/config_init.h | 2 +-
server/fwknopd.c | 16 +-
server/fwknopd.conf | 14 +-
server/fwknopd_common.h | 63 ++++-
server/incoming_spa.c | 149 ++++++++-
10 files changed, 1253 insertions(+), 44 deletions(-)
commit 852a65394248bc75e531200cff1331af405e77e9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 3 21:27:57 2010 +0000
minor spacing fix
git-svn-id: file:///home/mbr/svn/fwknop/trunk@182 510a4753-2344-4c79-9c09-4d669213fbeb
client/fwknop.8 | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit ba68afc37b833a8d0d3e920b9f6d85b3645a9da7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 3 04:52:25 2010 +0000
added Id tag expansion
git-svn-id: file:///home/mbr/svn/fwknop/trunk@181 510a4753-2344-4c79-9c09-4d669213fbeb
server/config_init.c | 2 +-
server/config_init.h | 2 +-
server/fwknopd.h | 2 +-
server/fwknopd_common.h | 2 +-
server/incoming_spa.h | 2 +-
server/log_msg.c | 2 +-
server/log_msg.h | 2 +-
server/pcap_capture.h | 2 +-
server/process_packet.c | 2 +-
server/process_packet.h | 2 +-
server/replay_dbm.c | 2 +-
server/replay_dbm.h | 2 +-
server/sig_handler.c | 2 +-
server/sig_handler.h | 2 +-
server/utils.c | 2 +-
server/utils.h | 2 +-
16 files changed, 16 insertions(+), 16 deletions(-)
commit 510702dc1834a47c096f412fe62ff29cd273f2e4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 3 04:49:51 2010 +0000
added Id tag expansion
git-svn-id: file:///home/mbr/svn/fwknop/trunk@180 510a4753-2344-4c79-9c09-4d669213fbeb
client/config_init.c | 2 +-
client/config_init.h | 2 +-
client/fwknop_common.h | 2 +-
client/http_resolve_host.c | 8 ++++----
client/utils.h | 2 +-
5 files changed, 8 insertions(+), 8 deletions(-)
commit 153a0964e2d1e7a6fccaf7cfd7d58bbec057c7e2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 3 04:37:37 2010 +0000
Added --packet-limit to fwknopd so that the number of incoming candidate
SPA packets can be limited from the command line. When this limit is
reached (any packet that contains application layer data and passes the
pcap filter is included in the count) then fwknopd exits.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@179 510a4753-2344-4c79-9c09-4d669213fbeb
ChangeLog | 6 ++++++
server/config_init.c | 7 ++++++-
server/config_init.h | 3 ++-
server/fwknopd.c | 7 +++++++
server/fwknopd_common.h | 6 ++++++
server/pcap_capture.c | 11 +++++++++++
6 files changed, 38 insertions(+), 2 deletions(-)
commit 9e4efa55baf3c97f1855ad3d24c51c8fd3472f63
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 3 02:00:26 2010 +0000
minor update to include the -f arg in the usage() output
git-svn-id: file:///home/mbr/svn/fwknop/trunk@178 510a4753-2344-4c79-9c09-4d669213fbeb
server/config_init.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
commit 909ff4eaecbf78d3bc1b7e5ffaa9958dd4c40892
Author: Damien Stuart <dstart@dstuart.org>
Date: Sat Jan 2 16:42:07 2010 +0000
Added check for and create of run dir and/or basename of digest_cache (if different from run dir). Added set_locale() call based on LOCALE setting in the conf file.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@177 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 2 +-
server/config_init.c | 45 +++++++++--
server/fwknopd.c | 197 +++++++++++++++++++++++++++++++++++++++++++++-
server/fwknopd.h | 4 +
server/fwknopd_common.h | 19 +++--
5 files changed, 245 insertions(+), 22 deletions(-)
commit d8dc9be9412b8103f4f6b68e45ba84d0d21507c1
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Dec 29 20:16:52 2009 +0000
Added check for SPA packet age against the MAX_SPA_PACKET_AGE if ENABLE SPA_PACKET_AGING is set to "Y" in the conf file. Made the digest cache check only of ENABLE_DIGEST_PERSISTENCE is "Y".
git-svn-id: file:///home/mbr/svn/fwknop/trunk@176 510a4753-2344-4c79-9c09-4d669213fbeb
Makefile.am | 2 +-
server/config_init.c | 28 +++++++++++----------
server/fwknopd_common.h | 14 ++++++++++
server/incoming_spa.c | 61 ++++++++++++++++++++++++++++++++++++++++------
server/replay_dbm.c | 10 ++++----
5 files changed, 88 insertions(+), 27 deletions(-)
commit 142d07142bc60860c01807675b5ad9668c78ca10
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Dec 29 04:27:54 2009 +0000
Fixed incorrect variable in configure.ac.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@175 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit b8235802032a7069d1574c266a5749866a54cb33
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Dec 29 03:56:32 2009 +0000
Added configure args for specifying specific pathes to the local executables used by fwknopd.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@174 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++-------
1 files changed, 121 insertions(+), 16 deletions(-)
commit 2310b366ee16f3e5f1a59c2c07e9081d3123d1de
Author: Damien Stuart <dstart@dstuart.org>
Date: Tue Dec 29 02:45:47 2009 +0000
Made local exe checks run only of a server is being built. Removed checks for external progs that may not be needed yet.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@173 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 87 ++++++++++++++++++++++++++++++----------------------------
1 files changed, 45 insertions(+), 42 deletions(-)
commit 861c0e8e1a87b8bdac7118b81dfc13de722d5260
Author: Damien Stuart <dstart@dstuart.org>
Date: Mon Dec 28 03:20:55 2009 +0000
Autoconf updates for detecting locally installed program paths and changes to facilitate portability. Also set AM_MAINTAINER_MODE so we are not forced to regen/reconfigure when we change one of the autoconf source files (but we do now need to remember to do it ourselves before making a new dist).
git-svn-id: file:///home/mbr/svn/fwknop/trunk@172 510a4753-2344-4c79-9c09-4d669213fbeb
Makefile.am | 2 +
autogen.sh | 2 +-
configure.ac | 246 +++++++++++++++++++------------------
m4/acinclude.m4 | 273 +++++++++++++++++++++++++++++++++++++++++
m4/gpgme.m4 | 307 +++++++++++++++++++++++++++++++++++++++++++++++
server/fwknopd.c | 2 -
server/fwknopd.h | 19 +++
server/process_packet.c | 5 +-
server/process_packet.h | 9 ++
9 files changed, 740 insertions(+), 125 deletions(-)
commit f6b98cab8791b248ed95a56d79abd60e60fd4107
Author: Damien Stuart <dstart@dstuart.org>
Date: Fri Dec 18 13:43:49 2009 +0000
The default conf and run directories are captured from the autoconf output. Added post install hook to create the xxx/var/run/fwknop directory (which works, but breaks the "make distcheck" feature of autoconf). Changed order of config processing and set conf struct for some default and overridden parameters so they will be shown properly when -D is used.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@171 510a4753-2344-4c79-9c09-4d669213fbeb
server/Makefile.am | 15 ++++++++++++++-
server/config_init.c | 23 ++++++++++++++++++++++-
server/fwknopd.conf | 10 +++++-----
server/fwknopd_common.h | 18 ++++++++++++++++--
server/log_msg.c | 10 +++++-----
server/replay_dbm.c | 9 ++++++---
6 files changed, 68 insertions(+), 17 deletions(-)
commit 814d7d3565269592670316fa6f9c9729bf15b8ae
Author: Damien Stuart <dstart@dstuart.org>
Date: Mon Dec 7 03:48:53 2009 +0000
Fixed bug in signal handling when libpcap version 1.0 is used. Minor doc update.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@170 510a4753-2344-4c79-9c09-4d669213fbeb
doc/libfko.texi | 4 ++--
server/fwknopd.c | 1 -
server/pcap_capture.c | 15 ++++++++-------
3 files changed, 10 insertions(+), 10 deletions(-)
commit fecdd4a76462b4dd6bbeaee516622def0d64a9a0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Nov 20 05:17:02 2009 +0000
bumped version to 2.0.0-alpha-pre1
git-svn-id: file:///home/mbr/svn/fwknop/trunk@168 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
commit 4d2521bcd8f07e649f78ea6c04919ead76c32afb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Nov 20 05:16:06 2009 +0000
minor bug fix to not append --Server-port option in --rand-port mode
git-svn-id: file:///home/mbr/svn/fwknop/trunk@167 510a4753-2344-4c79-9c09-4d669213fbeb
perl/legacy/fwknop/test/fwknop_test.pl | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
commit 7401ef9644dc4715b8612ab1250b1e81c057819a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Nov 20 05:15:44 2009 +0000
minor bug fix to ensure that -R resolution work with --URL=http://www.cipherdyne.org/cgi/clientip.cgi
git-svn-id: file:///home/mbr/svn/fwknop/trunk@166 510a4753-2344-4c79-9c09-4d669213fbeb
perl/legacy/fwknop/fwknop | 16 +++++++++-------
1 files changed, 9 insertions(+), 7 deletions(-)
commit 867990aa7d09acbf7c24878d917007e98318ada8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Nov 20 04:52:32 2009 +0000
* (Legacy code) Bug fix to allow the --rand-port argument to function along
without an inappropriate check for the --Server-port arg.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@165 510a4753-2344-4c79-9c09-4d669213fbeb
ChangeLog | 2 ++
perl/legacy/fwknop/fwknop | 2 +-
2 files changed, 3 insertions(+), 1 deletions(-)
commit fc8e8dd2dcc54c90118cc1a0556d9d3b60c33f92
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Nov 2 05:05:30 2009 +0000
(Legacy code) Applied patch from Jonthan Bennett to support the usage of
the http_proxy environmental variable for sending SPA packets through an
HTTP proxy. The patch also adds support for specifying an HTTP proxy
user and password via the following syntax:
'http://username:password@proxy.com:port' or
'http://username:password@proxy.com'
git-svn-id: file:///home/mbr/svn/fwknop/trunk@164 510a4753-2344-4c79-9c09-4d669213fbeb
ChangeLog | 8 +++++++
perl/legacy/fwknop/fwknop | 51 +++++++++++++++++++++++++++++++++++++++-----
2 files changed, 53 insertions(+), 6 deletions(-)
commit 5cf8813eac21edec19cc5dbf754df11e32cc3240
Author: Damien Stuart <dstart@dstuart.org>
Date: Mon Nov 2 01:46:56 2009 +0000
Updated digest cache to store additional information including src ip, created, first_replay, last_replay, and replay count.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@163 510a4753-2344-4c79-9c09-4d669213fbeb
configure.ac | 2 +-
server/replay_dbm.c | 71 ++++++++++++++++++++++++++++++++++++++++++--------
server/replay_dbm.h | 8 ++++++
3 files changed, 68 insertions(+), 13 deletions(-)
commit 2145aeac5b9e010d973b7d7eaa9f56c1a0e6155c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Oct 28 03:52:14 2009 +0000
added the latest http proxy fixes to the ChangeLog
git-svn-id: file:///home/mbr/svn/fwknop/trunk@162 510a4753-2344-4c79-9c09-4d669213fbeb
ChangeLog | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
commit 9dfe63e8582a9efe4cbd71219d4ee18b48900753
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Oct 28 03:51:30 2009 +0000