Please sign in to comment.
Added access stanza expiration feature, multiple access stanza bug fix
This commit does two major things: 1) Two new access.conf variables are added "ACCESS_EXPIRE" and "ACCESS_EXPIRE_EPOCH" to allow access stanzas to be expired without having to modify the access.conf file and restart fwknopd. 2) Allow an access stanza that matches the SPA source address to not automatically short circuit other stanzas if there is an error (such as when there are multiple encryption keys involved and an incoming SPA packet is meant for, say, the second stanza and the first therefore doesn't allow proper decryption).
- Loading branch information...
Showing with 530 additions and 308 deletions.
- +11 −0 doc/fwknopd.man.asciidoc
- +70 −29 server/access.c
- +1 −1 server/access.h
- +1 −1 server/fw_util_iptables.c
- +2 −0 server/fwknopd_common.h
- +367 −275 server/incoming_spa.c
- +1 −1 server/incoming_spa.h
- +4 −0 test/conf/expired_epoch_stanza_access.conf
- +4 −0 test/conf/expired_stanza_access.conf
- +19 −0 test/conf/multi_stanzas_with_broken_keys.conf
- +50 −1 test/test-fwknop.pl
Oops, something went wrong.