Permalink
Browse files

Set pcap non-block mode back on unless it is a freebsd system. Server…

… verbose output no longer shows access key or GPG password.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@290 510a4753-2344-4c79-9c09-4d669213fbeb
  • Loading branch information...
1 parent 4f50484 commit bbe8c9d7a16cf0c139631975b1c1f4aebf10638b Damien Stuart committed Oct 21, 2010
Showing with 18 additions and 7 deletions.
  1. +2 −2 configure.ac
  2. +4 −4 server/access.c
  3. +1 −1 server/pcap_capture.c
  4. +11 −0 server/pcap_capture.h
View
@@ -7,7 +7,7 @@ dnl Inspiration from RRDtool configure.ac, the AutoConf Archive
dnl (http://www.nongnu.org/autoconf-archive/), and other examples.
dnl Minimum Autoconf version required.
-AC_PREREQ(2.61)
+AC_PREREQ(2.62)
dnl Define our name, version and email.
m4_define(my_package, [fwknop])
@@ -24,7 +24,7 @@ AM_INIT_AUTOMAKE([tar-ustar -Wall -Werror foreign])
dnl AM_MAINTAINER_MODE
-AC_CONFIG_HEADER([config.h])
+AC_CONFIG_HEADERS([config.h])
dnl The top of our header
dnl
View
@@ -1036,31 +1036,31 @@ dump_access_list(fko_srv_options_t *opts)
"==============================================================\n"
" OPEN_PORTS: %s\n"
" RESTRICT_PORTS: %s\n"
- " KEY: %s\n"
+ " KEY: <see the access.conf file>\n"
" FW_ACCESS_TIMEOUT: %i\n"
" ENABLE_CMD_EXEC: %s\n"
" CMD_EXEC_USER: %s\n"
" REQUIRE_USERNAME: %s\n"
" REQUIRE_SOURCE_ADDRESS: %s\n"
" GPG_HOME_DIR: %s\n"
" GPG_DECRYPT_ID: %s\n"
- " GPG_DECRYPT_PW: %s\n"
+ " GPG_DECRYPT_PW: <see the access.conf file>\n"
" GPG_REQUIRE_SIG: %s\n"
"GPG_IGNORE_SIG_VERIFY_ERROR: %s\n"
" GPG_REMOTE_ID: %s\n",
++i,
acc->source,
(acc->open_ports == NULL) ? "<not set>" : acc->open_ports,
(acc->restrict_ports == NULL) ? "<not set>" : acc->restrict_ports,
- (acc->key == NULL) ? "<not set>" : acc->key,
+ //(acc->key == NULL) ? "<not set>" : acc->key,
acc->fw_access_timeout,
acc->enable_cmd_exec ? "Yes" : "No",
(acc->cmd_exec_user == NULL) ? "<not set>" : acc->cmd_exec_user,
(acc->require_username == NULL) ? "<not set>" : acc->require_username,
acc->require_source_address ? "Yes" : "No",
(acc->gpg_home_dir == NULL) ? "<not set>" : acc->gpg_home_dir,
(acc->gpg_decrypt_id == NULL) ? "<not set>" : acc->gpg_decrypt_id,
- (acc->gpg_decrypt_pw == NULL) ? "<not set>" : acc->gpg_decrypt_pw,
+ //(acc->gpg_decrypt_pw == NULL) ? "<not set>" : acc->gpg_decrypt_pw,
acc->gpg_require_sig ? "Yes" : "No",
acc->gpg_ignore_sig_error ? "Yes" : "No",
(acc->gpg_remote_id == NULL) ? "<not set>" : acc->gpg_remote_id
View
@@ -137,7 +137,7 @@ pcap_capture(fko_srv_options_t *opts)
* to actually use this mode (which when set on a FreeBSD
* system, it silently breaks the packet capture).
*/
- if((pcap_setnonblock(pcap, 0, errstr)) == -1)
+ if((pcap_setnonblock(pcap, DEF_PCAP_NONBLOCK, errstr)) == -1)
{
log_msg(LOG_ERR, "[*] Error setting pcap nonblocking to %i: %s",
0, errstr
View
@@ -31,6 +31,17 @@
*/
#define MAX_PCAP_ERRORS_BEFORE_BAIL 100
+/* We normally want pcap in non-blockinbg mode, but this seems to be
+ * broken on FreeBSD 7 (at least my test host), so we'll set the default
+ * mode to on unless it is a FreeBSD system. --DSS XXX: What we really need
+ * to do is figure out what the difference is and address it correctly.
+*/
+#if defined(__FreeBSD__)
+ #define DEF_PCAP_NONBLOCK 0
+#else
+ #define DEF_PCAP_NONBLOCK 1
+#endif
+
/* Prototypes
*/
int pcap_capture(fko_srv_options_t *opts);

0 comments on commit bbe8c9d

Please sign in to comment.