This is a significant commit that alters how the test suite interacts with the fwknop client and server by looking for indications that SPA packets are actually received. This is done by first waiting for 'main event loop' in fwknopd log output to ensure that fwknopd is ready to receive packets, sending the SPA packet(s), and then watching for for 'SPA Packet from IP' in fwknopd output. This is an improvement over the previous strategy that was only based on timeout values since it works identically regardless of whether fwknop is being run under valgrind or when the test suite is run on an embedded system with very limited resources. Another check is run for fwknopd receiving the SIGTERM signal to shutdown via 'fwknopd -K', and that failing, the test suite manually kills the process (though this should be rarely needed). The above strategy is the result of discussions with George Herlin who proposed the verification-based approach to test suite operations. Other things this commit changes is the ability to detect whether OpenSSL supports the 'hexkey:<key>' style specification for HMAC keys (an older version of FreeBSD doesn't support this) and falls back to the '-hmac <key>' method if not.
This commit was inspired through conversations with George Herlin.
… the python fko extension
Bug fix for --nat-rand-port mode to ensure that the port to be NAT'd is properly defined so that the fwknopd server will NAT connnections to this port instead of applying the NAT operation to the port that is to be accessed via -A. This change also prints the randomly assigned port to stdout regardless of whether --verbose mode is used (since it not then the user will have no idea which port is actually going to be NAT'd on the fwknopd side).
…as in SHA512)
Conflicts: client/fwknop.c lib/fko_hmac.c
This is a fairly significant commit that lays the groundwork for getting selectable HMAC modes working for both the client and server. One libfko API change was required so that the hmac_type is passed into fko_new_with_data(). This allows the server to set the hmac_type via access.conf stanzas. The effort in this commit will be extended to allow HMAC MD5, SHA1, and SHA512 also function properly.
…ko changes and additions to the fko python module code.