…directly with --afl-pkt-file
…dently of iptables)
…compile tests after gcov profiling stuff
…pd not linking against libpcap
… arg for the test suite
…fwknop_utests and fwknopd_utests binaries. When profil coverage is enbaled, lcov filee are parsed by test-fwknop.pl and added to the main profil coverage report in the output directory. Running make from the main directory build the c-unit test suites if enabled.
External IP resolution via '-R' (or '--resolve-ip-http') is now done via SSL by default. The IP resolution URL is now 'https://www.cipherdyne.org/cgi-gin/myip';, and a warning is generated in '-R' mode whenever a non-HTTPS URL is specified (it is safer just to use the default). The fwknop client leverages 'wget' for this operation since that is cleaner than having fwknop link against an SSL library.
When validating access.conf stanzas make sure that one of GPG_REMOTE_ID or GPG_FINGERPRINT_ID is specified whenever GnuPG signatures are to be verified for incoming SPA packets. Signature verification is the default, and can only be disabled with GPG_DISABLE_SIG but this is NOT recommended.
Add a new GPG_FINGERPRINT_ID variable to the access.conf file so that full GnuPG fingerprints can be required for incoming SPA packets in addition to the appreviated GnuPG signatures listed in GPG_REMOTE_ID. From the test suite, an example fingerprint is GPG_FINGERPRINT_ID 00CC95F05BC146B6AC4038C9E36F443C6A3FAD56