1 commit c9f5e495bb754213180d2039499b47d1f0f36c8d (HEAD, refs/remotes/web/master, refs/remotes/origin/master, refs/heads/master)
2 Author: Michael Rash <mbr@cipherdyne.org>
3 Date: Sun Dec 9 15:29:46 2012 -0500
5 bumped libfko and libfko-devel to 1.0.0
7 fwknop.spec | 8 ++++++--
8 1 file changed, 6 insertions(+), 2 deletions(-)
10 commit 3c11b262433c46bad873191ffd5b5e1be953714f
11 Author: Michael Rash <mbr@cipherdyne.org>
12 Date: Sun Dec 9 15:29:03 2012 -0500
14 todo.org fwknop-2.0.4 released
17 1 file changed, 2 insertions(+)
19 commit e4751f9f5e26f0a93dcc47b9f7f77f273407d741
20 Author: Michael Rash <mbr@cipherdyne.org>
21 Date: Sun Dec 9 15:27:36 2012 -0500
23 fixed fwknop-2.0.4 release date
26 1 file changed, 1 insertion(+), 1 deletion(-)
28 commit 59fe04787b81d49aacde5ced63c55b42bd40b2c0
29 Author: Michael Rash <mbr@cipherdyne.org>
30 Date: Sun Dec 9 15:25:14 2012 -0500
32 [test suite] minor 're-run make' bug fix for perl FKO module installation
34 test/test-fwknop.pl | 20 ++++++++++++++------
35 1 file changed, 14 insertions(+), 6 deletions(-)
37 commit 5f598bbf7f7ed8af8c2b60cd272922f6889aac81
38 Author: Damien Stuart <dstuart@dstuart.org>
39 Date: Sun Dec 9 12:30:43 2012 -0500
41 Added Les Aker's changes: Look for glibtoolize if libtoolize is not available (for Macs). Added USE_GPG_AGENT option for .fwknoprc
43 autogen.sh | 11 ++++++++++-
44 client/config_init.c | 6 ++++++
45 2 files changed, 16 insertions(+), 1 deletion(-)
47 commit 8078b0ec1f1362246537956beb57ce0597dcbc99
48 Author: Michael Rash <mbr@cipherdyne.org>
49 Date: Sun Dec 9 10:28:50 2012 -0500
51 Commented out Devel::Checklib since this is most likely for CPAN anyway
53 There were portability issues on FreeBSD when Devel::Checklib was in use, but
54 this can be added back in for a CPAN version of the perl FKO module.
56 perl/FKO/Makefile.PL | 11 ++++++-----
57 perl/FKO/README | 4 ++++
58 2 files changed, 10 insertions(+), 5 deletions(-)
60 commit a673406ebdb9910adf69887e0d28dd9382df9b3c
61 Author: Michael Rash <mbr@cipherdyne.org>
62 Date: Sat Dec 8 20:58:17 2012 -0500
64 [test suite] updated fuzzing tests to allow usernames with '.' chars
66 test/fuzzing/fuzzing_spa_packets | 4 ----
67 test/test-fwknop.pl | 1 -
68 2 files changed, 5 deletions(-)
70 commit 51a545dbaf7bc960556bf2e269592a879fd87bda
71 Merge: 05d4299 10f2d29
72 Author: Michael Rash <mbr@cipherdyne.org>
73 Date: Sat Dec 8 16:26:30 2012 -0500
75 Merge branch 'master' of github.com:mrash/fwknop
77 commit 10f2d295be41e9237d25436572f17feaf01b15e6
78 Author: Damien Stuart <dstuart@dstuart.org>
79 Date: Sat Dec 8 15:40:40 2012 -0500
81 Have libfko link strlxxx objects directly instead of libfko_util.
83 lib/Makefile.am | 2 +-
84 1 file changed, 1 insertion(+), 1 deletion(-)
86 commit 05d4299de1668b8486af47eec3e04243a1af9551
87 Author: Michael Rash <mbr@cipherdyne.org>
88 Date: Fri Dec 7 14:53:27 2012 -0500
90 made compilation warning check case-insensitive
92 test/test-fwknop.pl | 2 +-
93 1 file changed, 1 insertion(+), 1 deletion(-)
95 commit 39410044c50eb9d7e472aaa201debd37ef2bc188
96 Author: Damien Stuart <dstuart@dstuart.org>
97 Date: Fri Dec 7 11:38:31 2012 -0500
99 Set new libfko version. Client: allow dot (.) in validate_username, and display version and exit without creating an fko context.
101 client/fwknop.c | 22 +++++++++-------------
102 lib/Makefile.am | 2 +-
103 lib/fko_user.c | 4 ++--
104 3 files changed, 12 insertions(+), 16 deletions(-)
106 commit 88c66f647fe7690dc10f0f9aa185ca1126e4be24
107 Author: Michael Rash <mbr@cipherdyne.org>
108 Date: Mon Dec 3 22:45:39 2012 -0500
110 Revert "added got_allow_ip() wrapper around have_allow_ip() to fix an exported symbol issue noticed by Franck"
112 This reverts commit e57cfa2e235261b960986ecae0c7e86307159529. This is done
113 because libfko now restricts the symbols it exports to only those functions
114 that should be visible when making use of the library - internal libfko
115 functions should not be exported.
117 lib/fko_message.c | 6 ------
118 lib/fko_message.h | 1 -
119 2 files changed, 7 deletions(-)
121 commit 7df9edc1db9a695bc2bacf860f6fa870839b37e1
122 Merge: bcea440 e57cfa2
123 Author: Damien Stuart <dstuart@dstuart.org>
124 Date: Sun Dec 2 09:59:48 2012 -0500
126 Merge branch 'master' of github.com:mrash/fwknop
128 commit bcea440b873aebb56325ca0d3981dcc37b107faa
129 Author: Damien Stuart <dstuart@dstuart.org>
130 Date: Sun Dec 2 09:56:57 2012 -0500
132 Limited exported symbols in libfko to only the public (fko_) functions. Moved strlcat/cpy to a separate libfko_util lib.
134 client/Makefile.am | 2 +-
135 lib/Makefile.am | 12 ++++++++----
136 server/Makefile.am | 2 +-
137 3 files changed, 10 insertions(+), 6 deletions(-)
139 commit e57cfa2e235261b960986ecae0c7e86307159529
140 Author: Michael Rash <mbr@cipherdyne.org>
141 Date: Sat Dec 1 22:45:55 2012 -0500
143 added got_allow_ip() wrapper around have_allow_ip() to fix an exported symbol issue noticed by Franck
145 lib/fko_message.c | 6 ++++++
146 lib/fko_message.h | 1 +
147 2 files changed, 7 insertions(+)
149 commit e3c4c045c6f609551af9fa4c6fc354d3661017cc
150 Author: Damien Stuart <dstuart@dstuart.org>
151 Date: Sat Dec 1 11:06:41 2012 -0500
153 Changes to address header references, platform support, error messages, and the perl module test suite.
155 Rearranged headers to reduce duplication and remove local header
156 references from fko.h.
157 Removed references to headers that did not need to be explicitly set.
158 Moved the MAX_PROTO_STR_LEN and MAX_PORT_STR_LEN definitions to the
160 Fixed bug where invalid nat_access or command messages were returning
161 FKO_ERROR_INVALID_SPA_ACCESS_MSG error code instead of the one
162 appropriate to the message type.
163 Fixed bad nat_access_msg test in Perl module test suite (caught by new
166 android/project/jni/fwknop/fko.h | 2 --
167 android/project/jni/fwknop/fko_limits.h | 3 +++
168 android/project/jni/fwknop/fko_message.h | 13 -------------
169 common/common.h | 1 +
170 fwknop.spec | 6 ++++--
171 lib/Makefile.am | 2 +-
173 lib/fko_limits.h | 3 +++
174 lib/fko_message.c | 6 +++---
175 lib/fko_message.h | 3 ---
176 lib/fko_user.h | 2 +-
177 perl/FKO/t/02_functions.t | 4 ++--
178 12 files changed, 18 insertions(+), 29 deletions(-)
180 commit 1ec9f4ae94a76365a0293f50fe1b8475a2d57dcd
181 Author: Damien Stuart <dstuart@dstuart.org>
182 Date: Fri Nov 30 23:40:24 2012 -0500
184 Re-tweaks for accommodating the windows build and systems that do not have strnlen
186 common/common.h | 6 ++++++
187 lib/fko_common.h | 28 +++++++++++++++++++++++++---
188 lib/fko_message.c | 12 +++++++-----
189 win32/config.h | 3 +++
190 4 files changed, 41 insertions(+), 8 deletions(-)
192 commit eaba5813f349fed37664e5832c58f1e1404b7406
193 Author: Michael Rash <mbr@cipherdyne.org>
194 Date: Wed Nov 28 22:39:07 2012 -0500
196 Bug fix for perl FKO compilation
198 This commit removes lib/ includes of common/ header files that was breaking
199 the perl FKO module compilation.
201 lib/fko_message.c | 6 ++++++
202 lib/fko_message.h | 3 ---
203 2 files changed, 6 insertions(+), 3 deletions(-)
205 commit 04e0c9b560f6dcb4136e47fec1120d61628b860e
206 Author: Michael Rash <mbr@cipherdyne.org>
207 Date: Tue Nov 27 22:54:55 2012 -0500
209 [server] Ignore pcap non-blocking setting in --pcap-file mode
211 When setting --pcap-file mode from the command line some versions of libpcap
212 do not appear to allow non-blocking mode to be set and throw the following
215 [*] Error setting pcap nonblocking to 0:
217 This commit ignores the non-blocking setting in --pcap-file mode.
219 server/pcap_capture.c | 3 ++-
220 1 file changed, 2 insertions(+), 1 deletion(-)
222 commit 0337ae9fb66e6d33207d189856f4cf2fc0dffaa3
223 Merge: 4cb5add 524d69a
224 Author: Michael Rash <mbr@cipherdyne.org>
225 Date: Thu Nov 22 21:43:43 2012 -0500
227 Merge branch 'master' of github.com:mrash/fwknop
229 commit 524d69af239939c2faf5d0b09d735c40803b5716
230 Merge: 5873df7 11124b1
231 Author: Damien Stuart <dstuart@dstuart.org>
232 Date: Wed Nov 21 22:33:13 2012 -0500
234 Merge branch 'master' of github.com:mrash/fwknop
239 commit 5873df753ab4f4bac47385d0e07e73cbfb19194b
240 Author: Damien Stuart <dstuart@dstuart.org>
241 Date: Wed Nov 21 22:16:39 2012 -0500
243 Tweaks to fix autoconf-related portability issues and autogen.sh reliability
245 autogen.sh | 8 +++++++-
247 2 files changed, 8 insertions(+), 2 deletions(-)
249 commit 11124b1f9fc99a9a89a89fd3b5c5de71d4815927
250 Author: Damien Stuart <dstuart@dstuart.org>
251 Date: Wed Nov 21 22:16:39 2012 -0500
253 Tweaks to fix autoconf-related portability issues and autogen.sh reliability
255 autogen.sh | 8 +++++++-
257 2 files changed, 8 insertions(+), 2 deletions(-)
259 commit 4cb5add328c655ad5261ab3b5107bea51168b815
260 Author: Michael Rash <mbr@cipherdyne.org>
261 Date: Wed Nov 21 21:49:16 2012 -0500
263 revert 7db2d1e796bba7af393e2d5c40db65b95fcee066 (--disable-gpg arg) since --without-gpgme works properly
266 configure.ac | 118 ++++++++++++++++++++++++++--------------------------------
267 2 files changed, 52 insertions(+), 69 deletions(-)
269 commit fe8ac9800458e1ddabacc73f007bc86c9fbca212
270 Author: Michael Rash <mbr@cipherdyne.org>
271 Date: Wed Nov 21 21:29:26 2012 -0500
273 bug fix for firewall rule deletion check in backwards compatibility tests on FreeBSD and OpenBSD
275 test/test-fwknop.pl | 10 +++++-----
276 1 file changed, 5 insertions(+), 5 deletions(-)
278 commit bda539ebb4105cabb2d0f2f0c7bc5abb8af55d35
279 Author: Michael Rash <mbr@cipherdyne.org>
280 Date: Tue Nov 20 08:28:46 2012 -0500
282 removed duplicate android_access.conf file introduced in a local mrash commit
285 1 file changed, 1 deletion(-)
287 commit 7e583ed5a22b3ddefb6f7c3f9b4358fc3421ec8c
288 Merge: 049e1e9 1daa1c6
289 Author: Michael Rash <mbr@cipherdyne.org>
290 Date: Tue Nov 20 08:27:33 2012 -0500
292 Merge branch 'master' of github.com:mrash/fwknop
294 commit 1daa1c6795b37685f7485787355ccfa7b5edd24c
295 Author: Damien Stuart <dstuart@dstuart.org>
296 Date: Mon Nov 19 12:22:40 2012 -0500
298 Now commiting only the change to Makefile.am this time
301 1 file changed, 1 insertion(+), 1 deletion(-)
303 commit 617305504a9a54cd841ff5e1e8f84de7bb3995e6
304 Author: Damien Stuart <dstuart@dstuart.org>
305 Date: Mon Nov 19 12:19:12 2012 -0500
307 Revert "Tweaks to EXTRA_DIST. Added one missing and removed one invalid entry under the test directory."
309 This reverts commit 556ca2c146a598cddada4dd8cdf3f9b12f32f202.
312 client/.deps/fwknop-config_init.Po | 1 -
313 client/.deps/fwknop-fwknop.Po | 1 -
314 client/.deps/fwknop-getpasswd.Po | 1 -
315 client/.deps/fwknop-http_resolve_host.Po | 1 -
316 client/.deps/fwknop-spa_comm.Po | 1 -
317 client/.deps/fwknop-utils.Po | 1 -
318 client/Makefile | 767 ---
319 client/fwknop.8 | 676 --
320 common/Makefile | 394 --
322 config.log | 2927 ---------
323 config.status | 2119 -------
324 doc/Makefile | 703 ---
325 doc/libfko.info | 1813 ------
326 fwknop-2.0.4.tar.gz | Bin 1376603 -> 0 bytes
327 lib/.deps/base64.Plo | 1 -
328 lib/.deps/cipher_funcs.Plo | 1 -
329 lib/.deps/digest.Plo | 1 -
330 lib/.deps/fko_client_timeout.Plo | 1 -
331 lib/.deps/fko_decode.Plo | 1 -
332 lib/.deps/fko_digest.Plo | 1 -
333 lib/.deps/fko_encode.Plo | 1 -
334 lib/.deps/fko_encryption.Plo | 1 -
335 lib/.deps/fko_error.Plo | 1 -
336 lib/.deps/fko_funcs.Plo | 1 -
337 lib/.deps/fko_message.Plo | 1 -
338 lib/.deps/fko_nat_access.Plo | 1 -
339 lib/.deps/fko_rand_value.Plo | 1 -
340 lib/.deps/fko_server_auth.Plo | 1 -
341 lib/.deps/fko_timestamp.Plo | 1 -
342 lib/.deps/fko_user.Plo | 1 -
343 lib/.deps/gpgme_funcs.Plo | 1 -
344 lib/.deps/md5.Plo | 1 -
345 lib/.deps/rijndael.Plo | 1 -
346 lib/.deps/sha1.Plo | 1 -
347 lib/.deps/sha2.Plo | 1 -
348 lib/.deps/strlcat.Plo | 1 -
349 lib/.deps/strlcpy.Plo | 1 -
350 lib/Makefile | 648 --
351 libtool |10075 ------------------------------
352 server/.deps/fwknopd-access.Po | 1 -
353 server/.deps/fwknopd-config_init.Po | 1 -
354 server/.deps/fwknopd-extcmd.Po | 1 -
355 server/.deps/fwknopd-fw_util.Po | 1 -
356 server/.deps/fwknopd-fw_util_ipf.Po | 1 -
357 server/.deps/fwknopd-fw_util_ipfw.Po | 1 -
358 server/.deps/fwknopd-fw_util_iptables.Po | 1 -
359 server/.deps/fwknopd-fw_util_pf.Po | 1 -
360 server/.deps/fwknopd-fwknopd.Po | 1 -
361 server/.deps/fwknopd-fwknopd_errors.Po | 1 -
362 server/.deps/fwknopd-incoming_spa.Po | 1 -
363 server/.deps/fwknopd-log_msg.Po | 1 -
364 server/.deps/fwknopd-pcap_capture.Po | 1 -
365 server/.deps/fwknopd-process_packet.Po | 1 -
366 server/.deps/fwknopd-replay_cache.Po | 1 -
367 server/.deps/fwknopd-sig_handler.Po | 1 -
368 server/.deps/fwknopd-tcp_server.Po | 1 -
369 server/.deps/fwknopd-utils.Po | 1 -
370 server/Makefile | 995 ---
371 server/fwknopd.8 | 484 --
373 62 files changed, 1 insertion(+), 22016 deletions(-)
375 commit f544a4aeb52439a0cd74a19364659bc9d0116c5a
376 Author: Damien Stuart <dstuart@dstuart.org>
377 Date: Mon Nov 19 09:48:34 2012 -0500
379 Added the --icmp-xxxx arg descriptions to the fwknop usage message.
382 client/config_init.c | 2 ++
383 2 files changed, 6 insertions(+)
385 commit 556ca2c146a598cddada4dd8cdf3f9b12f32f202
386 Author: Damien Stuart <dstuart@dstuart.org>
387 Date: Mon Nov 19 09:30:15 2012 -0500
389 Tweaks to EXTRA_DIST. Added one missing and removed one invalid entry under the test directory.
392 client/.deps/fwknop-config_init.Po | 1 +
393 client/.deps/fwknop-fwknop.Po | 1 +
394 client/.deps/fwknop-getpasswd.Po | 1 +
395 client/.deps/fwknop-http_resolve_host.Po | 1 +
396 client/.deps/fwknop-spa_comm.Po | 1 +
397 client/.deps/fwknop-utils.Po | 1 +
398 client/Makefile | 767 +++
399 client/fwknop.8 | 676 ++
400 common/Makefile | 394 ++
402 config.log | 2927 +++++++++
403 config.status | 2119 +++++++
404 doc/Makefile | 703 +++
405 doc/libfko.info | 1813 ++++++
406 fwknop-2.0.4.tar.gz | Bin 0 -> 1376603 bytes
407 lib/.deps/base64.Plo | 1 +
408 lib/.deps/cipher_funcs.Plo | 1 +
409 lib/.deps/digest.Plo | 1 +
410 lib/.deps/fko_client_timeout.Plo | 1 +
411 lib/.deps/fko_decode.Plo | 1 +
412 lib/.deps/fko_digest.Plo | 1 +
413 lib/.deps/fko_encode.Plo | 1 +
414 lib/.deps/fko_encryption.Plo | 1 +
415 lib/.deps/fko_error.Plo | 1 +
416 lib/.deps/fko_funcs.Plo | 1 +
417 lib/.deps/fko_message.Plo | 1 +
418 lib/.deps/fko_nat_access.Plo | 1 +
419 lib/.deps/fko_rand_value.Plo | 1 +
420 lib/.deps/fko_server_auth.Plo | 1 +
421 lib/.deps/fko_timestamp.Plo | 1 +
422 lib/.deps/fko_user.Plo | 1 +
423 lib/.deps/gpgme_funcs.Plo | 1 +
424 lib/.deps/md5.Plo | 1 +
425 lib/.deps/rijndael.Plo | 1 +
426 lib/.deps/sha1.Plo | 1 +
427 lib/.deps/sha2.Plo | 1 +
428 lib/.deps/strlcat.Plo | 1 +
429 lib/.deps/strlcpy.Plo | 1 +
430 lib/Makefile | 648 ++
431 libtool |10075 ++++++++++++++++++++++++++++++
432 server/.deps/fwknopd-access.Po | 1 +
433 server/.deps/fwknopd-config_init.Po | 1 +
434 server/.deps/fwknopd-extcmd.Po | 1 +
435 server/.deps/fwknopd-fw_util.Po | 1 +
436 server/.deps/fwknopd-fw_util_ipf.Po | 1 +
437 server/.deps/fwknopd-fw_util_ipfw.Po | 1 +
438 server/.deps/fwknopd-fw_util_iptables.Po | 1 +
439 server/.deps/fwknopd-fw_util_pf.Po | 1 +
440 server/.deps/fwknopd-fwknopd.Po | 1 +
441 server/.deps/fwknopd-fwknopd_errors.Po | 1 +
442 server/.deps/fwknopd-incoming_spa.Po | 1 +
443 server/.deps/fwknopd-log_msg.Po | 1 +
444 server/.deps/fwknopd-pcap_capture.Po | 1 +
445 server/.deps/fwknopd-process_packet.Po | 1 +
446 server/.deps/fwknopd-replay_cache.Po | 1 +
447 server/.deps/fwknopd-sig_handler.Po | 1 +
448 server/.deps/fwknopd-tcp_server.Po | 1 +
449 server/.deps/fwknopd-utils.Po | 1 +
450 server/Makefile | 995 +++
451 server/fwknopd.8 | 484 ++
453 62 files changed, 22016 insertions(+), 1 deletion(-)
455 commit f499e3090011176cefdae74387e28e7f105ce37f
456 Author: Damien Stuart <dstuart@dstuart.org>
457 Date: Sun Nov 18 23:59:10 2012 -0500
459 Tweaks to fix issues with building the lib and client under Windows. Added .fwknop.last support on Windows. Bumped the lib version to 0.0.4. Fixed bug in username detection code. Removed -Werror from AM_INIT_AUTOMAKE which prevented setting of CPPFLAG for the lib build in some circumstances.
461 client/fwknop.c | 32 ++++++--------------------------
462 client/http_resolve_host.c | 2 ++
464 client/utils.h | 7 -------
465 common/common.h | 17 +++++++++++++++++
468 lib/Makefile.am | 4 ++--
469 lib/fko_decode.c | 2 +-
470 lib/fko_message.h | 11 ++---------
471 lib/fko_user.c | 17 ++++++++++-------
472 win32/libfko.vcproj | 10 +++++-----
473 12 files changed, 48 insertions(+), 59 deletions(-)
475 commit 049e1e958f3a3362e64699f0466de386d199ec26
476 Author: Michael Rash <mbr@cipherdyne.org>
477 Date: Sat Nov 17 14:06:39 2012 -0500
479 [test suite] added android_access.conf file for Android SPA test
482 1 file changed, 1 insertion(+)
484 commit 5a2150e070aebfdd2cea5faeef685b393aba38f6
485 Author: Michael Rash <mbr@cipherdyne.org>
486 Date: Thu Nov 15 22:36:29 2012 -0500
488 [test suite] minor update to not look for lib/.libs/ in --enable-recompile mode
490 test/test-fwknop.pl | 5 ++++-
492 2 files changed, 8 insertions(+), 4 deletions(-)
494 commit 9921e72d7051a159387420f94f22239e527ce42c
495 Author: Michael Rash <mbr@cipherdyne.org>
496 Date: Thu Nov 15 21:16:11 2012 -0500
498 [test suite] backwards compatibility tests
500 Added a few backwards compatibility tests for versions of fwknop going back to
501 2.0, and also added a compatibility test for an SPA packet produced by Android
504 test/conf/android_access.conf | 3 +
505 test/test-fwknop.pl | 510 +++++++++++++++++++++++++++--------------
506 2 files changed, 346 insertions(+), 167 deletions(-)
508 commit 31c3100d7f6dc3161ef4958714b99c42f0bb0051
509 Author: Michael Rash <mbr@cipherdyne.org>
510 Date: Wed Nov 14 23:46:29 2012 -0500
512 minor gcc warnings todo note for OpenBSD
515 1 file changed, 4 insertions(+)
517 commit 517f4470281a2486aa4117647e772d3b80e126c7
518 Author: Michael Rash <mbr@cipherdyne.org>
519 Date: Wed Nov 14 23:45:43 2012 -0500
521 bumped version to 2.0.4
525 android/project/jni/config.h | 6 +++---
526 android/project/jni/fwknop/fko.h | 2 +-
528 fwknop.spec | 9 ++++++---
529 iphone/Classes/config.h | 6 +++---
531 8 files changed, 17 insertions(+), 14 deletions(-)
533 commit 38d4b5cc881c6b8278b48bede30429b870538f4d
534 Author: Michael Rash <mbr@cipherdyne.org>
535 Date: Tue Nov 13 21:18:29 2012 -0500
537 minor marking text update around fuzzing packet count
539 test/test-fwknop.pl | 2 +-
540 1 file changed, 1 insertion(+), 1 deletion(-)
542 commit 02790628d4534197758b5e67b039a3ff125e90d2
543 Author: Michael Rash <mbr@cipherdyne.org>
544 Date: Tue Nov 13 21:16:27 2012 -0500
546 additional SPA validation check to ensure no non-ascii printable chars in decoded message
548 lib/fko_decode.c | 6 ++++++
549 1 file changed, 6 insertions(+)
551 commit 70afd9c2d448d84fe28874ed0a7d98a7ba6c59d2
552 Author: Michael Rash <mbr@cipherdyne.org>
553 Date: Tue Nov 13 21:12:41 2012 -0500
557 lib/fko_encode.c | 4 ++--
558 1 file changed, 2 insertions(+), 2 deletions(-)
560 commit bc58b3a15f251a2065877d25e687dee215fad3e8
561 Author: Michael Rash <mbr@cipherdyne.org>
562 Date: Mon Nov 12 21:48:26 2012 -0500
564 Added chain_exists() check to fwknopd SPA rule creation
566 Added chain_exists() check to SPA rule creation so that if any
567 of the fwknop chains are deleted out from under fwknopd they will be
568 recreated on the fly. This mitigates scenarios where fwknopd might be
569 started before a system level firewall policy is applied due to init
570 script ordering, or if an iptables policy is re-applied without
574 server/fw_util_iptables.c | 115 +++++++++++++++++++++++++++++++++------------
575 server/fw_util_iptables.h | 1 +
576 3 files changed, 91 insertions(+), 31 deletions(-)
578 commit c0349a20a3f5de7173f68de84a85faeb668cfcd5
579 Author: Michael Rash <mbr@cipherdyne.org>
580 Date: Fri Nov 9 20:42:43 2012 -0500
582 added fuzzing packet count to FKO server fuzzing test
584 test/test-fwknop.pl | 27 +++++++++++++++------------
585 1 file changed, 15 insertions(+), 12 deletions(-)
587 commit c354afb3b4acfe8f271306d01db0b29c78aea6f8
588 Author: Michael Rash <mbr@cipherdyne.org>
589 Date: Fri Nov 9 20:42:08 2012 -0500
591 minor todo reorganization
593 todo.org | 144 ++++++++++++++++++++++++++++++++------------------------------
594 1 file changed, 74 insertions(+), 70 deletions(-)
596 commit 2a3cd1abfe83f313242728753a3722a02219aa41
597 Merge: 03b222d 5ddf5af
598 Author: Michael Rash <mbr@cipherdyne.org>
599 Date: Thu Nov 8 22:25:33 2012 -0500
601 Merge branch 'master' of github.com:mrash/fwknop
603 commit 03b222dddab5c6c3101e8e61da7c1d36497e98a3
604 Author: Michael Rash <mbr@cipherdyne.org>
605 Date: Thu Nov 8 22:22:04 2012 -0500
607 [client] (Franck Joncourt) Fixed Ctrl-C problem where SPA packets were sent anyway
609 [client] (Franck Joncourt) Contributed a patch to allow the fwknop
610 client to be stopped during the password entry prompt with Ctrl-C before
611 any SPA packet is sent on the wire.
615 client/getpasswd.c | 111 +++++++++++++++++++++++++++++++---------------------
617 4 files changed, 77 insertions(+), 47 deletions(-)
619 commit 9f9910c3179e2c7a633259c0e53587ae1dac9378
620 Author: Michael Rash <mbr@cipherdyne.org>
621 Date: Thu Nov 8 22:09:23 2012 -0500
623 added blurb about Android-4.1.2
626 1 file changed, 2 insertions(+)
628 commit 16c8be2d839f742666feb776188cb18818453858
629 Author: Michael Rash <mbr@cipherdyne.org>
630 Date: Thu Nov 8 22:07:16 2012 -0500
632 minor README update for proper 4.1.2 version of Android
634 android/README | 20 ++++++++++++++++++--
635 1 file changed, 18 insertions(+), 2 deletions(-)
637 commit 585beba951de0f20635b67d032829e532cf8d22b
638 Author: Michael Rash <mbr@cipherdyne.org>
639 Date: Thu Nov 8 22:06:25 2012 -0500
641 added updated properties files for Android-4.1.2
643 android/project/build-4.1.2.properties | 16 +++++
644 android/project/nbproject/project-4.1.2.properties | 67 ++++++++++++++++++++
645 2 files changed, 83 insertions(+)
647 commit 4dd65c57611a92412cb5bdecf8a9ccea5d3ff64c
648 Author: Michael Rash <mbr@cipherdyne.org>
649 Date: Thu Nov 8 21:42:18 2012 -0500
651 minor bug fix to leverage fko_errstr() returned error string properly
653 android/project/jni/fwknop/fwknop_client.c | 2 +-
654 1 file changed, 1 insertion(+), 1 deletion(-)
656 commit e57156e57df17ac50a1ab3de1bdb33697682fd2b
657 Author: Michael Rash <mbr@cipherdyne.org>
658 Date: Thu Nov 8 21:39:21 2012 -0500
660 added fko header files for the Android client
662 android/project/jni/fwknop/fko.h | 288 ++++++++++++++++++++++++++++++
663 android/project/jni/fwknop/fko_limits.h | 64 +++++++
664 android/project/jni/fwknop/fko_message.h | 57 ++++++
665 3 files changed, 409 insertions(+)
667 commit 66ad134708e3648eb90e4b9256e7b42e3b673a13
668 Author: Michael Rash <mbr@cipherdyne.org>
669 Date: Thu Nov 8 21:33:23 2012 -0500
671 [server] Added '--pcap-file <file>' option
673 Added a new '--pcap-file <file>' option to allow pcap files to
674 be processed directly by fwknopd instead of sniffing an interface. This
675 feature is mostly intended for debugging purposes.
679 doc/fwknopd.man.asciidoc | 6 +++++
680 server/cmd_opts.h | 3 +++
681 server/config_init.c | 22 ++++++++++++---
682 server/fwknopd.conf | 17 ++++++++----
683 server/fwknopd_common.h | 1 +
684 server/incoming_spa.c | 9 ++++++-
685 server/pcap_capture.c | 53 ++++++++++++++++++++++++------------
686 test/conf/spa_replay.pcap | Bin 0 -> 910 bytes
687 test/test-fwknop.pl | 65 ++++++++++++++++++++++++++++++++++++++++++++-
689 12 files changed, 157 insertions(+), 31 deletions(-)
691 commit 7afe5b28b7cc1c560bd10e73f51b302ae96ac08e
692 Author: Michael Rash <mbr@cipherdyne.org>
693 Date: Thu Nov 8 21:03:45 2012 -0500
695 minor update to use explicit FKO_SUCCESS value in if() result check
697 lib/fko_encryption.c | 2 +-
698 1 file changed, 1 insertion(+), 1 deletion(-)
700 commit 2ae14491224d3297046fa8a21e229e65b79203fa
701 Author: Michael Rash <mbr@cipherdyne.org>
702 Date: Thu Nov 8 21:02:44 2012 -0500
704 allow '_' chars in usernames provided to libfko
706 lib/fko_user.c | 5 +++--
707 test/test-fwknop.pl | 2 ++
708 2 files changed, 5 insertions(+), 2 deletions(-)
710 commit 5ddf5afec6c691d96406144611c0a3ce16b40284
711 Author: Damien Stuart <dstuart@dstuart.org>
712 Date: Thu Nov 8 19:41:46 2012 -0500
714 Ignore trailing whitespace on .fwknoprc directives
716 client/config_init.c | 2 +-
717 1 file changed, 1 insertion(+), 1 deletion(-)
719 commit 36630694fd66f8a2f55336c9d32c0f51022a0714
720 Author: Michael Rash <mbr@cipherdyne.org>
721 Date: Mon Nov 5 20:39:03 2012 -0500
723 Additional todo tasks
725 todo.org | 11 +++++++++++
726 1 file changed, 11 insertions(+)
728 commit 575e6961642dad2076fc74315f25a6860a5d2a57
729 Author: Michael Rash <mbr@cipherdyne.org>
730 Date: Mon Nov 5 20:38:34 2012 -0500
732 [test suite] added pinentry check for gpg tests that have keys that require associated passphrases
735 test/test-fwknop.pl | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++-
736 2 files changed, 54 insertions(+), 1 deletion(-)
738 commit 5c1979e16a8c1a403e88b94743697d9ba3fe0a0b
739 Author: Michael Rash <mbr@cipherdyne.org>
740 Date: Sun Nov 4 22:13:52 2012 -0500
742 Added test suite config file: disable_aging_nat_fwknopd.conf
744 test/conf/disable_aging_nat_fwknopd.conf | 6 ++++++
745 1 file changed, 6 insertions(+)
747 commit 231be81f5bfc1dab10e1e82ee58a611bd06ded0b
748 Author: Michael Rash <mbr@cipherdyne.org>
749 Date: Sat Nov 3 23:11:24 2012 -0400
751 bug fix to include multi-gpg ID no password test
754 test/conf/multi_gpg_no_pw_access.conf | 7 +++++++
755 test/test-fwknop.pl | 3 ++-
756 3 files changed, 10 insertions(+), 1 deletion(-)
758 commit df2bb3e3fd813cba2f9c46723411b0a805b06c70
759 Merge: dbf6dc8 66467e9
760 Author: Michael Rash <mbr@cipherdyne.org>
761 Date: Sat Nov 3 19:00:56 2012 -0400
763 Merge branch 'master' of github.com:mrash/fwknop
765 commit 66467e94492e85e80b09bd2edae3252e5a144453
766 Merge: 28b2787 daa692c
767 Author: Michael Rash <michael.rash@gmail.com>
768 Date: Sat Nov 3 16:00:57 2012 -0700
770 Merge pull request #11 from tomyuk/master
772 add missing include files to lib/Makefile.am
774 commit dbf6dc884676971a13042edad59d61e6925c0f21
775 Author: Michael Rash <mbr@cipherdyne.org>
776 Date: Sat Nov 3 18:09:12 2012 -0400
778 --enable-recompile try raw make if sudo make fails
780 test/test-fwknop.pl | 7 +++++--
781 1 file changed, 5 insertions(+), 2 deletions(-)
783 commit 5218e52f9abb05b6d31f5ecaee3dc95d440aec3c
784 Author: Michael Rash <mbr@cipherdyne.org>
785 Date: Sat Nov 3 16:50:26 2012 -0400
787 added run-test-suite.sh LD_LIBRARY_PATH wrapper
790 test/README | 17 +++++++++++++++++
791 test/run-test-suite.sh | 14 ++++++++++++++
792 3 files changed, 33 insertions(+)
794 commit daa692caf7bbcc0e5f3b755733a7bd89c57aa8f2
795 Author: Tomoyuki Kano <tomo@appletz.jp>
796 Date: Sat Nov 3 19:08:10 2012 +0900
798 Added missing include files
800 fwknop.spec | 5 +++++
801 1 file changed, 5 insertions(+)
803 commit cf783e075e124ae74a4c20b035902d58df58d6f5
804 Author: Tomoyuki Kano <tomo@appletz.jp>
805 Date: Sat Nov 3 19:03:48 2012 +0900
807 add missing include files to lib/Makefile.am
809 lib/Makefile.am | 2 +-
810 1 file changed, 1 insertion(+), 1 deletion(-)
812 commit 28b2787001a572397b0199a307447b37c64b49e9
813 Author: Michael Rash <mbr@cipherdyne.org>
814 Date: Fri Nov 2 21:07:23 2012 -0400
816 bug fix to include cmd_access.conf in Makefile.am
819 1 file changed, 1 insertion(+)
821 commit 7db2d1e796bba7af393e2d5c40db65b95fcee066
822 Author: Michael Rash <mbr@cipherdyne.org>
823 Date: Wed Oct 31 21:37:55 2012 -0400
825 [client+server] Added --disable-gpg to the autoconf config
827 Added --disable-gpg to the autoconf ./configure script
828 via configure.ac. This makes it easy to not have fwknop/fwknopd
829 link against libgpgme even if it is installed on the local system.
832 configure.ac | 118 ++++++++++++++++++++++++++++++++--------------------------
834 3 files changed, 75 insertions(+), 56 deletions(-)
836 commit 8ee9999cbd5b97d9b773f9cbcb84c33ab3c689de
837 Author: Michael Rash <mbr@cipherdyne.org>
838 Date: Tue Oct 30 22:39:36 2012 -0400
840 added fuzzing patches from the test/fuzzing/patches/ directory
842 Makefile.am | 9 +++++++++
843 1 file changed, 9 insertions(+)
845 commit f488a8d75d94fdd484e31971c187bd593dc15cc6
846 Author: Michael Rash <mbr@cipherdyne.org>
847 Date: Tue Oct 30 22:03:40 2012 -0400
849 added '-Wformat -Wformat-security' to compile args - no associated warnings in current code
851 configure.ac | 4 ++--
852 1 file changed, 2 insertions(+), 2 deletions(-)
854 commit e103bdf4b005d2a6ef36e9ec67a422dee0cb8bf0
855 Author: Michael Rash <mbr@cipherdyne.org>
856 Date: Tue Oct 30 21:40:21 2012 -0400
858 Updated build CFLAGS and LDFLAGS for PIE support similar to Debian hardening-includes
860 The Debian hardening-includes package sets CFLAGS and LDFLAGS as follows for PIE support:
862 _HARDENED_PIE_CFLAGS := -fPIE
863 _HARDENED_PIE_LDFLAGS := -fPIE -pie
865 The configure.ac file has been updated to conform to the above.
869 2 files changed, 5 insertions(+), 1 deletion(-)
871 commit 8c3a67377e479fd41b7e540c7d909a8f00973f79
872 Author: Michael Rash <mbr@cipherdyne.org>
873 Date: Tue Oct 30 21:23:30 2012 -0400
875 [test suite] bug fix to ensure binary existence check in build security tests
877 test/test-fwknop.pl | 30 +++++++++++++++---------------
878 1 file changed, 15 insertions(+), 15 deletions(-)
880 commit aa74fa3eeddac5906e042ed0cc73a12caac9f1a8
881 Author: Michael Rash <mbr@cipherdyne.org>
882 Date: Sun Oct 28 23:31:09 2012 -0400
884 minor fuzzing README update
886 test/fuzzing/README | 20 ++++++++++++--------
887 1 file changed, 12 insertions(+), 8 deletions(-)
889 commit cefac6275b4dce8390e6719e451950f4ac0522cc
890 Author: Michael Rash <mbr@cipherdyne.org>
891 Date: Sat Oct 27 22:45:28 2012 -0400
893 added non digit rand val fuzzing encoding tests
895 test/fuzzing/fuzzing_spa_packets | 30 ++++++++++++++++++++
896 .../patches/encoding_non_digit_rand_val.patch | 13 +++++++++
897 2 files changed, 43 insertions(+)
899 commit dced7c6a775c0478501ff969e9ba3aeae4343021
900 Author: Michael Rash <mbr@cipherdyne.org>
901 Date: Sat Oct 27 22:34:52 2012 -0400
903 added fuzzing encoding strip eq return packets
905 test/fuzzing/fuzzing_spa_packets | 30 ++++++++++++++++++++
906 .../fuzzing/patches/encoding_strip_eq_return.patch | 12 ++++++++
907 2 files changed, 42 insertions(+)
909 commit 4b25e1e24270ac6c26796cfe07c0d0eec41fda0f
910 Author: Michael Rash <mbr@cipherdyne.org>
911 Date: Sat Oct 27 22:28:33 2012 -0400
913 added encoding_append_b64_modified_byte equals sign fuzzing encoding tests
915 test/fuzzing/fuzzing_spa_packets | 30 ++++++++++++++++++++
916 .../encoding_append_b64_modified_byte_eq.patch | 13 +++++++++
917 2 files changed, 43 insertions(+)
919 commit 807dd315e55615f5ade91feb6d53d0b517a74268
920 Author: Michael Rash <mbr@cipherdyne.org>
921 Date: Sat Oct 27 22:07:40 2012 -0400
923 added encoding_append_b64_modified_byte fuzzing encoding tests
925 test/fuzzing/fuzzing_spa_packets | 30 ++++++++++++++++++++
926 .../encoding_append_b64_modified_byte.patch | 13 +++++++++
927 2 files changed, 43 insertions(+)
929 commit 03255a55479a8f8b1ed1ba23f4fddc0cd3d642da
930 Author: Michael Rash <mbr@cipherdyne.org>
931 Date: Fri Oct 26 23:13:41 2012 -0400
933 added non-base64 char to access msg for fuzzing encoding tests
935 test/fuzzing/fuzzing_spa_packets | 30 ++++++++++++++++++++
936 .../patches/encoding_non_b64_access_msg.patch | 12 ++++++++
937 2 files changed, 42 insertions(+)
939 commit f3c9f49a67be17948bbb89f3b17581ac793be91f
940 Author: Michael Rash <mbr@cipherdyne.org>
941 Date: Fri Oct 26 23:07:35 2012 -0400
943 added fuzzing encoding packets (extra colon 3)
945 test/fuzzing/fuzzing_spa_packets | 30 ++++++++++++++++++++++
946 test/fuzzing/patches/encoding_extra_colon3.patch | 13 ++++++++++
947 2 files changed, 43 insertions(+)
949 commit e89338c4316e2fa207c10f5a83cc984459346e22
950 Author: Michael Rash <mbr@cipherdyne.org>
951 Date: Fri Oct 26 23:06:09 2012 -0400
953 added fuzzing encoding packets (extra colon 2)
955 test/fuzzing/fuzzing_spa_packets | 30 ++++++++++++++++++++++
956 test/fuzzing/patches/encoding_extra_colon2.patch | 13 ++++++++++
957 2 files changed, 43 insertions(+)
959 commit 69ed7ee6357780cfbb5b2715ff63cf4d2a4b5c62
960 Author: Michael Rash <mbr@cipherdyne.org>
961 Date: Fri Oct 26 21:47:08 2012 -0400
963 added fuzzing encoding packets (extra colon 1)
965 test/fuzzing/fuzzing_spa_packets | 30 ++++++++++++++++++++++
966 test/fuzzing/patches/encoding_extra_colon1.patch | 13 ++++++++++
967 2 files changed, 43 insertions(+)
969 commit 37048f359dc556177360be7f7dd4d51810eb9251
970 Author: Michael Rash <mbr@cipherdyne.org>
971 Date: Fri Oct 26 21:43:24 2012 -0400
973 added in new test/fuzzing/patches/ files
975 Makefile.am | 14 ++++++++++----
976 1 file changed, 10 insertions(+), 4 deletions(-)
978 commit 830996b3ac7723daed3c196378e45aab54ea9612
979 Author: Michael Rash <mbr@cipherdyne.org>
980 Date: Fri Oct 26 15:52:09 2012 -0400
982 added non-base64 encoding fuzzing packets
984 test/fuzzing/fuzzing_spa_packets | 30 ++++++++++++++++++++++++++++++
985 1 file changed, 30 insertions(+)
987 commit ac38f8d9938146775bb336f5a8b7680492b81102
988 Author: Michael Rash <mbr@cipherdyne.org>
989 Date: Fri Oct 26 15:36:08 2012 -0400
991 [libfko] bug fix to check b64_decode() return value
993 Bug fix to check b64_decode() return value to ensure that
994 non-base64 encoded data is never used. Even though other validation
995 routines checked decoded results, it is important to discard invalid
996 data as early as possible. Note too that such invalid data would only
997 be provided to b64_decode() after proper decryption, so the client must
998 provide authentic SPA data.
1000 ChangeLog | 8 +++++++-
1001 lib/fko_decode.c | 30 +++++++++++++++++++++++++-----
1002 lib/fko_encryption.c | 6 ++++--
1003 3 files changed, 36 insertions(+), 8 deletions(-)
1005 commit 60083cc272d05db77303971845b013aa59eb0ed2
1006 Author: Michael Rash <mbr@cipherdyne.org>
1007 Date: Thu Oct 25 22:12:47 2012 -0400
1009 added rm colon5 fuzzing packets
1011 test/fuzzing/fuzzing_spa_packets | 30 ++++++++++++++++++++++++++++++
1012 1 file changed, 30 insertions(+)
1014 commit 3ae583813c2bb61d7b04c8e601f88ce2cc8f7550
1015 Author: Michael Rash <mbr@cipherdyne.org>
1016 Date: Thu Oct 25 22:04:09 2012 -0400
1018 added fuzzing encoding test that removes colon #5
1020 test/fuzzing/patches/encoding_rm_colon5.patch | 13 +++++++++++++
1021 1 file changed, 13 insertions(+)
1023 commit 91596f4450c55622072a31178f2631ea6d8f25e4
1024 Author: Michael Rash <mbr@cipherdyne.org>
1025 Date: Thu Oct 25 22:01:12 2012 -0400
1027 added fuzzing encoding test that removes colon #4
1029 test/fuzzing/fuzzing_spa_packets | 30 +++++++++++++++++++++++++
1030 test/fuzzing/patches/encoding_rm_colon4.patch | 13 +++++++++++
1031 2 files changed, 43 insertions(+)
1033 commit ef635d57e3059aee507fe04bf1e8d294f6829c49
1034 Author: Michael Rash <mbr@cipherdyne.org>
1035 Date: Thu Oct 25 21:57:40 2012 -0400
1037 added test/fuzzing/patches/encoding_rm_colon1.patch file
1039 test/fuzzing/patches/encoding_rm_colon1.patch | 13 +++++++++++++
1040 1 file changed, 13 insertions(+)
1042 commit 165e618bade067b9bda6b188fab12ec602b1a470
1043 Author: Michael Rash <mbr@cipherdyne.org>
1044 Date: Thu Oct 25 21:55:01 2012 -0400
1046 Added fuzzing encoding tests that remove the 2nd and 3rd colons
1048 test/fuzzing/fuzzing_spa_packets | 60 +++++++++++++++++++++++++
1049 test/fuzzing/patches/encoding_rm_colon2.patch | 13 ++++++
1050 test/fuzzing/patches/encoding_rm_colon3.patch | 13 ++++++
1051 3 files changed, 86 insertions(+)
1053 commit f6b0d23c1ca401846d53eb069a6344a194b2c91b
1054 Author: Michael Rash <mbr@cipherdyne.org>
1055 Date: Thu Oct 25 21:37:52 2012 -0400
1057 Added fuzzing spa packet generation for invalid encodings
1059 This commit adds the ability to generate SPA packets that are valid except for
1060 the last encoding step before encryption. This is independent of supplying
1061 invalid data for SPA packet fields. To invoke the test suite in this mode,
1064 # ./test-fwknop.pl --enable-perl-module-pkt-gen --fuzzing-test-tag "encoded_colon1_missing" --fuzzing-class encoding
1066 This assumes that lib/fko_encode.c has been patched to subvert the encoding
1067 step itself before encryption. In this case, the first colon after the random
1070 test/fuzzing/fuzzing_spa_packets | 30 +++++
1071 test/test-fwknop.pl | 251 ++++++++++++++++++++++++++++++++++----
1072 2 files changed, 256 insertions(+), 25 deletions(-)
1074 commit b3889289b39409119d6da96441f21fcf3f868bbb
1075 Author: Michael Rash <mbr@cipherdyne.org>
1076 Date: Thu Oct 25 00:42:02 2012 -0400
1078 added non-base64 user character fuzzing SPA packets
1080 test/fuzzing/fuzzing_spa_packets | 169 ++++++++++++++++++++++++++
1081 test/fuzzing/patches/non_b64_user_char.patch | 12 ++
1082 2 files changed, 181 insertions(+)
1084 commit d16643affa9579135e99c7eaf374bc58f78455e7
1085 Author: Michael Rash <mbr@cipherdyne.org>
1086 Date: Thu Oct 25 00:29:01 2012 -0400
1088 added extra_timestamp_digit fuzzing SPA packets
1090 test/fuzzing/fuzzing_spa_packets | 169 ++++++++++++++++++++++
1091 test/fuzzing/patches/extra_timestamp_digit.patch | 13 ++
1092 2 files changed, 182 insertions(+)
1094 commit e8312c26b9012bc99e22ccf9e19e1629903d3c75
1095 Author: Michael Rash <mbr@cipherdyne.org>
1096 Date: Thu Oct 25 00:24:19 2012 -0400
1098 added colon_1_to_a fuzzing SPA packets
1100 test/fuzzing/fuzzing_spa_packets | 169 ++++++++++++++++++++++++++++++++++++++
1101 1 file changed, 169 insertions(+)
1103 commit de512e7d8f2bf763ba9258222300900e380621c1
1104 Author: Michael Rash <mbr@cipherdyne.org>
1105 Date: Thu Oct 25 00:20:55 2012 -0400
1107 added fuzzing/README file
1109 test/fuzzing/README | 44 ++++++++++++++++++++++++++++++++++++++++++++
1110 1 file changed, 44 insertions(+)
1112 commit 6a649e26e71ecf1a413b8bed218d160cd6fd191e
1113 Author: Michael Rash <mbr@cipherdyne.org>
1114 Date: Thu Oct 25 00:20:08 2012 -0400
1116 easier SPA fuzzing packet generation and importing
1118 test/fuzzing/bogus_spa_packets | 166 -----
1119 test/fuzzing/fuzzing_spa_packets | 1352 ++++++++++++++++++++++++++++++++++++++
1120 test/test-fwknop.pl | 237 ++++---
1121 3 files changed, 1514 insertions(+), 241 deletions(-)
1123 commit 627035fb22ac375d19cdde3b132f2d7fa85fcbe7
1124 Author: Michael Rash <mbr@cipherdyne.org>
1125 Date: Tue Oct 23 21:47:56 2012 -0400
1127 Patch from Franck Joncourt for setting permissions via open()
1129 [client+server] Applied patch from Franck Joncourt to remove unnecessary
1130 chmod() call when creating client rc file and server replay cache file.
1131 The permissions are now set appropriately via open(), and at the same
1132 time this patch fixes a potential race condition since the previous code
1133 used fopen() followed by chmod().
1137 client/config_init.c | 23 +++++++++++++++++++----
1138 client/fwknop.c | 36 +++++++++++++++++++++---------------
1139 client/utils.c | 18 ------------------
1140 client/utils.h | 1 -
1141 server/replay_cache.c | 30 +++++++++++++++++++++---------
1142 server/utils.c | 15 ---------------
1143 server/utils.h | 1 -
1144 9 files changed, 71 insertions(+), 63 deletions(-)
1146 commit 52d023ec60a37e07f8de678fe46b2275375c1b60
1147 Author: Michael Rash <mbr@cipherdyne.org>
1148 Date: Mon Oct 22 20:31:19 2012 -0400
1150 added validate_username() call to SPA packet encoding routine
1152 lib/fko_encode.c | 2 +-
1153 1 file changed, 1 insertion(+), 1 deletion(-)
1155 commit 23eefbdefad378892f2abe89bdd16c73d092f6ea
1156 Author: Michael Rash <mbr@cipherdyne.org>
1157 Date: Mon Oct 22 20:30:42 2012 -0400
1159 added MIPS compilation bug for todo.org tracking
1161 todo.org | 43 ++++++++++++++++++++++++++++++++++++-------
1162 1 file changed, 36 insertions(+), 7 deletions(-)
1164 commit 691d9503ee79ca3abdff5eb0083a148791e111a8
1165 Author: Michael Rash <mbr@cipherdyne.org>
1166 Date: Fri Oct 19 22:14:24 2012 -0400
1168 added test/fuzzing/ directory for fuzzing data and patches
1171 test/bogus_spa_packets | 166 --------------------
1172 test/fuzzing/bogus_spa_packets | 166 ++++++++++++++++++++
1173 .../patches/enable_perl_fko_bogus_packets.patch | 104 ++++++++++++
1174 test/fuzzing/patches/invalid_access_format.patch | 40 +++++
1175 ...nvalid_long_proto_define_enc_mode_trigger.patch | 13 ++
1176 ...nvalid_long_proto_define_rijndael_trigger.patch | 13 ++
1177 test/fuzzing/patches/long_ip.patch | 13 ++
1178 test/test-fwknop.pl | 2 +-
1179 9 files changed, 357 insertions(+), 167 deletions(-)
1181 commit 95001b7da8f06ee14662b3fc7a4c3516fa15f8dc
1182 Author: Michael Rash <mbr@cipherdyne.org>
1183 Date: Fri Oct 19 22:11:27 2012 -0400
1185 minor ChangeLog updates
1187 ChangeLog | 20 ++++++++++++++------
1188 1 file changed, 14 insertions(+), 6 deletions(-)
1190 commit 54297086baac78292415a66d81db4681888924cc
1191 Author: Michael Rash <mbr@cipherdyne.org>
1192 Date: Thu Oct 18 23:10:02 2012 -0400
1194 fixed --enable-recompile argument for OpenBSD
1196 test/test-fwknop.pl | 37 +++++++++++++++++++++++++++----------
1197 1 file changed, 27 insertions(+), 10 deletions(-)
1199 commit 3eaa7dcb5f375b9cda4e509def5e0f4d3e497853
1200 Author: Michael Rash <mbr@cipherdyne.org>
1201 Date: Thu Oct 18 23:01:54 2012 -0400
1203 added libfko validate_username() for decrypted SPA data
1205 lib/Makefile.am | 4 ++--
1206 lib/fko_common.h | 1 +
1207 lib/fko_decode.c | 5 +++++
1208 lib/fko_user.c | 32 +++++++++++++++++++++++---------
1209 lib/fko_user.h | 41 +++++++++++++++++++++++++++++++++++++++++
1210 test/bogus_spa_packets | 2 --
1211 6 files changed, 72 insertions(+), 13 deletions(-)
1213 commit 692e336880e22aef35204705b49b3be39853123f
1214 Author: Michael Rash <mbr@cipherdyne.org>
1215 Date: Thu Oct 18 22:24:48 2012 -0400
1217 added 'Rejected' messages to test output for bogus SPA packet perl FKO tests
1219 test/test-fwknop.pl | 7 +++++--
1220 1 file changed, 5 insertions(+), 2 deletions(-)
1222 commit d5c3fc4b1c3f333f7f85bf9ef7fb0d29f0558ca9
1223 Author: Michael Rash <mbr@cipherdyne.org>
1224 Date: Thu Oct 18 22:24:11 2012 -0400
1226 removed non-SPA packet lines
1228 test/bogus_spa_packets | 3 ---
1229 1 file changed, 3 deletions(-)
1231 commit cc58adc7fc505273d08bea805154084b8e34aa90
1232 Author: Michael Rash <mbr@cipherdyne.org>
1233 Date: Thu Oct 18 22:08:38 2012 -0400
1235 added bogus_spa_packets file for perl FKO fuzzing tests
1237 test/bogus_spa_packets | 171 +++++++++++++++++++++++++++++++
1238 test/test-fwknop.pl | 266 ++++++++++++++++++++++++++++++++++++++++++++++--
1239 2 files changed, 429 insertions(+), 8 deletions(-)
1241 commit b218977c61b60f6c0f2d63af4ab4747be61cc0eb
1242 Author: Michael Rash <mbr@cipherdyne.org>
1243 Date: Tue Oct 16 21:23:43 2012 -0400
1245 continued validation code driven by perl FKO module
1247 test/test-fwknop.pl | 253 +++++++++++++++++++++++++++++++++++++++++++++------
1248 1 file changed, 223 insertions(+), 30 deletions(-)
1250 commit e0d86f9a336f5b203106c1e24c2151f7001b7d49
1251 Author: Michael Rash <mbr@cipherdyne.org>
1252 Date: Mon Oct 15 20:52:23 2012 -0400
1254 [libfko] validation of NAT access strings
1256 Added validation of NAT access strings in the various NAT modes in libfko.
1257 This applies to both the client and server, and test suite support was added
1262 lib/fko_decode.c | 6 ++
1263 lib/fko_message.c | 223 +++++++++++++++++++++++++++-----------------------
1264 lib/fko_message.h | 3 +-
1265 lib/fko_nat_access.c | 5 ++
1266 test/test-fwknop.pl | 120 ++++++++++++++++++++++++++-
1267 7 files changed, 252 insertions(+), 108 deletions(-)
1269 commit bf22778ada205da8bafde8347cd25e3a95f22b9e
1270 Author: Michael Rash <mbr@cipherdyne.org>
1271 Date: Sat Oct 13 14:08:38 2012 -0400
1273 added perl FKO module client timeout test
1275 test/test-fwknop.pl | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++
1276 1 file changed, 57 insertions(+)
1278 commit 1910cd1ecf1cf5da308818dcf5432aa9c4588b51
1279 Author: Michael Rash <mbr@cipherdyne.org>
1280 Date: Sat Oct 13 11:38:23 2012 -0400
1282 additional perl FKO module access message test strings
1284 test/test-fwknop.pl | 14 +++++++++++++-
1285 1 file changed, 13 insertions(+), 1 deletion(-)
1287 commit e24cfd014d8314c56c7d034e4acb6664bbe01168
1288 Author: Michael Rash <mbr@cipherdyne.org>
1289 Date: Sat Oct 13 11:31:31 2012 -0400
1291 added perl FKO module cmd mode tests
1293 test/test-fwknop.pl | 136 +++++++++++++++++++++++++++++++++++++++++++++++----
1294 1 file changed, 126 insertions(+), 10 deletions(-)
1296 commit 5112704ed92b0d86734bc7ca713c77f1de9ba915
1297 Author: Michael Rash <mbr@cipherdyne.org>
1298 Date: Fri Oct 12 23:52:14 2012 -0400
1300 started on fuzzing tests with the perl FKO module
1302 test/test-fwknop.pl | 394 ++++++++++++++++++++++++++++++++++++++++++++++++++-
1303 1 file changed, 389 insertions(+), 5 deletions(-)
1305 commit 402c7033d50be4b8faa430002f42ebf894539a6d
1306 Author: Michael Rash <mbr@cipherdyne.org>
1307 Date: Fri Oct 12 23:51:28 2012 -0400
1309 force usernames to be alpha numeric chars and dashes
1311 lib/fko_user.c | 10 ++++++++++
1312 1 file changed, 10 insertions(+)
1314 commit c047dca50d05cfe52b6b31d11c8b237643af4e62
1315 Author: Michael Rash <mbr@cipherdyne.org>
1316 Date: Thu Oct 11 23:50:16 2012 -0400
1318 minor todo.org update to set icmp type/code task to completed
1320 todo.org | 7 ++++---
1321 1 file changed, 4 insertions(+), 3 deletions(-)
1323 commit e4751d1c20796f95ca20a07abf49094d55b36160
1324 Author: Michael Rash <mbr@cipherdyne.org>
1325 Date: Thu Oct 11 23:40:04 2012 -0400
1327 added icmp type/code blurb
1330 client/cmd_opts.h | 4 ++++
1331 client/config_init.c | 19 +++++++++++++++++++
1332 client/fwknop_common.h | 3 +++
1333 client/spa_comm.c | 16 +++++++++++-----
1334 common/common.h | 3 +++
1335 doc/fwknop.man.asciidoc | 8 ++++++++
1336 lib/fko_encryption.c | 4 ++--
1337 test/test-fwknop.pl | 15 +++++++++++++++
1338 todo.org | 7 +++++++
1339 10 files changed, 77 insertions(+), 7 deletions(-)
1341 commit 67f5d1f1e9aea0c45c2da118c07c16a4bc70dae6
1342 Author: Michael Rash <mbr@cipherdyne.org>
1343 Date: Thu Oct 11 23:36:50 2012 -0400
1345 Applied perl FKO module libfko path patch from Franck Joncourt
1347 Applied patch from Franck Joncourt to have the perl FKO module link
1348 against libfko in the local directory (if it exists) so that it doesn't
1349 have to have libfko completely installed in /usr/lib/. This allows the
1350 test suite to run FKO tests without installing libfko.
1352 Added the ability to the test suite to compile, install, and run some
1353 basic tests against the perl FKO module.
1357 perl/FKO/Makefile.PL | 5 +-
1358 test/test-fwknop.pl | 178 ++++++++++++++++++++++++++++++++++++++++++++++++++
1359 4 files changed, 189 insertions(+), 2 deletions(-)
1361 commit 6f356a96844214da616ad3b3a994d4d37cd9ed77
1362 Author: Michael Rash <mbr@cipherdyne.org>
1363 Date: Mon Oct 8 22:06:33 2012 -0400
1365 Added Sean Greven for his FreeBSD port
1368 1 file changed, 4 insertions(+)
1370 commit d0189b6b7e7c57b7bd08a264246c624033dc69c3
1371 Author: Michael Rash <mbr@cipherdyne.org>
1372 Date: Sun Oct 7 15:11:53 2012 -0400
1374 minor addition of newline before each chain list in --fw-list mode
1376 server/fw_util_iptables.c | 2 ++
1377 1 file changed, 2 insertions(+)
1379 commit 845f81804f47c7fe7addc6e673bbdb4f77467b80
1380 Author: Michael Rash <mbr@cipherdyne.org>
1381 Date: Fri Oct 5 16:12:03 2012 -0400
1383 added test/conf/tcp_server_fwknopd.conf file
1386 1 file changed, 1 insertion(+)
1388 commit 66741b3d81ab8afa6e2c8a98a66efa2bfb22604d
1389 Author: Michael Rash <mbr@cipherdyne.org>
1390 Date: Thu Oct 4 21:05:55 2012 -0400
1392 Added a test for SPA over TCP
1394 test/conf/tcp_server_fwknopd.conf | 7 +++++++
1395 test/test-fwknop.pl | 18 ++++++++++++++++++
1396 2 files changed, 25 insertions(+)
1398 commit ecce80b92bd201fc02a40506128911bfadf8e81b
1399 Author: Michael Rash <mbr@cipherdyne.org>
1400 Date: Thu Oct 4 21:05:22 2012 -0400
1402 [client] for spoofed SPA packets over ICMP, switche back to sending over echo reply
1404 client/spa_comm.c | 2 +-
1405 1 file changed, 1 insertion(+), 1 deletion(-)
1407 commit aceb501eca940b005b80b719b5bb718625ea38af
1408 Author: Michael Rash <mbr@cipherdyne.org>
1409 Date: Wed Oct 3 22:58:06 2012 -0400
1411 minor replay warning msg fix to not include newlines (better for syslog)
1413 server/replay_cache.c | 18 +++++++++---------
1414 1 file changed, 9 insertions(+), 9 deletions(-)
1416 commit 229a36625b24c01d5883d65586dff7670c467064
1417 Author: Michael Rash <mbr@cipherdyne.org>
1418 Date: Wed Oct 3 22:56:10 2012 -0400
1420 Better IP spoofing support (udpraw and icmp)
1422 - [client] Added '-P udpraw' to allow the client to send SPA packets over
1423 UDP with a spoofed source IP address. This is in addition to the
1424 original 'tcpraw' and 'icmp' protocols that also support a spoofed
1426 - [server] Bug fix to accept SPA packets over ICMP if the fwknop client
1427 is executed with '-P icmp' and the user has the required privileges.
1431 client/config_init.c | 4 +-
1432 client/spa_comm.c | 106 ++++++++++++++++++++++++++++++-
1433 common/common.h | 1 +
1434 doc/fwknop.man.asciidoc | 10 +--
1435 server/process_packet.c | 15 ++++-
1436 test/conf/icmp_pcap_filter_fwknopd.conf | 5 ++
1437 test/conf/tcp_pcap_filter_fwknopd.conf | 5 ++
1438 test/test-fwknop.pl | 50 +++++++++++++++
1439 10 files changed, 195 insertions(+), 9 deletions(-)
1441 commit bb1743d25dc8145252b0e8a90d81766a957dc45a
1442 Author: Michael Rash <mbr@cipherdyne.org>
1443 Date: Tue Oct 2 23:22:15 2012 -0400
1445 [server] Switched upstart config to use 'expect' section
1447 This change allows fwknopd to write syslog messages to traditional syslog files
1448 while running under upstart. Not forking into the background resulted in
1449 messages meant for syslog were captured under /var/log/upstart/fwknop.log.
1451 extras/upstart/fwknop.conf | 4 +++-
1452 1 file changed, 3 insertions(+), 1 deletion(-)
1454 commit 1828f51b90a925a296d72406f0b8dfb1cfe7e7b1
1455 Author: Michael Rash <mbr@cipherdyne.org>
1456 Date: Tue Oct 2 23:20:47 2012 -0400
1458 [server] GPG_ALLOW_NO_PW + no KEY bug fix
1460 Bug fix to allow GPG_ALLOW_NO_PW to result in not also having to specify a
1464 server/access.c | 3 ++-
1465 test/conf/gpg_no_pw_access.conf | 1 -
1466 todo.org | 7 +++++++
1467 4 files changed, 11 insertions(+), 2 deletions(-)
1469 commit 2aff47c7a24fdf7733b0b1c520dbbbf1896067d7
1470 Author: Michael Rash <mbr@cipherdyne.org>
1471 Date: Mon Oct 1 22:49:45 2012 -0400
1473 minor fwknopd man page fixes
1475 doc/fwknopd.man.asciidoc | 5 +++--
1476 1 file changed, 3 insertions(+), 2 deletions(-)
1478 commit 1f4ca20f762881bcbc6202e6b4f20ef4a802799a
1479 Author: Michael Rash <mbr@cipherdyne.org>
1480 Date: Sat Sep 29 21:58:04 2012 -0400
1482 [server] upstart config change to start on network device up
1484 For the upstart config make sure only start fwknopd after a non-loopback
1485 network interface is brought up. Also added a commented post-start script
1486 to send an email whenever fwknopd is (re)started.
1488 extras/upstart/fwknop.conf | 10 +++++++++-
1489 1 file changed, 9 insertions(+), 1 deletion(-)
1491 commit e37409c25092dfe3938dbbf813d19b3d74597f08
1492 Author: Michael Rash <mbr@cipherdyne.org>
1493 Date: Thu Sep 27 22:01:54 2012 -0400
1495 Added blurb about the new upstart config
1498 1 file changed, 3 insertions(+)
1500 commit f7472bec0fd6c270d1dd9e08bdc9f9188c8a5f84
1501 Author: Michael Rash <mbr@cipherdyne.org>
1502 Date: Thu Sep 27 21:58:38 2012 -0400
1504 Added upstart config for Ubuntu systems
1506 fwknop can be easily managed with upstart with the addition of this config.
1509 # service fwknop start
1510 fwknop start/running, process 4269
1513 extras/upstart/fwknop.conf | 15 +++++++++++++++
1514 todo.org | 9 ++++++---
1515 3 files changed, 22 insertions(+), 3 deletions(-)
1517 commit 91e7b210544375c03753ff4cdd43fe2032247294
1518 Author: Michael Rash <mbr@cipherdyne.org>
1519 Date: Thu Sep 27 21:57:39 2012 -0400
1521 added log output for the sniffing interface
1523 server/pcap_capture.c | 5 ++++-
1524 1 file changed, 4 insertions(+), 1 deletion(-)
1526 commit 4c852c133b767dfc95f9d103a5f137050037e9da
1527 Author: Michael Rash <mbr@cipherdyne.org>
1528 Date: Mon Sep 24 22:15:33 2012 -0400
1530 [todo] client/server tests
1533 1 file changed, 3 insertions(+)
1535 commit 61021e0f23e795a0442c1a1f599d32c3437e2a2b
1536 Author: Michael Rash <mbr@cipherdyne.org>
1537 Date: Mon Sep 24 22:15:01 2012 -0400
1539 minor print status update in --Anonymize mode
1541 test/test-fwknop.pl | 4 ++++
1542 1 file changed, 4 insertions(+)
1544 commit 96609e280c1d1e99f9d29bd646e7ae16f20035a0
1545 Author: Michael Rash <mbr@cipherdyne.org>
1546 Date: Mon Sep 24 21:33:41 2012 -0400
1548 added mbr@cipherdyne.org to bug email list
1550 doc/fwknop.man.asciidoc | 4 ++--
1551 doc/fwknopd.man.asciidoc | 4 ++--
1552 2 files changed, 4 insertions(+), 4 deletions(-)
1554 commit 05eb19738a5363cdcc97c431eb84a1f1db8dbbee
1555 Author: Michael Rash <mbr@cipherdyne.org>
1556 Date: Thu Sep 13 21:25:43 2012 -0400
1558 added the OpenBSD port from Vlad
1561 1 file changed, 2 insertions(+)
1563 commit 2b09f048f7d0a05633ef82edb9c663a754f6452a
1564 Author: Michael Rash <mbr@cipherdyne.org>
1565 Date: Thu Sep 13 21:24:54 2012 -0400
1567 (Vlad Glagolev) Submitted an OpenBSD port for fwknop-2.0.3
1569 (Vlad Glagolev) Submitted an OpenBSD port for fwknop-2.0.3, and this has
1570 been checked in under extras/openbsd/.
1573 extras/openbsd/distinfo | 5 ++++
1574 extras/openbsd/patches/patch-lib_fko_decode_c | 14 ++++++++++
1575 extras/openbsd/patches/patch-server_replay_cache_c | 27 ++++++++++++++++++++
1576 extras/openbsd/pkg/DESCR | 14 ++++++++++
1577 extras/openbsd/pkg/PFRAG.shared | 2 ++
1578 extras/openbsd/pkg/PLIST | 11 ++++++++
1579 extras/openbsd/pkg/fwknopd.rc | 9 +++++++
1580 8 files changed, 84 insertions(+)
1582 commit f8374c8aefe7a3cf4fcc8763267b139a3504cd66
1583 Author: Michael Rash <mbr@cipherdyne.org>
1584 Date: Tue Sep 11 21:54:26 2012 -0400
1586 [server] (Vlad Glagolev) Submitted a patch to fix command exec mode
1588 (Vlad Glagolev) Submitted a patch to fix command exec mode
1589 under SPA message type validity test. Support for command exec mode was
1590 also added to the test suite.
1594 lib/fko_decode.c | 29 ++++++++++++++++++++++++-----
1595 test/conf/cmd_access.conf | 4 ++++
1596 test/test-fwknop.pl | 35 +++++++++++++++++++++++++++++++++++
1597 5 files changed, 69 insertions(+), 5 deletions(-)
1599 commit 591416e23bc9e93c83e832bbf504837e7b24be88
1600 Author: Michael Rash <mbr@cipherdyne.org>
1601 Date: Mon Sep 10 21:47:48 2012 -0400
1603 [server] bug fix in --disable-file-cache mode
1605 Applied patch from Vlad Glagolev to fix ndbm/gdbm usage when --disable-file-cache
1606 is used for the autoconf configure script. This functionality was broken in
1607 be4193d734850fe60f14a26b547525ea0b9ce1e9 through improper handling of #define
1608 macros from --disable-file-cache.
1611 ChangeLog | 6 ++++++
1612 server/replay_cache.c | 10 +++-------
1613 3 files changed, 15 insertions(+), 7 deletions(-)
projects / fwknop.git / blob