Added access stanza expiration feature, multiple access stanza bug fix
authorMichael Rash <mbr@cipherdyne.org>
Tue, 29 Nov 2011 03:03:21 +0000 (22:03 -0500)
committerMichael Rash <mbr@cipherdyne.org>
Tue, 29 Nov 2011 03:03:21 +0000 (22:03 -0500)
commitb280f5cde0246cdef33dee3f8be66a2bcef77336
tree20bc2c6c9e29c2f09545d49140e94580088c9f37
parent9e884e9759362ce401bf77dab819b24e10caca62
Added access stanza expiration feature, multiple access stanza bug fix

This commit does two major things:

1) Two new access.conf variables are added "ACCESS_EXPIRE" and
"ACCESS_EXPIRE_EPOCH" to allow access stanzas to be expired without having
to modify the access.conf file and restart fwknopd.

2) Allow an access stanza that matches the SPA source address to not
automatically short circuit other stanzas if there is an error (such as when
there are multiple encryption keys involved and an incoming SPA packet is
meant for, say, the second stanza and the first therefore doesn't allow
proper decryption).
doc/fwknopd.man.asciidoc
server/access.c
server/access.h
server/fw_util_iptables.c
server/fwknopd_common.h
server/incoming_spa.c
server/incoming_spa.h
test/conf/expired_epoch_stanza_access.conf [new file with mode: 0644]
test/conf/expired_stanza_access.conf [new file with mode: 0644]
test/conf/multi_stanzas_with_broken_keys.conf [new file with mode: 0644]
test/test-fwknop.pl