Michael Rash [Wed, 22 May 2013 02:12:03 +0000]
[test suite] minor formatting update to access.conf files to mimic fwknoprc vars (no colon or trailing semicolon)
Michael Rash [Wed, 22 May 2013 02:10:13 +0000]
man page updates - access.conf section now includes variable guidance
Michael Rash [Wed, 22 May 2013 02:00:15 +0000]
Use {0} initializer for all stack allocated char arrays
Lots of places in the code were already using {0} to initialize stack char
arrays, but memset() was being used as well. This commit removes all
unnecessary memset() calls against char arrays that are already initialized
via {0} (which sets all members to zero for such arrays).
Michael Rash [Tue, 21 May 2013 01:57:42 +0000]
Merge remote-tracking branch 'fjoncourt/save_rc_stanza'
Closes issues #81 and #82 thanks to Franck.
Franck Joncourt [Mon, 20 May 2013 19:58:18 +0000]
Fixed stanza name in log message. We display the stanza we were looking for, not the current one.
Franck Joncourt [Mon, 20 May 2013 09:08:33 +0000]
Merge remote-tracking branch 'upstream/master' into save_rc_stanza
Michael Rash [Sun, 19 May 2013 20:15:19 +0000]
[test suite] added 'equal keys' files
Franck Joncourt [Sun, 19 May 2013 20:00:51 +0000]
Do not assume two rc sections are separated by an empty line. (mrash/fwknop#81)
Michael Rash [Sun, 19 May 2013 19:50:16 +0000]
[client] finished documenting client command line options via the man page
Michael Rash [Sun, 19 May 2013 19:29:20 +0000]
[test suite] added client -f firewall timeout tests
Michael Rash [Sun, 19 May 2013 18:36:32 +0000]
[server] port list memory leak bug fix for OpenBSD/pf and FreeBSD/ipfw firewall interface code found by Coverity
Michael Rash [Sun, 19 May 2013 18:12:58 +0000]
updated client and server man page material
Michael Rash [Sun, 19 May 2013 16:57:36 +0000]
Merge branch 'master' of github.com:mrash/fwknop
Michael Rash [Sun, 19 May 2013 16:57:07 +0000]
Merge pull request #80 from fjoncourt/fix-gpl2.0
[FTBS] Fixed gpl2.0.texi
Franck Joncourt [Sun, 19 May 2013 15:14:35 +0000]
Fixed gpl2.0.texi to make it build.
The @appendixsubsec entries are substituted by @appendixsec entries.
Michael Rash [Sun, 19 May 2013 02:49:38 +0000]
[client] minor --verbose display update to say source port is 'OS assigned' when not otherwise set
Michael Rash [Sun, 19 May 2013 02:36:13 +0000]
[client] bug fix to separate out --named-config vs. --no-save-args command line args
Michael Rash [Sat, 18 May 2013 20:39:08 +0000]
[test suite] slurp openssl HMAC from file into single string (it may be binary data)
Michael Rash [Sat, 18 May 2013 16:13:50 +0000]
added test suite HMAC != enc key conf files
Michael Rash [Sat, 18 May 2013 16:10:18 +0000]
[client+server] ensure HMAC key and encryption passphrase are not the same
Michael Rash [Sat, 18 May 2013 14:51:49 +0000]
[client] added warning in --verbose mode if -s is used instead of -a or -R
Michael Rash [Sat, 18 May 2013 12:34:20 +0000]
[test suite] minor bug fix to preserve the init file
Michael Rash [Sat, 18 May 2013 03:05:58 +0000]
continued man page updates in preparation for the 2.5 release
Michael Rash [Sat, 18 May 2013 02:34:26 +0000]
[server] added check to ensure any existing fwknop jump rule is not duplicated at init
Michael Rash [Sat, 18 May 2013 02:28:03 +0000]
[server] apply same logging policy for --fw-* modes as --foreground mode
Michael Rash [Sat, 18 May 2013 01:03:16 +0000]
[client] --key-gen bug fix to print keys to stdout
Michael Rash [Thu, 16 May 2013 01:31:17 +0000]
Merge remote-tracking branch 'fjoncourt/master'
Closes issues #76 and #60.
Michael Rash [Thu, 16 May 2013 01:17:39 +0000]
[client] man page update for GPG key signing material
Michael Rash [Thu, 16 May 2013 00:59:29 +0000]
[client] completed fwknop client man page rc variable documentation
Michael Rash [Wed, 15 May 2013 03:28:45 +0000]
HMAC and PBKDF1 ChangeLog updates
Michael Rash [Wed, 15 May 2013 03:22:03 +0000]
[docs] fwknop client man page update for HMAC material
Franck Joncourt [Tue, 14 May 2013 20:15:19 +0000]
Merge remote-tracking branch 'upstream/master'
Franck Joncourt [Tue, 14 May 2013 20:08:44 +0000]
Fixed gcc warnings on openbsd. - mrash/fwknop#60
Michael Rash [Tue, 14 May 2013 03:11:33 +0000]
minor write_test_file() path bug fix
Michael Rash [Tue, 14 May 2013 03:10:26 +0000]
Merge remote-tracking branch 'fjoncourt/master'
Merged update from Franck - closes issue #71.
Michael Rash [Tue, 14 May 2013 00:52:14 +0000]
[server] minor memory leak bug fix during SPA digest calculation found by Coverity
Michael Rash [Tue, 14 May 2013 00:48:23 +0000]
[server] minor memory leak bug fix during access.conf parsing found by Coverity
Michael Rash [Tue, 14 May 2013 00:42:07 +0000]
[server] varargs cleanup bug fix found by Coverity
Michael Rash [Tue, 14 May 2013 00:41:25 +0000]
[server] fix pointer NULL check after strdup() - found by Coverity
Michael Rash [Tue, 14 May 2013 00:40:29 +0000]
[server] minor cosmetic (unnecessary NULL checks and one un-triggerable memory leak) found by Coverity
Michael Rash [Tue, 14 May 2013 00:38:39 +0000]
[server] minor memory leak bug fix during access.conf parsing found by Coverity
Franck Joncourt [Mon, 13 May 2013 14:30:27 +0000]
Merge remote-tracking branch 'upstream/master'
Michael Rash [Mon, 13 May 2013 02:42:13 +0000]
bumped VERSION file to fwknop-2.5-pre1
Michael Rash [Mon, 13 May 2013 02:30:28 +0000]
[test suite] added hmac_get_key_access.conf file
Michael Rash [Mon, 13 May 2013 01:04:25 +0000]
Added blurb on Coverity to the ChangeLog
Michael Rash [Mon, 13 May 2013 00:57:19 +0000]
[test suite] added fko_destroy() calls to fko-wrapper
Michael Rash [Mon, 13 May 2013 00:54:44 +0000]
[server] fixed potential double-free condition found by Coverity
Within the access loop always call fko_destroy() right up front whenever
ctx != NULL to ensure a clean slate each time through the loop regardless of
what state may have been reached the previous time through the loop.
Michael Rash [Mon, 13 May 2013 00:54:04 +0000]
[client] set ctx=NULL after fko_destroy() calls
Michael Rash [Mon, 13 May 2013 00:53:22 +0000]
[libfko] set ctx=NULL after fko_destroy(), add NULL check for encrypted msg pointer in fko_new_with_data()
Michael Rash [Mon, 13 May 2013 00:49:00 +0000]
[libfko] added context initialized check to fko_decrypt_spa_data()
Michael Rash [Sun, 12 May 2013 19:02:31 +0000]
[libfko] bug fix to apply ctx initialization check before attempting to use ctx->message_type in fko_set_spa_client_timeout()
Michael Rash [Sun, 12 May 2013 18:43:19 +0000]
[test suite] add -x to run_valgrind.sh fko-wrapper script
Michael Rash [Sun, 12 May 2013 18:42:35 +0000]
[test suite] added -g to fko_wrapper Makefile for debugging symbols
Franck Joncourt [Sun, 12 May 2013 15:35:19 +0000]
Added tests to validate the encryption mode for the client.
Renamed the CBC legacy VI encryption mode by legacy as mentionned in the man page.
Franck Joncourt [Sun, 12 May 2013 14:52:52 +0000]
Rewrite enc_mode_inttostr() and enc_mode_strtoint().
Make sure both functions works the same way and refer to the same
encryption mode string.
Updated the fwknop usage message to display the encryption mode.
Michael Rash [Sat, 11 May 2013 17:28:55 +0000]
[test suite] allow valgrind coverage test to run after --test-limit
Michael Rash [Fri, 10 May 2013 02:43:05 +0000]
[libfko] changed 'state' context element to 'int' type to fix a 'extra high-order bits' bug found by Coverity
Michael Rash [Fri, 10 May 2013 02:35:08 +0000]
[server] setsockopt() nad fcntl() return value checking (found by Coverity)
Michael Rash [Fri, 10 May 2013 02:14:06 +0000]
[libfko] fixed remaining sizeof() usage bug in SHA256 code found by Coverity
Michael Rash [Fri, 10 May 2013 02:13:25 +0000]
[libfko] fixed remaining buffer constraints in lib/hmac.c code found by Coverity
Michael Rash [Fri, 10 May 2013 02:10:38 +0000]
[client] removed unnecessary array NULL check found by Coverity
Michael Rash [Fri, 10 May 2013 01:56:13 +0000]
[libfko] memory leak fixes found by Coverity
Michael Rash [Fri, 10 May 2013 01:17:27 +0000]
various sizeof() usage and type bug fixes found by Coverity
Michael Rash [Fri, 10 May 2013 01:11:45 +0000]
[test suite] minor bug fix for printing the number of test buckets to be executed
Michael Rash [Thu, 9 May 2013 03:55:35 +0000]
fixed several resource leak conditions found by Coverity
Michael Rash [Thu, 9 May 2013 03:44:13 +0000]
[server] double free bug fix in access.conf parsing routine caught by Coverity
Michael Rash [Wed, 8 May 2013 03:35:34 +0000]
[server] fixed several (non-exploitable) overflow conditions found by Coverity
Michael Rash [Wed, 8 May 2013 03:02:49 +0000]
remove dead code caught by Coverity
Michael Rash [Wed, 8 May 2013 02:52:35 +0000]
[server] bug fix for GPG 'nesting level does not match indentation' issue (discovered by Coverity)
Michael Rash [Wed, 8 May 2013 01:43:38 +0000]
[client] fix missing 'break' in switch statement (discovered by Coverity)
Michael Rash [Tue, 7 May 2013 02:23:59 +0000]
[server] added --pcap-any-direction along with config file support
From the config file comments:
This variable controls whether fwknopd is permitted to sniff SPA packets
regardless of whether they are received on the sniffing interface or sent
from the sniffing interface. In the later case, this can be useful to have
fwknopd sniff SPA packets that are forwarded through a system and destined
for a different network. If the sniffing interface is the egress interface
for such packets, then this variable will need to be set to "Y" in order for
fwknopd to see them. The default is "N" so that fwknopd only looks for SPA
packets that are received on the sniffin
PCAP_ANY_DIRECTION N;
Michael Rash [Tue, 7 May 2013 02:22:22 +0000]
minor typo fix
Franck Joncourt [Mon, 6 May 2013 09:52:35 +0000]
Merge remote-tracking branch 'upstream/master'
Franck Joncourt [Mon, 6 May 2013 09:49:16 +0000]
Added new tests to the test suite to validate the --save-rc-stanza command line argument.
Franck Joncourt [Mon, 6 May 2013 08:02:02 +0000]
Replaced printf() by log_msg().
Michael Rash [Mon, 6 May 2013 01:54:07 +0000]
[client] added --get-hmac-key to mirror --get-key, closes #68
Michael Rash [Mon, 6 May 2013 01:01:26 +0000]
Merge branch 'master' of github.com:mrash/fwknop
Michael Rash [Mon, 6 May 2013 00:59:04 +0000]
Merge remote-tracking branch 'origin/win32_fixes'
This fixes issue #69 thanks to Damien.
Damien S. Stuart [Mon, 6 May 2013 00:44:47 +0000]
Regenerated the client and server manpage .in files from the asciidoc sources
Damien S. Stuart [Mon, 6 May 2013 00:37:02 +0000]
Merge branch 'win32_fixes' of ssh://github.com/mrash/fwknop into win32_fixes
Damien S. Stuart [Mon, 6 May 2013 00:36:33 +0000]
Copied the win32 Visual Studio solution and project files to preserve a VS 2008 version.
Damien Stuart [Sun, 5 May 2013 23:02:48 +0000]
Tweaked WIN32 conditional for using inet_ntoa instead of inet_ntop to apply only to versions below Vista (WINVER <= 0x0600)
Damien Stuart [Sun, 5 May 2013 20:37:18 +0000]
Use inet_aton on Windows (Older windows versions do not have enet_ntop).
Franck Joncourt [Sun, 5 May 2013 20:03:21 +0000]
Fixed command line arguments (key-base64-rijndael and key-base64-hmac).
The cmd_opts structure containing the command line args does not follow the
documentation. This update fix it.
Franck Joncourt [Sun, 5 May 2013 20:00:02 +0000]
Added force-stanza to the client documentation.
Franck Joncourt [Sun, 5 May 2013 19:47:21 +0000]
Merge remote-tracking branch 'upstream/master'
Franck Joncourt [Sun, 5 May 2013 19:43:31 +0000]
Added GPG_SIGNER and GPG_RECIPIENT to the list of important variables.
Franck Joncourt [Sun, 5 May 2013 19:13:26 +0000]
Added --force-stanza command line arg to avoid prompting the user.
Damien Stuart [Sun, 5 May 2013 17:20:20 +0000]
Fixes to get hmac_support and 2.5 changes working for the Windows lib and client builds.
Michael Rash [Sat, 4 May 2013 18:16:06 +0000]
(Franck Joncourt) patch to address sprintf() warnings for issue #60
Franck Joncourt [Sat, 4 May 2013 15:02:02 +0000]
Ask the user whether he wants to overwrite a variable in the updated rc file or not.
Michael Rash [Sat, 4 May 2013 13:41:27 +0000]
Merge remote-tracking branch 'ag4ve/master'
(Shawn Wilson) This adds better source IP logging for fwknopd log messages.
Closes #70.
Franck Joncourt [Sat, 4 May 2013 13:34:34 +0000]
Merge remote-tracking branch 'upstream/master'
Franck Joncourt [Sat, 4 May 2013 13:33:03 +0000]
Fixed names of function for better understanding.
Michael Rash [Sat, 4 May 2013 03:17:24 +0000]
[test suite] added Cygwin client compatibility tests
Michael Rash [Sat, 4 May 2013 00:56:05 +0000]
[test suite] additional iptables init/exit 'no flush' tests
Michael Rash [Sat, 4 May 2013 00:55:20 +0000]
[test suite] minor update to not count HMAC OpenSSL tests against non-ascii HMAC keys when the hexkey option is not supported
Shawn Wilson [Fri, 3 May 2013 16:28:49 +0000]
Merge branch 'master' of github.com:ag4ve/fwknop
Pull in forked upstream
Michael Rash [Fri, 3 May 2013 12:35:24 +0000]
[test suite] added check for test script inclusion in Makefile.am
Franck Joncourt [Fri, 3 May 2013 11:49:32 +0000]
Continued implementing a way to not overwrite KEY.. variables with --save-rc-stanza
mrash/fwknop#67
projects / fwknop.git / log