fwknop.git
19 months agopotential Windows build fix that is compatible with the perl FKO module windows_build_testing
Michael Rash [Fri, 30 Nov 2012 03:05:07 +0000]
potential Windows build fix that is compatible with the perl FKO module

19 months agoBug fix for perl FKO compilation
Michael Rash [Thu, 29 Nov 2012 03:39:07 +0000]
Bug fix for perl FKO compilation

This commit removes lib/ includes of common/ header files that was breaking
the perl FKO module compilation.

19 months ago[server] Ignore pcap non-blocking setting in --pcap-file mode
Michael Rash [Wed, 28 Nov 2012 03:54:55 +0000]
[server] Ignore pcap non-blocking setting in --pcap-file mode

When setting --pcap-file mode from the command line some versions of libpcap
do not appear to allow non-blocking mode to be set and throw the following
error:

[*] Error setting pcap nonblocking to 0:

This commit ignores the non-blocking setting in --pcap-file mode.

20 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Fri, 23 Nov 2012 02:43:43 +0000]
Merge branch 'master' of github.com:mrash/fwknop

20 months agoMerge branch 'master' of github.com:mrash/fwknop
Damien Stuart [Thu, 22 Nov 2012 03:33:13 +0000]
Merge branch 'master' of github.com:mrash/fwknop

Conflicts:
configure.ac

20 months agoTweaks to fix autoconf-related portability issues and autogen.sh reliability
Damien Stuart [Thu, 22 Nov 2012 03:16:39 +0000]
Tweaks to fix autoconf-related portability issues and autogen.sh reliability

20 months agoTweaks to fix autoconf-related portability issues and autogen.sh reliability
Damien Stuart [Thu, 22 Nov 2012 03:16:39 +0000]
Tweaks to fix autoconf-related portability issues and autogen.sh reliability

20 months agorevert 7db2d1e796bba7af393e2d5c40db65b95fcee066 (--disable-gpg arg) since --without...
Michael Rash [Thu, 22 Nov 2012 02:49:16 +0000]
revert 7db2d1e796bba7af393e2d5c40db65b95fcee066 (--disable-gpg arg) since --without-gpgme works properly

20 months agobug fix for firewall rule deletion check in backwards compatibility tests on FreeBSD...
Michael Rash [Thu, 22 Nov 2012 02:29:26 +0000]
bug fix for firewall rule deletion check in backwards compatibility tests on FreeBSD and OpenBSD

20 months agoremoved duplicate android_access.conf file introduced in a local mrash commit
Michael Rash [Tue, 20 Nov 2012 13:28:46 +0000]
removed duplicate android_access.conf file introduced in a local mrash commit

20 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Tue, 20 Nov 2012 13:27:33 +0000]
Merge branch 'master' of github.com:mrash/fwknop

20 months agoNow commiting only the change to Makefile.am this time
Damien Stuart [Mon, 19 Nov 2012 17:22:40 +0000]
Now commiting only the change to Makefile.am this time

20 months agoRevert "Tweaks to EXTRA_DIST. Added one missing and removed one invalid entry under...
Damien Stuart [Mon, 19 Nov 2012 17:19:12 +0000]
Revert "Tweaks to EXTRA_DIST.  Added one missing and removed one invalid entry under the test directory."

This reverts commit 556ca2c146a598cddada4dd8cdf3f9b12f32f202.

20 months agoAdded the --icmp-xxxx arg descriptions to the fwknop usage message.
Damien Stuart [Mon, 19 Nov 2012 14:48:34 +0000]
Added the --icmp-xxxx arg descriptions to the fwknop usage message.

20 months agoTweaks to EXTRA_DIST. Added one missing and removed one invalid entry under the...
Damien Stuart [Mon, 19 Nov 2012 14:30:15 +0000]
Tweaks to EXTRA_DIST.  Added one missing and removed one invalid entry under the test directory.

20 months agoTweaks to fix issues with building the lib and client under Windows. Added .fwknop...
Damien Stuart [Mon, 19 Nov 2012 04:59:10 +0000]
Tweaks to fix issues with building the lib and client under Windows. Added .fwknop.last support on Windows.  Bumped the lib version to 0.0.4. Fixed bug in username detection code.  Removed -Werror from AM_INIT_AUTOMAKE which prevented setting of CPPFLAG for the lib build in some circumstances.

20 months ago[test suite] added android_access.conf file for Android SPA test
Michael Rash [Sat, 17 Nov 2012 19:06:39 +0000]
[test suite] added android_access.conf file for Android SPA test

20 months ago[test suite] minor update to not look for lib/.libs/ in --enable-recompile mode
Michael Rash [Fri, 16 Nov 2012 03:36:29 +0000]
[test suite] minor update to not look for lib/.libs/ in --enable-recompile mode

20 months ago[test suite] backwards compatibility tests
Michael Rash [Fri, 16 Nov 2012 02:16:11 +0000]
[test suite] backwards compatibility tests

Added a few backwards compatibility tests for versions of fwknop going back to
2.0, and also added a compatibility test for an SPA packet produced by Android
4.2.1.

20 months agominor gcc warnings todo note for OpenBSD
Michael Rash [Thu, 15 Nov 2012 04:46:29 +0000]
minor gcc warnings todo note for OpenBSD

20 months agobumped version to 2.0.4
Michael Rash [Thu, 15 Nov 2012 04:45:43 +0000]
bumped version to 2.0.4

20 months agominor marking text update around fuzzing packet count
Michael Rash [Wed, 14 Nov 2012 02:18:29 +0000]
minor marking text update around fuzzing packet count

20 months agoadditional SPA validation check to ensure no non-ascii printable chars in decoded...
Michael Rash [Wed, 14 Nov 2012 02:16:27 +0000]
additional SPA validation check to ensure no non-ascii printable chars in decoded message

20 months agominor spacing fix
Michael Rash [Wed, 14 Nov 2012 02:12:41 +0000]
minor spacing fix

20 months agoAdded chain_exists() check to fwknopd SPA rule creation
Michael Rash [Tue, 13 Nov 2012 02:48:26 +0000]
Added chain_exists() check to fwknopd SPA rule creation

Added chain_exists() check to SPA rule creation so that if any
of the fwknop chains are deleted out from under fwknopd they will be
recreated on the fly.  This mitigates scenarios where fwknopd might be
started before a system level firewall policy is applied due to init
script ordering, or if an iptables policy is re-applied without
restarting fwknopd.

20 months agoadded fuzzing packet count to FKO server fuzzing test
Michael Rash [Sat, 10 Nov 2012 01:42:43 +0000]
added fuzzing packet count to FKO server fuzzing test

20 months agominor todo reorganization
Michael Rash [Sat, 10 Nov 2012 01:42:08 +0000]
minor todo reorganization

20 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Fri, 9 Nov 2012 03:25:33 +0000]
Merge branch 'master' of github.com:mrash/fwknop

20 months ago[client] (Franck Joncourt) Fixed Ctrl-C problem where SPA packets were sent anyway
Michael Rash [Fri, 9 Nov 2012 03:22:04 +0000]
[client] (Franck Joncourt) Fixed Ctrl-C problem where SPA packets were sent anyway

[client] (Franck Joncourt) Contributed a patch to allow the fwknop
client to be stopped during the password entry prompt with Ctrl-C before
any SPA packet is sent on the wire.

20 months agoadded blurb about Android-4.1.2
Michael Rash [Fri, 9 Nov 2012 03:09:23 +0000]
added blurb about Android-4.1.2

20 months agominor README update for proper 4.1.2 version of Android
Michael Rash [Fri, 9 Nov 2012 03:07:16 +0000]
minor README update for proper 4.1.2 version of Android

20 months agoadded updated properties files for Android-4.1.2
Michael Rash [Fri, 9 Nov 2012 03:06:25 +0000]
added updated properties files for Android-4.1.2

20 months agominor bug fix to leverage fko_errstr() returned error string properly
Michael Rash [Fri, 9 Nov 2012 02:42:18 +0000]
minor bug fix to leverage fko_errstr() returned error string properly

20 months agoadded fko header files for the Android client
Michael Rash [Fri, 9 Nov 2012 02:39:21 +0000]
added fko header files for the Android client

20 months ago[server] Added '--pcap-file <file>' option
Michael Rash [Fri, 9 Nov 2012 02:33:23 +0000]
[server] Added '--pcap-file <file>' option

Added a new '--pcap-file <file>' option to allow pcap files to
be processed directly by fwknopd instead of sniffing an interface.  This
feature is mostly intended for debugging purposes.

20 months agominor update to use explicit FKO_SUCCESS value in if() result check
Michael Rash [Fri, 9 Nov 2012 02:03:45 +0000]
minor update to use explicit FKO_SUCCESS value in if() result check

20 months agoallow '_' chars in usernames provided to libfko
Michael Rash [Fri, 9 Nov 2012 02:02:44 +0000]
allow '_' chars in usernames provided to libfko

20 months agoIgnore trailing whitespace on .fwknoprc directives
Damien Stuart [Fri, 9 Nov 2012 00:41:46 +0000]
Ignore trailing whitespace on .fwknoprc directives

20 months agoAdditional todo tasks
Michael Rash [Tue, 6 Nov 2012 01:39:03 +0000]
Additional todo tasks

20 months ago[test suite] added pinentry check for gpg tests that have keys that require associate...
Michael Rash [Tue, 6 Nov 2012 01:38:34 +0000]
[test suite] added pinentry check for gpg tests that have keys that require associated passphrases

20 months agoAdded test suite config file: disable_aging_nat_fwknopd.conf
Michael Rash [Mon, 5 Nov 2012 03:13:52 +0000]
Added test suite config file: disable_aging_nat_fwknopd.conf

20 months agobug fix to include multi-gpg ID no password test
Michael Rash [Sun, 4 Nov 2012 03:11:24 +0000]
bug fix to include multi-gpg ID no password test

20 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Sat, 3 Nov 2012 23:00:56 +0000]
Merge branch 'master' of github.com:mrash/fwknop

20 months agoMerge pull request #11 from tomyuk/master
Michael Rash [Sat, 3 Nov 2012 23:00:57 +0000]
Merge pull request #11 from tomyuk/master

add missing include files to lib/Makefile.am

20 months ago--enable-recompile try raw make if sudo make fails
Michael Rash [Sat, 3 Nov 2012 22:09:12 +0000]
--enable-recompile try raw make if sudo make fails

20 months agoadded run-test-suite.sh LD_LIBRARY_PATH wrapper
Michael Rash [Sat, 3 Nov 2012 20:50:26 +0000]
added run-test-suite.sh LD_LIBRARY_PATH wrapper

20 months agoAdded missing include files
Tomoyuki Kano [Sat, 3 Nov 2012 10:08:10 +0000]
Added missing include files

20 months agoadd missing include files to lib/Makefile.am
Tomoyuki Kano [Sat, 3 Nov 2012 10:03:48 +0000]
add missing include files to lib/Makefile.am

20 months agobug fix to include cmd_access.conf in Makefile.am
Michael Rash [Sat, 3 Nov 2012 01:07:23 +0000]
bug fix to include cmd_access.conf in Makefile.am

20 months ago[client+server] Added --disable-gpg to the autoconf config
Michael Rash [Thu, 1 Nov 2012 01:37:55 +0000]
[client+server] Added --disable-gpg to the autoconf config

Added --disable-gpg to the autoconf ./configure script
via configure.ac.  This makes it easy to not have fwknop/fwknopd
link against libgpgme even if it is installed on the local system.

20 months agoadded fuzzing patches from the test/fuzzing/patches/ directory
Michael Rash [Wed, 31 Oct 2012 02:39:36 +0000]
added fuzzing patches from the test/fuzzing/patches/ directory

20 months agoadded '-Wformat -Wformat-security' to compile args - no associated warnings in curren...
Michael Rash [Wed, 31 Oct 2012 02:03:40 +0000]
added '-Wformat -Wformat-security' to compile args - no associated warnings in current code

20 months agoUpdated build CFLAGS and LDFLAGS for PIE support similar to Debian hardening-includes
Michael Rash [Wed, 31 Oct 2012 01:40:21 +0000]
Updated build CFLAGS and LDFLAGS for PIE support similar to Debian hardening-includes

The Debian hardening-includes package sets CFLAGS and LDFLAGS as follows for PIE support:

_HARDENED_PIE_CFLAGS  := -fPIE
_HARDENED_PIE_LDFLAGS := -fPIE -pie

The configure.ac file has been updated to conform to the above.

20 months ago[test suite] bug fix to ensure binary existence check in build security tests
Michael Rash [Wed, 31 Oct 2012 01:23:30 +0000]
[test suite] bug fix to ensure binary existence check in build security tests

20 months agominor fuzzing README update
Michael Rash [Mon, 29 Oct 2012 03:31:09 +0000]
minor fuzzing README update

20 months agoadded non digit rand val fuzzing encoding tests
Michael Rash [Sun, 28 Oct 2012 02:45:28 +0000]
added non digit rand val fuzzing encoding tests

20 months agoadded fuzzing encoding strip eq return packets
Michael Rash [Sun, 28 Oct 2012 02:34:52 +0000]
added fuzzing encoding strip eq return packets

20 months agoadded encoding_append_b64_modified_byte equals sign fuzzing encoding tests
Michael Rash [Sun, 28 Oct 2012 02:28:33 +0000]
added encoding_append_b64_modified_byte equals sign fuzzing encoding tests

20 months agoadded encoding_append_b64_modified_byte fuzzing encoding tests
Michael Rash [Sun, 28 Oct 2012 02:07:40 +0000]
added encoding_append_b64_modified_byte fuzzing encoding tests

20 months agoadded non-base64 char to access msg for fuzzing encoding tests
Michael Rash [Sat, 27 Oct 2012 03:13:41 +0000]
added non-base64 char to access msg for fuzzing encoding tests

20 months agoadded fuzzing encoding packets (extra colon 3)
Michael Rash [Sat, 27 Oct 2012 03:07:35 +0000]
added fuzzing encoding packets (extra colon 3)

20 months agoadded fuzzing encoding packets (extra colon 2)
Michael Rash [Sat, 27 Oct 2012 03:06:09 +0000]
added fuzzing encoding packets (extra colon 2)

20 months agoadded fuzzing encoding packets (extra colon 1)
Michael Rash [Sat, 27 Oct 2012 01:47:08 +0000]
added fuzzing encoding packets (extra colon 1)

20 months agoadded in new test/fuzzing/patches/ files
Michael Rash [Sat, 27 Oct 2012 01:43:24 +0000]
added in new test/fuzzing/patches/ files

20 months agoadded non-base64 encoding fuzzing packets
Michael Rash [Fri, 26 Oct 2012 19:52:09 +0000]
added non-base64 encoding fuzzing packets

20 months ago[libfko] bug fix to check b64_decode() return value
Michael Rash [Fri, 26 Oct 2012 19:36:08 +0000]
[libfko] bug fix to check b64_decode() return value

Bug fix to check b64_decode() return value to ensure that
non-base64 encoded data is never used.  Even though other validation
routines checked decoded results, it is important to discard invalid
data as early as possible.  Note too that such invalid data would only
be provided to b64_decode() after proper decryption, so the client must
provide authentic SPA data.

20 months agoadded rm colon5 fuzzing packets
Michael Rash [Fri, 26 Oct 2012 02:12:47 +0000]
added rm colon5 fuzzing packets

20 months agoadded fuzzing encoding test that removes colon #5
Michael Rash [Fri, 26 Oct 2012 02:04:09 +0000]
added fuzzing encoding test that removes colon #5

20 months agoadded fuzzing encoding test that removes colon #4
Michael Rash [Fri, 26 Oct 2012 02:01:12 +0000]
added fuzzing encoding test that removes colon #4

20 months agoadded test/fuzzing/patches/encoding_rm_colon1.patch file
Michael Rash [Fri, 26 Oct 2012 01:57:40 +0000]
added test/fuzzing/patches/encoding_rm_colon1.patch file

20 months agoAdded fuzzing encoding tests that remove the 2nd and 3rd colons
Michael Rash [Fri, 26 Oct 2012 01:55:01 +0000]
Added fuzzing encoding tests that remove the 2nd and 3rd colons

20 months agoAdded fuzzing spa packet generation for invalid encodings
Michael Rash [Fri, 26 Oct 2012 01:37:52 +0000]
Added fuzzing spa packet generation for invalid encodings

This commit adds the ability to generate SPA packets that are valid except for
the last encoding step before encryption.  This is independent of supplying
invalid data for SPA packet fields.  To invoke the test suite in this mode,
do something like:

 # ./test-fwknop.pl --enable-perl-module-pkt-gen  --fuzzing-test-tag "encoded_colon1_missing"  --fuzzing-class encoding

This assumes that lib/fko_encode.c has been patched to subvert the encoding
step itself before encryption.  In this case, the first colon after the random
value is removed.

20 months agoadded non-base64 user character fuzzing SPA packets
Michael Rash [Thu, 25 Oct 2012 04:42:02 +0000]
added non-base64 user character fuzzing SPA packets

20 months agoadded extra_timestamp_digit fuzzing SPA packets
Michael Rash [Thu, 25 Oct 2012 04:29:01 +0000]
added extra_timestamp_digit fuzzing SPA packets

20 months agoadded colon_1_to_a fuzzing SPA packets
Michael Rash [Thu, 25 Oct 2012 04:24:19 +0000]
added colon_1_to_a fuzzing SPA packets

20 months agoadded fuzzing/README file
Michael Rash [Thu, 25 Oct 2012 04:20:55 +0000]
added fuzzing/README file

20 months agoeasier SPA fuzzing packet generation and importing
Michael Rash [Thu, 25 Oct 2012 04:20:08 +0000]
easier SPA fuzzing packet generation and importing

21 months agoPatch from Franck Joncourt for setting permissions via open()
Michael Rash [Wed, 24 Oct 2012 01:47:56 +0000]
Patch from Franck Joncourt for setting permissions via open()

[client+server] Applied patch from Franck Joncourt to remove unnecessary
chmod() call when creating client rc file and server replay cache file.
The permissions are now set appropriately via open(), and at the same
time this patch fixes a potential race condition since the previous code
used fopen() followed by chmod().

21 months agoadded validate_username() call to SPA packet encoding routine
Michael Rash [Tue, 23 Oct 2012 00:31:19 +0000]
added validate_username() call to SPA packet encoding routine

21 months agoadded MIPS compilation bug for todo.org tracking
Michael Rash [Tue, 23 Oct 2012 00:30:42 +0000]
added MIPS compilation bug for todo.org tracking

21 months agoadded test/fuzzing/ directory for fuzzing data and patches
Michael Rash [Sat, 20 Oct 2012 02:14:24 +0000]
added test/fuzzing/ directory for fuzzing data and patches

21 months agominor ChangeLog updates
Michael Rash [Sat, 20 Oct 2012 02:11:27 +0000]
minor ChangeLog updates

21 months agofixed --enable-recompile argument for OpenBSD
Michael Rash [Fri, 19 Oct 2012 03:10:02 +0000]
fixed --enable-recompile argument for OpenBSD

21 months agoadded libfko validate_username() for decrypted SPA data
Michael Rash [Fri, 19 Oct 2012 03:01:54 +0000]
added libfko validate_username() for decrypted SPA data

21 months agoadded 'Rejected' messages to test output for bogus SPA packet perl FKO tests
Michael Rash [Fri, 19 Oct 2012 02:24:48 +0000]
added 'Rejected' messages to test output for bogus SPA packet perl FKO tests

21 months agoremoved non-SPA packet lines
Michael Rash [Fri, 19 Oct 2012 02:24:11 +0000]
removed non-SPA packet lines

21 months agoadded bogus_spa_packets file for perl FKO fuzzing tests
Michael Rash [Fri, 19 Oct 2012 02:08:38 +0000]
added bogus_spa_packets file for perl FKO fuzzing tests

21 months agocontinued validation code driven by perl FKO module
Michael Rash [Wed, 17 Oct 2012 01:23:43 +0000]
continued validation code driven by perl FKO module

21 months ago[libfko] validation of NAT access strings
Michael Rash [Tue, 16 Oct 2012 00:52:23 +0000]
[libfko] validation of NAT access strings

Added validation of NAT access strings in the various NAT modes in libfko.
This applies to both the client and server, and test suite support was added
as well.

21 months agoadded perl FKO module client timeout test
Michael Rash [Sat, 13 Oct 2012 18:08:38 +0000]
added perl FKO module client timeout test

21 months agoadditional perl FKO module access message test strings
Michael Rash [Sat, 13 Oct 2012 15:38:23 +0000]
additional perl FKO module access message test strings

21 months agoadded perl FKO module cmd mode tests
Michael Rash [Sat, 13 Oct 2012 15:31:31 +0000]
added perl FKO module cmd mode tests

21 months agostarted on fuzzing tests with the perl FKO module
Michael Rash [Sat, 13 Oct 2012 03:52:14 +0000]
started on fuzzing tests with the perl FKO module

21 months agoforce usernames to be alpha numeric chars and dashes
Michael Rash [Sat, 13 Oct 2012 03:51:28 +0000]
force usernames to be alpha numeric chars and dashes

21 months agominor todo.org update to set icmp type/code task to completed
Michael Rash [Fri, 12 Oct 2012 03:50:16 +0000]
minor todo.org update to set icmp type/code task to completed

21 months agoadded icmp type/code blurb
Michael Rash [Fri, 12 Oct 2012 03:40:04 +0000]
added icmp type/code blurb

21 months agoApplied perl FKO module libfko path patch from Franck Joncourt
Michael Rash [Fri, 12 Oct 2012 03:36:50 +0000]
Applied perl FKO module libfko path patch from Franck Joncourt

Applied patch from Franck Joncourt to have the perl FKO module link
against libfko in the local directory (if it exists) so that it doesn't
have to have libfko completely installed in /usr/lib/.  This allows the
test suite to run FKO tests without installing libfko.

Added the ability to the test suite to compile, install, and run some
basic tests against the perl FKO module.

21 months agoAdded Sean Greven for his FreeBSD port
Michael Rash [Tue, 9 Oct 2012 02:06:33 +0000]
Added Sean Greven for his FreeBSD port

21 months agominor addition of newline before each chain list in --fw-list mode
Michael Rash [Sun, 7 Oct 2012 19:11:53 +0000]
minor addition of newline before each chain list in --fw-list mode

21 months agoadded test/conf/tcp_server_fwknopd.conf file
Michael Rash [Fri, 5 Oct 2012 20:12:03 +0000]
added test/conf/tcp_server_fwknopd.conf file