2 years agoadded the VERSION file fwknop-2.0.0-rc3
Michael Rash [Fri, 19 Aug 2011 02:26:52 +0000]
added the VERSION file

2 years agoBumped version to fwknop-2.0.0-rc3
Michael Rash [Fri, 19 Aug 2011 02:25:12 +0000]
Bumped version to fwknop-2.0.0-rc3

Bumped version to fwknop-2.0.0-rc3

2 years agoAdded ChangeLog derived from git commit messages.
Michael Rash [Fri, 19 Aug 2011 01:13:58 +0000]
Added ChangeLog derived from git commit messages.

There will be branch and release specific ChangeLog files as well.

2 years agoRenamed ChangeLog -> ChangeLog.old for new ChangeLog handling
Michael Rash [Fri, 19 Aug 2011 01:10:09 +0000]
Renamed ChangeLog -> ChangeLog.old for new ChangeLog handling

The ChangeLog will be derived from commit messages.

2 years agoUpdate to add any missing iptables jump rules
Michael Rash [Fri, 19 Aug 2011 00:37:31 +0000]
Update to add any missing iptables jump rules

Upon the receipt of a valid SPA packet, a check is done to make sure that
a jump rule from the appropriate built-in iptables chains exists to the
fwknop chains.  Such rules could have been deleted by other manipulations
of the iptables policy, so it is important to ensure they exist.  Running
in foreground (-f) mode, here is an illustration of the jump rule being
added after it got deleted:

SPA Packet from IP: received.
Added jump rule from chain: INPUT to chain: FWKNOP_INPUT
Added Rule to FWKNOP_INPUT for, tcp/22 expires at 1313680648

2 years agoUpdate to force base64 check for all SPA data
Michael Rash [Thu, 18 Aug 2011 01:24:03 +0000]
Update to force base64 check for all SPA data

Previous to this change a check was done for base64 characters in incoming
SPA data only up to MIN_SPA_DATA_SIZE.  This check may be reinstantiated for
SPA packets that are delivered over HTTP (and the packet data is embedded
within a URL that may also contain non-base64 chars), but in the meantime the
fwknopd daemon should not accept SPA packets over arbitrary ports with any
non-base64 chars.

2 years agoUpdated replay warnings to include proto/port info optional_dbm_support
Michael Rash [Thu, 18 Aug 2011 01:07:35 +0000]
Updated replay warnings to include proto/port info

Replay warnings now include port and protocol information.  Here is an example:

SPA Packet from IP: received.
Replay detected from source IP:
        Destination proto/port: 17/62201
            Original source IP:
       Original dst proto/port: 17/62201
                 Entry created: 08/17/11 21:06:07
                  First replay: 08/17/11 21:06:32
                   Last replay: 08/17/11 21:06:45
                  Replay count: 7

2 years agoAdded stack protection, PIE, fortify source, etc.
Michael Rash [Thu, 18 Aug 2011 00:36:28 +0000]
Added stack protection, PIE, fortify source, etc.

Added various security options that can be enabled at compile time.  These
options include everything that the "hardening-check" script written by Kees
Cook checks for.  After this change, the hardening-check script produces the
following output against the fwknopd binary:

$ hardening-check server/.libs/fwknopd
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes
 Read-only relocations: yes
 Immediate binding: yes

One of the compile outputs (for example) that shows the new options is:

/bin/bash ../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I..     -g -O2 -fstack-protector-all -fPIE -pie -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now -MT fko_decode.lo -MD -MP -MF .deps/fko_decode.Tpo -c -o fko_decode.lo fko_decode.c

From the hardening-check man page, here is a description of each of these

       hardening-check - check binaries for security hardening features

       Examine a given set of ELF binaries and check for several security
       hardening features, failing if they are not all found.

       This utility checks a given list of ELF binaries for several security
       hardening features that can be compiled into an executable.  These
       features are:

       Position Independent Executable
               This indicates that the executable was built in such a way
               (PIE) that the "text" section of the program can be relocated
               in memory.  To take full advantage of this feature, the
               executing kernel must support text Address Space Layout
               Randomization (ASLR).

       Stack Protected
               This indicates that the executable was compiled with the
               gcc(1) option -fstack-protector.  The program will be
               resistant to have its stack overflowed.

       Fortify Source functions
               This indicates that the executable was compiled with
               -D_FORTIFY_SOURCE=2 and -O2 or higher.  This causes certain
               unsafe glibc functions with their safer counterparts (e.g.
               strncpy instead of strcpy).

       Read-only relocations
               This indicates that the executable was build with -Wl,-z,relro
               to have ELF markings (RELRO) that ask the runtime linker to
               mark any regions of the relocation table as "read-only" if
               they were resolved before execution begins.  This reduces the
               possible areas of memory in a program that can be used by an
               attacker that performs a successful memory corruption exploit.

       Immediate binding
               This indicates that the executable was built with -Wl,-z,now
               to have ELF markings (BIND_NOW) that ask the runtime linker to
               resolve all relocations before starting program execution.
               When combined with RELRO above, this further reduces the
               regions of memory available to memory corruption attacks.

2 years agoMinor variable cleanup to fix compiler warnings
Michael Rash [Mon, 15 Aug 2011 02:46:09 +0000]
Minor variable cleanup to fix compiler warnings

Minor cleanup to fix compiler warnings about unused variables.

2 years agoAdded fwknop-2.0.0rc2 openwrt support from Jonathan Bennett
Michael Rash [Mon, 15 Aug 2011 01:55:29 +0000]
Added fwknop-2.0.0rc2 openwrt support from Jonathan Bennett

Applied a patch sent from Jonathan Bennett to add fwknop-2.0.0rc2 support to
openwrt.  One thing to note about this patch is that the +libgdbm library
dependency has been removed because fwknop now implements its own digest
tracking file without needing gdbm/ndbm on the system.

2 years agoImplemented memory clean up for digest cache list
Michael Rash [Sun, 14 Aug 2011 23:42:50 +0000]
Implemented memory clean up for digest cache list

Upon fwknopd shutdown, a new function free_replay_list() is now called in order
to free heap allocated memory dedicated to SPA digest tracking.  Without this
fix, valgrind reports the following (some output snipped):

valgrind --leak-check=full ./server/.libs/fwknopd -f -i lo -P "udp port 62201"

==30864== 431 (48 direct, 383 indirect) bytes in 1 blocks are definitely lost in loss record 17 of 17
==30864==    at 0x4C27480: calloc (vg_replace_malloc.c:467)
==30864==    by 0x407CB7: replay_check_file_cache (replay_cache.c:461)
==30864==    by 0x407B69: replay_check (replay_cache.c:413)
==30864==    by 0x405813: incoming_spa (incoming_spa.c:363)
==30864==    by 0x406275: pcap_capture (pcap_capture.c:223)
==30864==    by 0x40317D: main (fwknopd.c:297)

2 years agoConsolidated replay warnings in a single function
Michael Rash [Sun, 14 Aug 2011 16:36:25 +0000]
Consolidated replay warnings in a single function

For both the simple digest file cache and the gdbm/ndbm tracking methods, all
replay warnings are generated by a single function "replay_warning()".

2 years agoAdded digest file import code
Michael Rash [Sun, 14 Aug 2011 02:35:52 +0000]
Added digest file import code

The digest file is now imported as a linked list of digest cache entries at
init time for SPA replay attack detection.

2 years agoAdded source port and protocol to digest tracking
Michael Rash [Sun, 14 Aug 2011 01:00:54 +0000]
Added source port and protocol to digest tracking

Added the source port and protocol fields to valid SPA packets in the digest
cache.  This can help to discover replay trends.  The format of the digest
file cache is now:

<digest> <proto> <src_ip> <src_port> <dst_ip> <dst_port> <time>

2 years agoAdded dst IP to tracked SPA data
Michael Rash [Sat, 13 Aug 2011 02:00:44 +0000]
Added dst IP to tracked SPA data

The digest cache now contains destination IP addresses of valid SPA packets.
The complete format is now:

<digest> <src_ip> <dst_ip> <creation time>

2 years agoStarted on code to parse the digest cache file
Michael Rash [Sat, 13 Aug 2011 01:43:07 +0000]
Started on code to parse the digest cache file

At init time fwknopd will read in the digest cache file into the in-memory
linked list of digests for SPA replay detection. This commit starts on this
code, but the file format does not yet include destination IP addresses
(to be added in an upcoming commit).

2 years agoImplemented linked list cache of SPA digests
Michael Rash [Sat, 13 Aug 2011 00:16:00 +0000]
Implemented linked list cache of SPA digests

When not using gdbm/ndbm support (the default now), fwknopd implements a linked
list of SPA packet digests for replay attack detection along with writing
digest data in ascii text down to disk (in the CONF_DIGEST_FILE file).

2 years agoMerge branch 'master' into optional_dbm_support
Michael Rash [Thu, 11 Aug 2011 02:41:18 +0000]
Merge branch 'master' into optional_dbm_support

2 years agoAdded --pcap-filter to the fwknopd command line
Michael Rash [Thu, 11 Aug 2011 02:38:01 +0000]
Added --pcap-filter to the fwknopd command line

To override the value of the PCAP_FILTER variable in the fwknopd.conf
config file, a new fwknopd command line argument "--pcap-filter" was
added.  This assists in various activities by making it trivial to
change how fwknopd acquires packet data without editing the fwknopd.conf
file.  Here is an example:

fwknopd -i lo -f --pcap-filter "udp port 12345"

2 years agoUpdated digest file path for gdbm/ndbm support
Michael Rash [Thu, 11 Aug 2011 02:07:25 +0000]
Updated digest file path for gdbm/ndbm support

If fwknopd is compiled with --disable-file-cache to the ./configure script
then it will assume that the default filename is "digest_db.cache" for the
digest cache.  If the file cache method is used (this is the default), then
"digest.cache" is the default filename.  A new variable DIGEST_DB_FILE in
the fwknopd.conf file controls the digest filename if gdbm/ndbm support is

2 years agoAdded autoconf support for non-dbm file cache.
Michael Rash [Thu, 11 Aug 2011 00:56:42 +0000]
Added autoconf support for non-dbm file cache.

This change starts on support for a simple file-based cache mechanism
for tracking SPA digests.  This removes the libgdbm/libndbm dependency
by default, but it can be re-enabled with the --disable-file-cache
argument to the ./configure script.

2 years agoMinor rename in support of non-dbm file cache
Michael Rash [Tue, 9 Aug 2011 02:49:28 +0000]
Minor rename in support of non-dbm file cache

Added the optional_dbm_support branch and made a minor renaming change
on this branch for the coming non-dbm file cache support.

2 years agoBug fix for uninitialized variable found with splint static analyzer
Michael Rash [Tue, 9 Aug 2011 02:24:22 +0000]
Bug fix for uninitialized variable found with splint static analyzer

In the save_args() function the args_str_len variable was being used before
being initialized as reported via the splint static code analysis tool.  Here
is the splint output that found this bug:

client/fwknop.c:650:13: Variable args_str_len used before definition
  An rvalue is used that may not be initialized to a value on some execution
  path. (Use -usedef to inhibit warning)

2 years agoSet FD_CLOEXEC on pid file descriptor.
Damien Stuart [Thu, 7 Jul 2011 12:12:49 +0000]
Set FD_CLOEXEC on pid file descriptor.
Added support for setting the URL for resolving source IP via command-line or the .fwknoprc file.

2 years agoRemoved legacy $Id$ tags from svn
Michael Rash [Sun, 19 Jun 2011 00:53:40 +0000]
Removed legacy $Id$ tags from svn

$Id$ tags don't really mean anything to git so they have been removed from all
source files.

3 years agoAdded a no-digest-cache configure option and capability (though it is not recommended).
Damien Stuart [Sun, 27 Mar 2011 02:38:41 +0000]
Added a no-digest-cache configure option and capability (though it is not recommended).

git-svn-id: file:///home/mbr/svn/fwknop/trunk@313 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoFix check and handling of ndbm as an option for the digest cache.
Damien Stuart [Sat, 26 Mar 2011 16:33:02 +0000]
Fix check and handling of ndbm as an option for the digest cache.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@312 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdded python/fko.py to Makefile.am so it is also included in distributions. Minor...
Damien Stuart [Sat, 12 Feb 2011 13:18:31 +0000]
Added python/fko.py to Makefile.am so it is also included in distributions.  Minor tweak to address compile error on Mac os X.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@311 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoMinor update to the android README
Damien Stuart [Sun, 2 Jan 2011 03:32:46 +0000]
Minor update to the android README

git-svn-id: file:///home/mbr/svn/fwknop/trunk@310 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdding Max Kastanas's fwknop client app code for Android
Damien Stuart [Sun, 2 Jan 2011 02:58:53 +0000]
Adding Max Kastanas's fwknop client app code for Android

git-svn-id: file:///home/mbr/svn/fwknop/trunk@309 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoRemoved unnecessary include.
Damien Stuart [Sat, 1 Jan 2011 21:00:24 +0000]
Removed unnecessary include.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@308 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdditional docs and classes added to the fko python module. Minor tweak and bumped...
Damien Stuart [Sun, 5 Dec 2010 15:44:01 +0000]
Additional docs and classes added to the fko python module.  Minor tweak and bumped version in the fwknop.spec file.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@307 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoFixed bug where libfko would segfault if fko_get_spa_data() was called before fko_spa...
Damien Stuart [Sun, 5 Dec 2010 14:57:01 +0000]
Fixed bug where libfko would segfault if fko_get_spa_data() was called before fko_spa_data_final() was called (and successful).  Added include of time.h in fko.h.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@306 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoDo not need parens around expression in if statements in python (still learning).
Damien Stuart [Sat, 4 Dec 2010 21:57:34 +0000]
Do not need parens around expression in if statements in python (still learning).

git-svn-id: file:///home/mbr/svn/fwknop/trunk@305 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdded pydoc text to the fko python module. Minot tweak to setup.py.
Damien Stuart [Sat, 4 Dec 2010 04:12:17 +0000]
Added pydoc text to the fko python module. Minot tweak to setup.py.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@304 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdded the Fko class code to wrap the _fko wrapper around libfko.
Damien Stuart [Sat, 27 Nov 2010 03:18:58 +0000]
Added the Fko class code to wrap the _fko wrapper around libfko.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@303 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoMinor comment and documentation tweaks. Add the python directory which contains...
Damien Stuart [Fri, 26 Nov 2010 15:51:00 +0000]
Minor comment and documentation tweaks.  Add the python directory which contains my first cut at a libfko Python wrapper module.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@302 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdded code to zero out rcfile path before setting it. Also added a bounds check...
Damien Stuart [Sun, 14 Nov 2010 00:16:32 +0000]
Added code to zero out rcfile path before setting it.  Also added a bounds check to that as well.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@301 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoUpdated the GPL blurb at the top of the source files. Added some missing copyright...
Damien Stuart [Sat, 13 Nov 2010 03:04:36 +0000]
Updated the GPL blurb at the top of the source files.  Added some missing copyright statements (Thanks to Franck Joncourt).

git-svn-id: file:///home/mbr/svn/fwknop/trunk@300 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoUpdated perl module for additional error messages.
Damien Stuart [Wed, 10 Nov 2010 15:30:09 +0000]
Updated perl module for additional error messages.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@299 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoBumped version to rc3 (even though we may go straight to release) and lib rev to 3.
Damien Stuart [Sun, 31 Oct 2010 01:45:28 +0000]
Bumped version to rc3 (even though we may go straight to release) and lib rev to 3.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@298 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoUpdate added HAVE_ERRNO_H 1 to win32/config.h.
Damien Stuart [Sun, 31 Oct 2010 01:36:25 +0000]
Update added HAVE_ERRNO_H 1 to win32/config.h.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@297 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoNeeded to bump libfko revision to 2 do identify as part of newer dist.
Damien Stuart [Sat, 30 Oct 2010 16:19:54 +0000]
Needed to bump libfko revision to 2 do identify as part of newer dist.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@295 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoPut the usleep back pcap_capture (oops).
Damien Stuart [Sat, 23 Oct 2010 17:34:47 +0000]
Put the usleep back pcap_capture (oops).

git-svn-id: file:///home/mbr/svn/fwknop/trunk@293 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoTweaks to the fwknop.spec file
Damien Stuart [Thu, 21 Oct 2010 02:39:57 +0000]
Tweaks to the fwknop.spec file

git-svn-id: file:///home/mbr/svn/fwknop/trunk@291 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoSet pcap non-block mode back on unless it is a freebsd system. Server verbose output...
Damien Stuart [Thu, 21 Oct 2010 01:53:04 +0000]
Set pcap non-block mode back on unless it is a freebsd system. Server verbose output no longer shows access key or GPG password.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@290 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoFixed handling of man page generation in Makefile.am so it works from alternate build...
Damien Stuart [Sun, 17 Oct 2010 02:52:21 +0000]
Fixed handling of man page generation in Makefile.am so it works from alternate build directories.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@289 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoMinor fwknopd man page tweak.
Damien Stuart [Sun, 29 Aug 2010 02:06:13 +0000]
Minor fwknopd man page tweak.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@288 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoMade autoconf print an error message indicating ipf is not supported if it is specifi...
Damien Stuart [Sun, 29 Aug 2010 01:50:58 +0000]
Made autoconf print an error message indicating ipf is not supported if it is specified.  Changelog updates.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@287 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoMade fw_cleanup not remove rules from the expired rule set. Added code to read in...
Damien Stuart [Sun, 29 Aug 2010 01:32:04 +0000]
Made fw_cleanup not remove rules from the expired rule set.  Added code to read in any existing expired rules into the rule_map at startup.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@286 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoWrapped #ifdef around a linux-specific chunk.
Damien Stuart [Fri, 27 Aug 2010 22:09:36 +0000]
Wrapped #ifdef around a linux-specific chunk.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@285 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoMissed a config file update on the last check-in.
Damien Stuart [Thu, 26 Aug 2010 22:56:47 +0000]
Missed a config file update on the last check-in.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@284 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdded rule expire and purge for ipfw. Almost there...
Damien Stuart [Tue, 24 Aug 2010 03:09:35 +0000]
Added rule expire and purge for ipfw.  Almost there...

git-svn-id: file:///home/mbr/svn/fwknop/trunk@283 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoStart of addition of access requests via ipfw.
Damien Stuart [Mon, 23 Aug 2010 02:43:43 +0000]
Start of addition of access requests via ipfw.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@282 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agominor off-by-one fix for home directory path separator
Michael Rash [Sat, 14 Aug 2010 01:26:42 +0000]
minor off-by-one fix for home directory path separator

git-svn-id: file:///home/mbr/svn/fwknop/trunk@281 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agominor bug fix to account for PATH_SEP being defined as a character instead of a string
Michael Rash [Thu, 12 Aug 2010 02:19:03 +0000]
minor bug fix to account for PATH_SEP being defined as a character instead of a string

git-svn-id: file:///home/mbr/svn/fwknop/trunk@280 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoRefactored firewall rule code to separate files by firewall type. Stubbed in ipfw...
Damien Stuart [Tue, 10 Aug 2010 02:29:09 +0000]
Refactored firewall rule code to separate files by firewall type.  Stubbed in ipfw and ipf firewall types.  Updated autoconf to set a firewall type and path depending on configure arguments.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@279 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoUncommented call to check_firewall_rules (left in while debugging freebsd build).
Damien Stuart [Sun, 8 Aug 2010 19:01:36 +0000]
Uncommented call to check_firewall_rules (left in while debugging freebsd build).

git-svn-id: file:///home/mbr/svn/fwknop/trunk@278 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoOops left out new header for last update.
Damien Stuart [Sun, 8 Aug 2010 18:56:53 +0000]
Oops left out new header for last update.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@277 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoUpdates to accomodate building and compiling on FreeBSD systems.
Damien Stuart [Sun, 8 Aug 2010 18:53:35 +0000]
Updates to accomodate building and compiling on FreeBSD systems.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@276 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoTweaks to autoconf files.
Damien Stuart [Sun, 1 Aug 2010 02:13:03 +0000]
Tweaks to autoconf files.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@275 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdded some OpenWRT-related files to the extras directory.
Damien Stuart [Sat, 31 Jul 2010 19:11:22 +0000]
Added some OpenWRT-related files to the extras directory.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@274 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoFixed issue with spaces in in access.conf comma-separated values. Fixed issue with...
Damien Stuart [Sat, 31 Jul 2010 18:04:08 +0000]
Fixed issue with spaces in in access.conf comma-separated values.  Fixed issue with GPG signature check being forced when GPG_REMOTE_ID is set and GPG_REQUIRE_SIG was "N". Updated dependency in the spec file. Updates to ChangeLog.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@273 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoBug fix for USE_NDBM variable so that client-only builds work. The specific
Michael Rash [Thu, 29 Jul 2010 11:01:53 +0000]
Bug fix for USE_NDBM variable so that client-only builds work.  The specific
error before the patch along with the command line invocation of the
"configure" script appear below:

$ ./configure --prefix=/usr --disable-server
configure: error: conditional "USE_NDBM" was never defined.
Usually this means the macro was only invoked conditionally.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@272 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdded extras directory. Bumped version in autoconf to 1.0.0rc2.
Damien Stuart [Sun, 25 Jul 2010 15:40:51 +0000]
Added extras directory.  Bumped version in autoconf to 1.0.0rc2.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@271 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoCleaned out some old commented-out sections configure.ac and fixed an issue where...
Damien Stuart [Mon, 19 Jul 2010 02:39:26 +0000]
Cleaned out some old commented-out sections configure.ac and fixed an issue where exteranl file checks would fail when running configure in cross-compiler environment.  No code changes made.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@269 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoRemoved a debug print statement.
Damien Stuart [Sun, 18 Jul 2010 01:56:19 +0000]
Removed a debug print statement.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@268 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdded check to make sure a firewall program is set.
Damien Stuart [Fri, 16 Jul 2010 20:47:50 +0000]
Added check to make sure a firewall program is set.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@267 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoPer Franck Joncourt - Corrected misspelled word in fwknopd man page and access.conf.
Damien Stuart [Fri, 16 Jul 2010 20:14:35 +0000]
Per Franck Joncourt - Corrected misspelled word in fwknopd man page and access.conf.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@266 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoUpdates and clean-up to address the many compiler warnings when compiled with -Wall...
Damien Stuart [Fri, 16 Jul 2010 14:28:32 +0000]
Updates and clean-up to address the many compiler warnings when compiled with -Wall. Also some autoconf updates

git-svn-id: file:///home/mbr/svn/fwknop/trunk@265 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoUpdated the version number in the win32 config.h copy
Damien Stuart [Fri, 16 Jul 2010 01:09:11 +0000]
Updated the version number in the win32 config.h copy

git-svn-id: file:///home/mbr/svn/fwknop/trunk@264 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoFixed some misplaced dependencies in the fwknop.spec file.
Damien Stuart [Fri, 16 Jul 2010 00:39:17 +0000]
Fixed some misplaced dependencies in the fwknop.spec file.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@263 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAlmost all he conf variables have a default value if they are not there (or set)...
Damien Stuart [Thu, 15 Jul 2010 01:38:16 +0000]
Almost all he conf variables have a default value if they are not there (or set). All the entries in the initial fwknop.conf file are not commented out adn can be override as needed.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@262 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoremoved additional wait() call from run_extcmd(), updated --fw-list to just use syste...
Michael Rash [Wed, 14 Jul 2010 02:58:51 +0000]
removed additional wait() call from run_extcmd(), updated --fw-list to just use system() to execute the iptables listing commands

git-svn-id: file:///home/mbr/svn/fwknop/trunk@261 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoadded --fw-list arg to the fwknopd daemon to list all current firewall rules for...
Michael Rash [Tue, 13 Jul 2010 04:09:07 +0000]
added --fw-list arg to the fwknopd daemon to list all current firewall rules for any running fwknopd process

git-svn-id: file:///home/mbr/svn/fwknop/trunk@260 510a4753-2344-4c79-9c09-4d669213fbeb

3 years ago- added is_valid_dir() utility function for checking directory stat()/existence ...
Michael Rash [Mon, 12 Jul 2010 01:48:49 +0000]
- added is_valid_dir() utility function for checking directory stat()/existence (this
is used for gpg keyring path validation).

git-svn-id: file:///home/mbr/svn/fwknop/trunk@259 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdded the fwknopd_errors.[ch] files which provides the get_errstr() and fwknopd_errst...
Damien Stuart [Sun, 11 Jul 2010 20:16:32 +0000]
Added the fwknopd_errors.[ch] files which provides the get_errstr() and fwknopd_errstr() functions.  The get_errstr() function takes and error_code, tries to determine the type, then calls the appropriate xxx_errstr function to return a description string.  Fixed some minor errors in the libfko API docs.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@258 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoMoved force set of verify flag on remote_id value to before decryption phase.
Damien Stuart [Sun, 11 Jul 2010 14:04:23 +0000]
Moved force set of verify flag on remote_id value to before decryption phase.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@257 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoReverted last libfko change. Added set verify_sig flag when remote_ids are specified.
Damien Stuart [Sun, 11 Jul 2010 13:55:44 +0000]
Reverted last libfko change. Added set verify_sig flag when remote_ids are specified.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@256 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoRemoved checks for sig verification flag on gpg_sig info related functions.
Damien Stuart [Sun, 11 Jul 2010 13:36:18 +0000]
Removed checks for sig verification flag on gpg_sig info related functions.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@255 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agominor update to check the gpg keyring path setting in access stanzas only if a decryp...
Michael Rash [Sun, 11 Jul 2010 12:37:31 +0000]
minor update to check the gpg keyring path setting in access stanzas only if a decrypt password is specified

git-svn-id: file:///home/mbr/svn/fwknop/trunk@254 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agominor macro update to define the default gpg keyring
Michael Rash [Sun, 11 Jul 2010 02:49:12 +0000]
minor macro update to define the default gpg keyring

git-svn-id: file:///home/mbr/svn/fwknop/trunk@253 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoUpdated to define a default gpg keyring path of /root/.gnupg, and if the GPG_HOME_DIR...
Michael Rash [Sun, 11 Jul 2010 02:45:38 +0000]
Updated to define a default gpg keyring path of /root/.gnupg, and if the GPG_HOME_DIR variable
is not defined in the fwknopd.conf file or the access.conf file, then this default will take

git-svn-id: file:///home/mbr/svn/fwknop/trunk@252 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoReworked how man pages are generated. Now, man pages in the client and server directo...
Damien Stuart [Sun, 11 Jul 2010 01:27:12 +0000]
Reworked how man pages are generated. Now, man pages in the client and server directory are "fwknop(d).8.in" and a target was added to Makefile.am to create the man pages while doing variable substitutions based on directives specified via the configure script.  Minor tweak to fwknop.spec file.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@251 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoSlightly revamped how signals were setup.
Damien Stuart [Sat, 10 Jul 2010 16:41:52 +0000]
Slightly revamped how signals were setup.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@250 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoModified top-level Makefile.am so the legacy perl stuff is not packaged into the...
Damien Stuart [Sat, 10 Jul 2010 00:48:41 +0000]
Modified top-level Makefile.am so the legacy perl stuff is not packaged into the distribution tar file.  More cleanup of the fwknopd man page.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@249 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdded AC_SYS_LARGE_FILE to configure.ac
Damien Stuart [Fri, 9 Jul 2010 18:18:41 +0000]
Added AC_SYS_LARGE_FILE to configure.ac

git-svn-id: file:///home/mbr/svn/fwknop/trunk@248 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoManpage updates
Damien Stuart [Fri, 9 Jul 2010 02:09:22 +0000]
Manpage updates

git-svn-id: file:///home/mbr/svn/fwknop/trunk@247 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoRenamed the legacy perl verison of fwknop.spec to fwkop-legacy.spec to resolve rpmbui...
Damien Stuart [Thu, 8 Jul 2010 02:07:35 +0000]
Renamed the legacy perl verison of fwknop.spec to fwkop-legacy.spec to resolve rpmbuild confusion when using the -tx options.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@246 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoFixed another oops in the spec file.
Damien Stuart [Thu, 8 Jul 2010 02:02:12 +0000]
Fixed another oops in the spec file.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@245 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoFixed autoconf config so libfko and fwknop client are not linked with libpcap and...
Damien Stuart [Thu, 8 Jul 2010 01:59:51 +0000]
Fixed autoconf config so libfko and fwknop client are not linked with libpcap and libgdbm. Fixed some issues in the fwknop.spec file.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@244 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoUse USERPROFILE instead of HOME for homedir determination on win32 builds.
Damien Stuart [Wed, 7 Jul 2010 17:46:46 +0000]
Use USERPROFILE instead of HOME for homedir determination on win32 builds.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@243 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoRemoved unreferenced variables.
Damien Stuart [Wed, 7 Jul 2010 17:36:20 +0000]
Removed unreferenced variables.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@242 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoFixed issues found by the Windows compiler (that I would think would have been flagge...
Damien Stuart [Wed, 7 Jul 2010 17:32:21 +0000]
Fixed issues found by the Windows compiler (that I would think would have been flagged by gcc).

git-svn-id: file:///home/mbr/svn/fwknop/trunk@241 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoFixed bug where ALLOW_IP of resolve was not overridden by an ALLOW_IP parameter in...
Damien Stuart [Wed, 7 Jul 2010 15:47:22 +0000]
Fixed bug where ALLOW_IP of resolve was not overridden by an ALLOW_IP parameter in a named stanza.  Removed erroneous invalid parameter from the initially generated .fwknoprc file.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@240 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoMinor cleanup on the spec file.
Damien Stuart [Wed, 7 Jul 2010 02:39:55 +0000]
Minor cleanup on the spec file.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@239 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdded fwknop.spec for rpm builds. Removed the server post install hook as it breaks...
Damien Stuart [Wed, 7 Jul 2010 02:32:01 +0000]
Added fwknop.spec for rpm builds. Removed the server post install hook as it breaks make distcheck and rpm builds.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@238 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoFixed bug where named-stanza was not being found when it indeed existed.
Damien Stuart [Tue, 6 Jul 2010 19:02:39 +0000]
Fixed bug where named-stanza was not being found when it indeed existed.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@237 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoFixed bad param name in generated .fwknoprc file.
Damien Stuart [Tue, 6 Jul 2010 02:12:06 +0000]
Fixed bad param name in generated .fwknoprc file.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@236 510a4753-2344-4c79-9c09-4d669213fbeb

3 years agoAdded installation hook to set the perms on the .conf files to 600 during make instal...
Damien Stuart [Tue, 6 Jul 2010 00:59:33 +0000]
Added installation hook to set the perms on the .conf files to 600 during make install.  Minot doc tweak.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@235 510a4753-2344-4c79-9c09-4d669213fbeb