fwknop.git
6 weeks ago[server] check number of cmd args even when execvpe() is not available
Michael Rash [Thu, 6 Nov 2014 04:19:51 +0000]
[server] check number of cmd args even when execvpe() is not available

6 weeks ago[server] allow loop restart after select() sets EINTR (since we handle signals) ...
Michael Rash [Wed, 5 Nov 2014 03:44:59 +0000]
[server] allow loop restart after select() sets EINTR (since we handle signals) - fixes cmd execution through UDP on FreeBSD

6 weeks ago[server] minor code restructure, use FD_ISSET() test on file descriptors
Michael Rash [Wed, 5 Nov 2014 03:43:04 +0000]
[server] minor code restructure, use FD_ISSET() test on file descriptors

6 weeks ago[test suite] check for TCP/UDP server string in do_fwknopd_cmd()
Michael Rash [Tue, 4 Nov 2014 00:57:50 +0000]
[test suite] check for TCP/UDP server string in do_fwknopd_cmd()

7 weeks ago[test suite] bug fix to specify LD_LIBRARY_PATH for configure --enable-udp-server...
Michael Rash [Sun, 2 Nov 2014 20:30:56 +0000]
[test suite] bug fix to specify LD_LIBRARY_PATH for configure --enable-udp-server recompile test

7 weeks ago[test suite] add spa_fuzzing.py and a few minor helper files for FreeBSD/OpenBSD
Michael Rash [Sun, 2 Nov 2014 00:44:35 +0000]
[test suite] add spa_fuzzing.py and a few minor helper files for FreeBSD/OpenBSD

7 weeks agoChangeLog updates, bump version to 2.6.4
Michael Rash [Sat, 1 Nov 2014 16:04:11 +0000]
ChangeLog updates, bump version to 2.6.4

7 weeks ago[server] bug fix to close write filehandle in _run_extcmd_write()
Michael Rash [Sat, 1 Nov 2014 16:03:49 +0000]
[server] bug fix to close write filehandle in _run_extcmd_write()

7 weeks ago[test suite] added invalid_firewd_input_chain_* files
Michael Rash [Wed, 29 Oct 2014 01:56:19 +0000]
[test suite] added invalid_firewd_input_chain_* files

7 weeks agoadd fcs_spa.pcap to Makefile.am
Michael Rash [Wed, 29 Oct 2014 01:29:34 +0000]
add fcs_spa.pcap to Makefile.am

7 weeks ago[server] first pass at eliminating popen() write calls with run_extcmd_write() (used...
Michael Rash [Wed, 29 Oct 2014 01:28:21 +0000]
[server] first pass at eliminating popen() write calls with run_extcmd_write() (used for PF firewalls)

8 weeks ago[test suite] command exec too many args tests
Michael Rash [Sun, 26 Oct 2014 20:58:13 +0000]
[test suite] command exec too many args tests

8 weeks ago[test suite] more code coverage tests
Michael Rash [Sun, 26 Oct 2014 02:29:49 +0000]
[test suite] more code coverage tests

8 weeks ago[test suite] additional code coverage
Michael Rash [Sat, 25 Oct 2014 12:42:30 +0000]
[test suite] additional code coverage

8 weeks ago[libfko] validate MAX_PORT integer value for SPA messages
Michael Rash [Sat, 25 Oct 2014 12:42:14 +0000]
[libfko] validate MAX_PORT integer value for SPA messages

8 weeks ago[test suite] additional code coverage for a few areas
Michael Rash [Sat, 25 Oct 2014 00:39:40 +0000]
[test suite] additional code coverage for a few areas

8 weeks ago[server] ensure to break out of while loop and close() UDP socket before returning
Michael Rash [Fri, 24 Oct 2014 03:05:21 +0000]
[server] ensure to break out of while loop and close() UDP socket before returning

8 weeks ago[test suite] default to recompiling fwknop in code coverage profiling mode
Michael Rash [Fri, 24 Oct 2014 00:03:34 +0000]
[test suite] default to recompiling fwknop in code coverage profiling mode

8 weeks ago[test suite] add branch coverage stats in code coverage mode
Michael Rash [Thu, 23 Oct 2014 23:55:30 +0000]
[test suite] add branch coverage stats in code coverage mode

8 weeks ago[python module] default to HMAC SHA256 when an HMAC key is used but no HMAC mode...
Michael Rash [Thu, 23 Oct 2014 12:45:21 +0000]
[python module] default to HMAC SHA256 when an HMAC key is used but no HMAC mode was specified

8 weeks ago[test suite] firewall prefix typo bug fix
Michael Rash [Thu, 23 Oct 2014 12:40:21 +0000]
[test suite] firewall prefix typo bug fix

8 weeks ago[test suite] add ipt_local_nat_fwknopd.conf
Michael Rash [Thu, 23 Oct 2014 12:39:42 +0000]
[test suite] add ipt_local_nat_fwknopd.conf

2 months agomake sure test suite conf files are included in Makefile.am
Michael Rash [Wed, 22 Oct 2014 02:49:03 +0000]
make sure test suite conf files are included in Makefile.am

2 months agogive firewalld its own namespace (can track firewalld changes independently of iptables)
Michael Rash [Wed, 22 Oct 2014 02:43:21 +0000]
give firewalld its own namespace (can track firewalld changes independently of iptables)

2 months ago[test suite] UDP server command execution tests, run configure arg recompile tests...
Michael Rash [Tue, 21 Oct 2014 02:23:46 +0000]
[test suite] UDP server command execution tests, run configure arg recompile tests after gcov profiling stuff

2 months ago[test suite] added configure args test with UDP server test for fwknopd not linking...
Michael Rash [Mon, 20 Oct 2014 02:58:35 +0000]
[test suite] added configure args test with UDP server test for fwknopd not linking against libpcap

2 months agoMerge branch 'udp_listener' into execvpe
Michael Rash [Tue, 14 Oct 2014 00:25:14 +0000]
Merge branch 'udp_listener' into execvpe

2 months ago[test suite] detect firewalld vs. iptables for server rewrite conf tests
Michael Rash [Mon, 13 Oct 2014 23:54:30 +0000]
[test suite] detect firewalld vs. iptables for server rewrite conf tests

2 months ago[server] update firewalld code to use run_extcmd() instead of popen() and system...
Michael Rash [Mon, 13 Oct 2014 01:57:04 +0000]
[server] update firewalld code to use run_extcmd() instead of popen() and system() - allows execvpe() to be used

2 months ago[test suite] add --exit-parse-config to fwknopd basic tests where possible
Michael Rash [Mon, 13 Oct 2014 01:29:44 +0000]
[test suite] add --exit-parse-config to fwknopd basic tests where possible

2 months agoadd --disable-execvpe arg to configure script (looks for execvpe() support by default)
Michael Rash [Sun, 12 Oct 2014 17:16:30 +0000]
add --disable-execvpe arg to configure script (looks for execvpe() support by default)

2 months ago[server] make pid_status a static var at the top of each fw_util_*.c file
Michael Rash [Fri, 10 Oct 2014 12:20:01 +0000]
[server] make pid_status a static var at the top of each fw_util_*.c file

2 months ago[test suite] fix up Rijndael cmd exec test
Michael Rash [Fri, 10 Oct 2014 12:16:31 +0000]
[test suite] fix up Rijndael cmd exec test

2 months agoadded setuid/setgid cmd exec test files
Michael Rash [Fri, 10 Oct 2014 12:15:44 +0000]
added setuid/setgid cmd exec test files

2 months ago[test suite] added use terminal test, fix up Rijndael CMD tests
Michael Rash [Thu, 9 Oct 2014 03:10:09 +0000]
[test suite] added use terminal test, fix up Rijndael CMD tests

2 months ago[server] update ipfw and pf firewall interace code to latest run_extcmd() API
Michael Rash [Wed, 8 Oct 2014 03:23:05 +0000]
[server] update ipfw and pf firewall interace code to latest run_extcmd() API

2 months ago[server] restore shell stderr redirect when execvpe() is not available
Michael Rash [Wed, 8 Oct 2014 01:42:36 +0000]
[server] restore shell stderr redirect when execvpe() is not available

2 months ago[server] minor macro usage update
Michael Rash [Wed, 8 Oct 2014 01:37:29 +0000]
[server] minor macro usage update

2 months ago[server] extend run_extcmd() to allow the caller to specify whether to collect stderr
Michael Rash [Wed, 8 Oct 2014 01:01:17 +0000]
[server] extend run_extcmd() to allow the caller to specify whether to collect stderr

2 months agoadded setgid() call for command execution along with CMD_EXEC_GROUP access.conf var
Michael Rash [Tue, 7 Oct 2014 02:10:40 +0000]
added setgid() call for command execution along with CMD_EXEC_GROUP access.conf var

2 months ago[test suite] added command execution setuid() 'nobody' test
Michael Rash [Tue, 7 Oct 2014 02:04:20 +0000]
[test suite] added command execution setuid() 'nobody' test

2 months ago[test suite] added generate_core.sh script and --enable-cores-pattern arg for the...
Michael Rash [Tue, 7 Oct 2014 01:10:02 +0000]
[test suite] added generate_core.sh script and --enable-cores-pattern arg for the test suite

2 months agoadded configure detection of execvpe() - doesn't exist on Mac OS X yet
Michael Rash [Tue, 7 Oct 2014 00:04:00 +0000]
added configure detection of execvpe() - doesn't exist on Mac OS X yet

2 months ago[server] have run_extcmd() collect process exit status for calling function (in addit...
Michael Rash [Mon, 6 Oct 2014 00:21:05 +0000]
[server] have run_extcmd() collect process exit status for calling function (in addition to return value)

2 months ago[server] added WIFEXITED(status) check for external commands run via execvpe()
Michael Rash [Sun, 5 Oct 2014 01:14:49 +0000]
[server] added WIFEXITED(status) check for external commands run via execvpe()

2 months ago[server] removed remaining popen() call for iptables firewalls
Michael Rash [Sat, 4 Oct 2014 23:56:26 +0000]
[server] removed remaining popen() call for iptables firewalls

2 months agoMerge branch 'master' of https://github.com/mrash/fwknop into execvpe
Michael Rash [Sat, 4 Oct 2014 23:36:04 +0000]
Merge branch 'master' of https://github.com/mrash/fwknop into execvpe

2 months ago[server] hex_dump() '%' bug fix, minor verbose criteria update
Michael Rash [Sat, 4 Oct 2014 20:40:44 +0000]
[server] hex_dump() '%' bug fix, minor verbose criteria update

2 months agoMerge branch 'master' of https://github.com/mrash/fwknop
Michael Rash [Sat, 4 Oct 2014 14:38:08 +0000]
Merge branch 'master' of https://github.com/mrash/fwknop

2 months ago[client] minor tab->spaces fix
Michael Rash [Sat, 4 Oct 2014 14:32:52 +0000]
[client] minor tab->spaces fix

2 months ago[server] add search_extcmd() to replace all popen() calls with the execvpe() no env...
Michael Rash [Sat, 4 Oct 2014 14:31:15 +0000]
[server] add search_extcmd() to replace all popen() calls with the execvpe() no env strategy

2 months ago[server] first cut at converting iptables commands to use execvpe()
Michael Rash [Sat, 4 Oct 2014 01:58:51 +0000]
[server] first cut at converting iptables commands to use execvpe()

2 months ago[client] add strtoargv() to easily get an argv array for passing to execvpe()
Michael Rash [Wed, 1 Oct 2014 02:33:44 +0000]
[client] add strtoargv() to easily get an argv array for passing to execvpe()

2 months ago[test suite] minor addition of spaces for --last tests
Michael Rash [Wed, 1 Oct 2014 02:19:17 +0000]
[test suite] minor addition of spaces for --last tests

2 months agominor hex_dump() update to use a consistent macro definition for ascii str length
Michael Rash [Wed, 1 Oct 2014 02:09:10 +0000]
minor hex_dump() update to use a consistent macro definition for ascii str length

2 months agouse execvpe() with NULL env for wget calls
Michael Rash [Wed, 1 Oct 2014 01:59:01 +0000]
use execvpe() with NULL env for wget calls

2 months agominor client --help update
Michael Rash [Wed, 1 Oct 2014 01:34:58 +0000]
minor client --help update

2 months agoMerge pull request #135 from tombriden/multi_ports
Michael Rash [Fri, 3 Oct 2014 04:08:45 +0000]
Merge pull request #135 from tombriden/multi_ports

android: allow definition of multiple tcp/udp ports

2 months agoMerge pull request #137 from schuellerf/master
Michael Rash [Fri, 3 Oct 2014 04:03:06 +0000]
Merge pull request #137 from schuellerf/master

Support for "--no-save-args" in .fwknoprc

2 months agoAdd "NO_SAVE_ARGS" to initial config file
Florian Schüller [Wed, 1 Oct 2014 12:12:57 +0000]
Add "NO_SAVE_ARGS" to initial config file

2 months agoSupport for "--no-save-args" in .fwknoprc
Florian Schüller [Wed, 1 Oct 2014 12:12:10 +0000]
Support for "--no-save-args" in .fwknoprc

2 months agoupdated --last-cmd tests to write the previous args first
Michael Rash [Wed, 1 Oct 2014 01:12:43 +0000]
updated --last-cmd tests to write the previous args first

2 months agominor unused var removal
Michael Rash [Mon, 29 Sep 2014 02:44:12 +0000]
minor unused var removal

2 months agoautoconf update to ensure libpcap is not linked against in --enable-udp-server mode
Michael Rash [Mon, 29 Sep 2014 02:40:50 +0000]
autoconf update to ensure libpcap is not linked against in --enable-udp-server mode

2 months agofwknopd man page updates, added UDPSERV_SELECT_TIMEOUT config option udp_listener
Michael Rash [Mon, 29 Sep 2014 02:32:20 +0000]
fwknopd man page updates, added UDPSERV_SELECT_TIMEOUT config option

2 months agoconsolidate signal handling a bit, UDP server msg size updates
Michael Rash [Mon, 29 Sep 2014 02:06:34 +0000]
consolidate signal handling a bit, UDP server msg size updates

2 months agoTCP/UDP server port validation tests
Michael Rash [Mon, 29 Sep 2014 02:06:06 +0000]
TCP/UDP server port validation tests

2 months agominor client cmd line bug fix for UDP server HMAC test
Michael Rash [Mon, 29 Sep 2014 01:21:25 +0000]
minor client cmd line bug fix for UDP server HMAC test

2 months agoimplement --packet-limit for UDP server mode
Michael Rash [Mon, 29 Sep 2014 01:19:19 +0000]
implement --packet-limit for UDP server mode

2 months agoreplay attack detection test for UDP server mode
Michael Rash [Mon, 29 Sep 2014 00:48:57 +0000]
replay attack detection test for UDP server mode

2 months agoadd signal handling code to UDP server mode
Michael Rash [Mon, 29 Sep 2014 00:30:09 +0000]
add signal handling code to UDP server mode

2 months agoAdded UDP server HMAC cycle tests
Michael Rash [Sun, 28 Sep 2014 20:51:38 +0000]
Added UDP server HMAC cycle tests

2 months agoenforce MAX_SPA_PACKET_LEN restriction for incoming datagrams for UDP listener mode
Michael Rash [Sun, 28 Sep 2014 20:49:12 +0000]
enforce MAX_SPA_PACKET_LEN restriction for incoming datagrams for UDP listener mode

2 months agostarted on UDP server tests for Rijndael mode
Michael Rash [Sun, 28 Sep 2014 18:54:40 +0000]
started on UDP server tests for Rijndael mode

2 months agoremoved
Michael Rash [Sun, 28 Sep 2014 15:49:24 +0000]
removed

2 months agofirst cut at UDP server mode
Michael Rash [Sun, 28 Sep 2014 15:49:04 +0000]
first cut at UDP server mode

2 months agocalculate sizeof caddr for each client connection
Michael Rash [Sun, 28 Sep 2014 13:29:30 +0000]
calculate sizeof caddr for each client connection

2 months agoUse the fwknop User-Agent for wget SSL external IP resolutions
Michael Rash [Sun, 28 Sep 2014 03:23:12 +0000]
Use the fwknop User-Agent for wget SSL external IP resolutions

Bug fix to ensure that a User-Agent string can be specified when the
fwknop client uses wget via SSL to resolve the external IP address. This
closes issue #134 on github reported by Barry Allard. The fwknop now
uses the wget '-U' option to specify the User-Agent string with a
default of "Fwknop/<version>". In addition, a new command line argument
"--use-wget-user-agent" to allow the default wget User-Agent string to
apply instead.

2 months agoandroid: allow definition of multiple tcp/udp ports
Tom Briden [Sat, 27 Sep 2014 10:14:10 +0000]
android: allow definition of multiple tcp/udp ports

3 months agofirewalld support from Gerry Reno
Michael Rash [Thu, 4 Sep 2014 03:28:51 +0000]
firewalld support from Gerry Reno

3 months ago[server] firewalld reports 'success' as a string upon command success in contrast...
Michael Rash [Thu, 4 Sep 2014 03:15:34 +0000]
[server] firewalld reports 'success' as a string upon command success in contrast to iptables

3 months agoadded feature: firewalld
Gerry Reno [Mon, 1 Sep 2014 01:13:42 +0000]
added feature: firewalld

3 months agomore changes for firewalld
Gerry Reno [Sun, 31 Aug 2014 20:13:46 +0000]
more changes for firewalld

3 months agomore changes for firewalld
Gerry Reno [Sun, 31 Aug 2014 17:51:08 +0000]
more changes for firewalld

3 months agomore changes for firewalld
Gerry Reno [Sun, 31 Aug 2014 06:23:39 +0000]
more changes for firewalld

3 months agomore changes for firewalld
Gerry Reno [Sun, 31 Aug 2014 04:29:17 +0000]
more changes for firewalld

3 months agofirst cut at firewalld
Gerry Reno [Sun, 31 Aug 2014 04:06:37 +0000]
first cut at firewalld

3 months agoadded .gitignore
Gerry Reno [Sat, 30 Aug 2014 23:09:02 +0000]
added .gitignore

3 months agoAdded WIN32 definitions for popen (_popen) and pclose (_pclose) to accommodate the...
Damien Stuart [Sat, 30 Aug 2014 20:18:46 +0000]
Added WIN32 definitions for popen (_popen) and pclose (_pclose) to accommodate the call to wget on Windows-based systems.

3 months agoMerge branch 'master' of ssh://github.com/mrash/fwknop
Michael Rash [Wed, 27 Aug 2014 03:23:31 +0000]
Merge branch 'master' of ssh://github.com/mrash/fwknop

3 months agoMerge pull request #127 from g-reno/android-keypreserve
Michael Rash [Wed, 27 Aug 2014 03:22:15 +0000]
Merge pull request #127 from g-reno/android-keypreserve

restore keys from prefs when app is launched

3 months agofwknopd man page updates for access.conf vars
Michael Rash [Wed, 27 Aug 2014 03:21:14 +0000]
fwknopd man page updates for access.conf vars

4 months agoChangeLog update for FCS bug fix
Michael Rash [Fri, 22 Aug 2014 01:15:09 +0000]
ChangeLog update for FCS bug fix

4 months agominor code restructure for Ethernet FCS header processing
Michael Rash [Fri, 22 Aug 2014 01:08:27 +0000]
minor code restructure for Ethernet FCS header processing

4 months agoadded Ethernet FCS header test with pcap contributed by Bill Stubs
Michael Rash [Fri, 22 Aug 2014 01:07:52 +0000]
added Ethernet FCS header test with pcap contributed by Bill Stubs

4 months agoMerge branch 'beaglebone_libpcap_workaround' of https://github.com/stubbsw/fwknop...
Michael Rash [Fri, 22 Aug 2014 00:44:48 +0000]
Merge branch 'beaglebone_libpcap_workaround' of https://github.com/stubbsw/fwknop into stubbsw-beaglebone_libpcap_workaround

4 months agorestore keys from prefs when app is launched
Gerry Reno [Thu, 21 Aug 2014 22:16:00 +0000]
restore keys from prefs when app is launched

4 months agopcap of spa with Ethernet FCS
stubbsw [Thu, 21 Aug 2014 11:04:55 +0000]
pcap of  spa with Ethernet FCS

Captured with:
tcpdump -i eth0 -l -nn -s 0 -w fcs_spa.pcap udp port 62201

Generated remotely with:
LD_LIBRARY_PATH=./lib/.libs ./client/.libs/fwknop -A tcp/22 -a 127.0.0.2
-D 192.168.18.11 --no-save-args --verbose --verbose --rc-file
./test/conf/fwknoprc_default_hmac_base64_key

4 months agoMerge pull request #125 from stubbsw/beaglebone_libpcap_workaround
Michael Rash [Thu, 21 Aug 2014 03:20:40 +0000]
Merge pull request #125 from stubbsw/beaglebone_libpcap_workaround

workaround libpcap 4 extra bytes

4 months agoupdate to indicate Ethernet FCS support vs. bug
stubbsw [Tue, 19 Aug 2014 10:54:18 +0000]
update to indicate Ethernet FCS support vs. bug