DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

removed 2.0.0 branch specific ChangeLog, ShortLog and diffstat files

Browse Source
This commit is contained in:
Michael Rash 2011-08-22 21:39:28 -04:00
parent 17beb2d348
commit 47da588003
3 changed files with 0 additions and 4984 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3020
ChangeLog-v2.0.0
View File

File diff suppressed because it is too large Load Diff

654
ShortLog-v2.0.0
View File

@ -1,654 +0,0 @@
Damien Stuart (231):
Initial import.
Initial Makefile and first cut at fwknop.h, the spa_random_number
function, and a program for testing the functions.
Added strlcat/cpy functions. Added spa_user function.
Added spa_timestamp function.
Added more source files. Split out libfwknop functions to a static
lib. Misc updates.
Added base64 and md5 code.
Added sha256 code.
Added sha1 refactored the access to the digest routines via digest.c.
Other misc teaks to format and style of digest code.
Added rijndael code, spa digest and message functions, and a shitload
of other changes and tweaks.
Makefile tweak.
More updates to address compatibility issues with the perl version of
fwknop.
Total re-arrangement for autoconf/automake implementation.
Another major re-write of the fwknop library.
Re-arrangement of source tree.
Remove files that were stored as sym links.
Putting the reg version of the files back
Updates to allow for building libfko as a shared lib. (make use of
libtool).
Added documentation stub.
Made fko.h an include_HEADER for proper distribution.
Tweaks to add some more ctx state tracking.
Minor docs update - Added GPL to info doc.
Added some basic format checking to spa message data and message_type
checks when client_timeout is set/unset.
Added fallback for isdigit() if ctype.h is not available.
Added decrypting/decoding/parsing of SPA data.
Added gpl-2.0.texi file to doc/Makefile.am so it is included in the
dist.
Code format tweaks. Added a couple more convenience functions.
more checks for configure. omit salt from Rijndael-encrypted data as
returned by fko_get_dpa_data.
Update to docs.
Some progress on the libfko doc.
Documentation updates and minor tweaks.
Documentation fixes.
Reorganized libfko doc.
Made the context struct opaque to users of the library. Somewhat
major API tweak in that fko_ctx_t is not a pointer type and the
fko_new functions take a pointer to that.
Broke these out from fko.h.
Minor tweaks, and fixed one potential memory allocation issue
discovered with valgrind.
Updated README
First cut at GPG encrytion support (decryption and doc update are
pending).
Fixed a potential bug where the NULL-termination of the
base64-encoded data was being lost during process just before
rijndael decryption.
Removing files that are auto-generated by the autogen.sh script.
Fixed gpgme check so it would not fail if gpgme was not installed.
Setup to allow using --with[out]-gpgme option to configure.
Fixed configure.ac again (I broke it with my last change). Added
first cut at gpg decryption routine.
Added fwknop.h to the source list in Makefile.am so it will be
included in the distrubution.
Documentation updates and minor tweaks. Made it version 1.10.0
consistent in caonfigure.ac and fko.h.
Make version consistent for real this time.
Fixed flag on gpgme_keylist_next that was forcing only private keys
for recipient. Fixed typo in docs.
Added more gpgme-related errors and error checking. Other minor
tweaks.
Slightly improved and cleaner GPG error handling (there is still
plenty of room for improvement).
Some minor cleanup and tweaks to gpgme code.
Add more compiler conditionals for GPGME support to fix error during
compiles on systems without gpgme.
Replaced deprecated gpgme_key_release calls with gpgme_key_unref.
Fixed more potential memory leaks.
Split out the source files. Added processing for a couple more
command-line options.
Added getpasswd routine for getting a password from the user. A few
updates to the lib to accomodate clearing the password after we
are done with it. Update the fwknop program to reflect/use some
of the new functionality.
Update libfko docs for the gpgme-related error codes and function.
Fixed minor typo
Fixed typo in Makefile.am
Added better autoconf handling of gpgpme. Fixes so libfko will
compile under FreeBSD (7.0 release anyway).
Better error checking/message for decription. Fixed typo in docs.
Updated autoconf files and code to support Solaris (ver 10 x86 at
least). This includes better type checking and resolving some
conflicting names under Solaris.
Tweaked byte order determination for Solaris systems.
Added gpg-home-dir support to libfko and the fwknop program. Added
the fko_set_spa_data() function. Documentation updates and other
tweaks to support these changes.
Fixed typo in doc
Fixed segfault issue when spa_data_final was called before
spa_message was set.
Fixed double-free when destroy was called after a failed gpg
encryption/decryption.
Added perl module code to the repository.
Interim check-in of API changes, libfko and fwknop binary now support
the updated API. Docs and Perl module are pending.
Tweaks to updated API. Added GPG signature checking and processing
functions. Updated Perl module and perldoc for new API and
functions.
Updated documentation to reflect API changes and GPG signature
functions.
Added the Perl module files to Makefile.am so they will be included
in the dist.
Changed fko version to 1.9.12. Made signing GPG-encrypted messages
optional.
Made the dist name "fwknop-c" so as not to confuse it with the
current "fwknop".
Updates and revisions to accommodate a Windows build.
Updated Makefile.am to add win32 directory to the dist.
Added getopt_long and getlogin capability to the Windows build.
Removed old test code from fwknop client. Other tweaks and
enhancements.
Fixed bad variable name after moving the winsock startup code to a
the send_spa_packet function.
Implemented sending spa data via TCP or ICMP via SOCK_RAW (unix only
so far).
Added sending via tcp (established) conneciton. removed --debug as an
option. Some minor code reformatting and refactoring.
Tweak for win32 platform
Yet another tweak for win32.
Tweaks again for win32 build
Brought Error constants in sync with libfko.
Minor updates to non-code-related files. Changed some copyrights to
2009.
Forgot to bump the perl module minor version number.
Added a TODO file
Added the digest types constants to the types and individual export
tags.
Added handling of Backspace and Ctrl-U in the Win32 handling of
get_passswd.
Tweaks to the win32 build (Visual Studio project configs).
Fixed spa access message validation routine to allow for multiple
comma-separated requests in one message.
Tweaks to cover WIN32 build. Added print of error if tcp connect()
fails.
Fixed some formatting errors in the POD.
Added SHA384 and SHA512 digests. Tweaks for getting rid of windows
warnings. Use recv instead of read on socket. Bumped version to
0.63 (libfko) and 0.23 (FKO perl module).
Forgot to add the files for the updated SHA digests (oops).
Update the VS project file for the new SHA digest files and
functions.
Fixed typo (actually a cut-and-paste remnant) in the doc.
Major rearrangement. Renamed directories: "fko" to "lib", "src" to
"client". Added "common" and "server" directories. Setup autoconf
to allow disabling the server and/or client builds.
Forgot to add the server dir.
Made the configure help message show --disable-xxx as the options for
whether or not to build the server or client.
Some minor refactoring of the TIME_OFFSET handling. Other minor code
formatting tweaks.
Updates to accommodate the Windows build.
Changed http_resolve_host code to make it work with or without
trailing whitespace in returned content. Updated the IP address
format and value checking code. Switched back to whatsmyip.com as
default IP resolver.
Updated ip,port format and value check.
Fixed another minor typo in the doc
Added fwknop.man.asciidoc to docs and fwknop.8 man page to client
(derived from fwknop.man.asciidoc).
Added check for libpcap. More stubbing in on the server code side.
Added more server command-line and config file processing code.
Updated autoconf config for new checks and files.
Added override config handling and updated the config_init routines
to parse everything in the correct order (i.e. config file,
override configs, then command-line).
Minor manpage tweak
More tweaks to config file processing, including simple variable
expansion.
Added some more stuff to deal with byte order identification on
Solaris 10 x86 systems.
Added perl/legacy distribution (fwknop-1.9.12). Renamed this
distribution from fwknop-c to simply fwknop. Made the version
2.0.0-alpha.
Removed the wipe_pw routine as it could result in segfaults when a
static key is used.
Added some more (stubbed-in) server code and functions. Minor doc
tweak.
Updated pid/lock file handling. Implemetned -K option.
Updates and enhancements to logging functions. Now log_msg writes
only to stderr when running in foreground. Default log facility is
LOG_DAEMON. Config file options of ENABLE_PACP_PROMISC, HOSTNAME,
SYSLOG_IDENTITY, and SYSLOG_FACILITY are processed.
Updated sniffer to be able to handle the linux "any" interface.
Added stubs and some handling for signals. SIGHUP induces the
re-reading the configs and restarting the capture loop. SIGTERM
and SIGINT simply trigger a graceful exit. Trimmed some more of
the configuration options.
Fixed memory leak issue in libfko when fko_new_with_data() was called
with a bad key. Added autoconf checks for gdbm with fallback to
ndbm for server builds. Added digest cache capability using gdbm
(in ndbm compatibility mode) or ndbm for replay detection.
Changed digest cache to use gdbm directly wth fallback to ndbm (still
not tested).
Fixed missed MY_DBM_CLOSE call
Fixed minor typo in the POD synopsis (thanks Franck!).
Updated digest cache to store additional information including src
ip, created, first_replay, last_replay, and replay count.
Fixed bug in signal handling when libpcap version 1.0 is used. Minor
doc update.
The default conf and run directories are captured from the autoconf
output. Added post install hook to create the xxx/var/run/fwknop
directory (which works, but breaks the "make distcheck" feature of
autoconf). Changed order of config processing and set conf struct
for some default and overridden parameters so they will be shown
properly when -D is used.
Autoconf updates for detecting locally installed program paths and
changes to facilitate portability. Also set AM_MAINTAINER_MODE so
we are not forced to regen/reconfigure when we change one of the
autoconf source files (but we do now need to remember to do it
ourselves before making a new dist).
Made local exe checks run only of a server is being built. Removed
checks for external progs that may not be needed yet.
Added configure args for specifying specific pathes to the local
executables used by fwknopd.
Fixed incorrect variable in configure.ac.
Added check for SPA packet age against the MAX_SPA_PACKET_AGE if
ENABLE SPA_PACKET_AGING is set to "Y" in the conf file. Made the
digest cache check only of ENABLE_DIGEST_PERSISTENCE is "Y".
Added check for and create of run dir and/or basename of digest_cache
(if different from run dir). Added set_locale() call based on
LOCALE setting in the conf file.
Added access.conf handling and processing. Added a new acces.conf
parameter: RESTRICT_PORTS for specifying 1 or more proto/ports
that are explicitly not allowed.
Updated changelog. Made the fwknop.man.asciidoc match the changes
made to the fwknopd.8 manpage.
Commented out AM_MAINTAINER_MODE.
Added support for multiple GPG_REMOTE_ID values from access.conf
(still need to implement the use of those however). Also, went
back to support colons (:) as an optional part of the access.conf
parameter name (better to keep backward compatibility).
Added additional sanity checks and clean-up of access.conf processing
and functionality. Fixes require source and added check for
required username. Added fallback to use GPG_DECRYPT_PW if it was
set and the normal KEY failed with a decyption error. Fixed packet
count checks to allow a limit of 0 to mean unlimited number of
packets.
Bumped working version to 2.0.0-alpha-pre2 to differentiate from the
tagged 2.0.0-alpha-pre1. Updated Changelog.
Fixed libfko so gpgme engine is gpg by default. Added functions to
libfko to set/get path to gpgme engine. Fixed some memory leaks.
Reworkd the get_user_pw routine. Added code in fwknopd to put
back the "hQ" string on the front of incoming GPG-encypted message
data. Removed the previously add pretty-print routine to
configure. Updated configure to check for path to gpg executable.
Updated docs accordingly.
Forgot to remove the m4 dir from Makefil.am
Tweaks to eliminate warnings on win32 build of libfko and client.
Updated TODO list (removed items that were compled and/or
deprecated).
Added an initial fwknopd.8 man page (and source asciidoc). Added the
--locale and --no-locale command-line option support. The
set_config_entry function now allows setting a config entry to
NULL to clear and free it.
Changed to fix possible double-free bug under some circumstances.
Started firewall rule processing. Added rule initialization. Added
some of the initial routines for external command execution with
ability to capture stdout, stderr, and exit status.
Minor tweaks to firewall rules processing and external command
execution code.
Added the fwknopd.8 man page.
First cut at creating access rules and removing them when they expire
(not sure I like this implementation but it is a start).
Very minor comment and code tweaks (mostly just an excuse to test the
relocation of the svn server).
Added support for FWKNOP_OUTPUT_ACCESS and NAT_ACCESS modes (still
needs testing and tweaking).
Tweaked firewall rule creation code. Added SNAT/MASQUERADE support.
Fixed rule processing code so an INPUT rule was not created for
NAT request. Still needs more review and testing.
Mostly documentation file updates.
Added support for parsing and processing SPA requests over HTTP.
Beefed up verbose logging a bit. Added some more sanity checks on
the validity of incoming SPA data before attempting to decode.
Tweak to client usage message output. Added TCP server funcionality
to the server (call it a first cut).
More tweaks. Added SIGCHLD handler and code to try to restart the
TCP server if it dies for whatever reason.
Some tweaks to the sigchld handling in the server. Other misc minor
cleanup.
More updates to take care of warnings on Ubuntu systems (fixes for
common sense warnings that should have come up om my Fedora system
but didn't).
Start of cleanup for beta release candidate. Removed locale-related
code (for now) as it was breaking some things like logging.
removed some unimplemented and/or unused parameters and config
directives (as well as thier respective documentation references.
Added a --rotate-digest-cache command-line arg to force a rename
of the digest cache file and start a new one.
More tweaks, clean-up and documentation tweaks for the first release.
Made client http-proxy option allow case insensitive match and to
take an option :port as part of the argument.
Added support for COMMAND_MSG requests. Also added CMD_EXEC_USER to
access.conf to allow for fwknopd to setuid to the specified user
before running the command. Other minor tweaks.
Added the GPG signature checking code. Added GPG_REQUIRE_SIG and
GPG_IGNORE_SIG_VERIFY_ERROR parameters to access.conf. Implement
the checking of GPG signature IDs against the GPG_REOMOTE_ID list.
Updates to TCP server to close the lock file handle, use a
non-blocking socket, and detect when the parent fwknop dies so it
can exit as well.
Changed the way running external commands are hanlded to address
issues with it not working on some systems/configurations. Just
using system and popen and fw commands are run with stdout and
stderr tied to gether.
Put locale code back in. More cleanup of config directives and
options.
More cleanup. Removed the direction field (src, dst, both) from the
chain configuration directives. Remove the HOSTNAME parameter as
it was not used.
Due to issues and usage restrictions on whatismyip.com, I am making
the default resolve_ip_http url www.cipherdyne.org/cgi-bin/myip.
Added .fwknoprc file creation and processing. This allows for saved
default and named configuration profiles. Updated fwknop manpage
to reflect the new capability. Also cleaned up messages (errors,
info) from the program.
Added installation hook to set the perms on the .conf files to 600
during make install. Minot doc tweak.
Fixed bad param name in generated .fwknoprc file.
Fixed bug where named-stanza was not being found when it indeed
existed.
Added fwknop.spec for rpm builds. Removed the server post install
hook as it breaks make distcheck and rpm builds.
Minor cleanup on the spec file.
Fixed bug where ALLOW_IP of resolve was not overridden by an ALLOW_IP
parameter in a named stanza. Removed erroneous invalid parameter
from the initially generated .fwknoprc file.
Fixed issues found by the Windows compiler (that I would think would
have been flagged by gcc).
Removed unreferenced variables.
Use USERPROFILE instead of HOME for homedir determination on win32
builds.
Fixed autoconf config so libfko and fwknop client are not linked with
libpcap and libgdbm. Fixed some issues in the fwknop.spec file.
Fixed another oops in the spec file.
Renamed the legacy perl verison of fwknop.spec to fwkop-legacy.spec
to resolve rpmbuild confusion when using the -tx options.
Manpage updates
Added AC_SYS_LARGE_FILE to configure.ac
Modified top-level Makefile.am so the legacy perl stuff is not
packaged into the distribution tar file. More cleanup of the
fwknopd man page.
Slightly revamped how signals were setup.
Reworked how man pages are generated. Now, man pages in the client
and server directory are "fwknop(d).8.in" and a target was added
to Makefile.am to create the man pages while doing variable
substitutions based on directives specified via the configure
script. Minor tweak to fwknop.spec file.
Removed checks for sig verification flag on gpg_sig info related
functions.
Reverted last libfko change. Added set verify_sig flag when
remote_ids are specified.
Moved force set of verify flag on remote_id value to before
decryption phase.
Added the fwknopd_errors.[ch] files which provides the get_errstr()
and fwknopd_errstr() functions. The get_errstr() function takes
and error_code, tries to determine the type, then calls the
appropriate xxx_errstr function to return a description string.
Fixed some minor errors in the libfko API docs.
Almost all he conf variables have a default value if they are not
there (or set). All the entries in the initial fwknop.conf file
are not commented out adn can be override as needed.
Fixed some misplaced dependencies in the fwknop.spec file.
Updated the version number in the win32 config.h copy
Updates and clean-up to address the many compiler warnings when
compiled with -Wall. Also some autoconf updates
Per Franck Joncourt - Corrected misspelled word in fwknopd man page
and access.conf.
Added check to make sure a firewall program is set.
Removed a debug print statement.
Cleaned out some old commented-out sections configure.ac and fixed an
issue where exteranl file checks would fail when running configure
in cross-compiler environment. No code changes made.
Added extras directory. Bumped version in autoconf to 1.0.0rc2.
Fixed issue with spaces in in access.conf comma-separated values.
Fixed issue with GPG signature check being forced when
GPG_REMOTE_ID is set and GPG_REQUIRE_SIG was "N". Updated
dependency in the spec file. Updates to ChangeLog.
Added some OpenWRT-related files to the extras directory.
Tweaks to autoconf files.
Updates to accomodate building and compiling on FreeBSD systems.
Oops left out new header for last update.
Uncommented call to check_firewall_rules (left in while debugging
freebsd build).
Refactored firewall rule code to separate files by firewall type.
Stubbed in ipfw and ipf firewall types. Updated autoconf to set a
firewall type and path depending on configure arguments.
Start of addition of access requests via ipfw.
Added rule expire and purge for ipfw. Almost there...
Missed a config file update on the last check-in.
Wrapped #ifdef around a linux-specific chunk.
Made fw_cleanup not remove rules from the expired rule set. Added
code to read in any existing expired rules into the rule_map at
startup.
Made autoconf print an error message indicating ipf is not supported
if it is specified. Changelog updates.
Minor fwknopd man page tweak.
Fixed handling of man page generation in Makefile.am so it works from
alternate build directories.
Set pcap non-block mode back on unless it is a freebsd system. Server
verbose output no longer shows access key or GPG password.
Tweaks to the fwknop.spec file
Put the usleep back pcap_capture (oops).
Needed to bump libfko revision to 2 do identify as part of newer
dist.
Update added HAVE_ERRNO_H 1 to win32/config.h.
Bumped version to rc3 (even though we may go straight to release) and
lib rev to 3.
Updated perl module for additional error messages.
Updated the GPL blurb at the top of the source files. Added some
missing copyright statements (Thanks to Franck Joncourt).
Added code to zero out rcfile path before setting it. Also added a
bounds check to that as well.
Minor comment and documentation tweaks. Add the python directory
which contains my first cut at a libfko Python wrapper module.
Added the Fko class code to wrap the _fko wrapper around libfko.
Added pydoc text to the fko python module. Minot tweak to setup.py.
Do not need parens around expression in if statements in python
(still learning).
Fixed bug where libfko would segfault if fko_get_spa_data() was
called before fko_spa_data_final() was called (and successful).
Added include of time.h in fko.h.
Additional docs and classes added to the fko python module. Minor
tweak and bumped version in the fwknop.spec file.
Removed unnecessary include.
Adding Max Kastanas's fwknop client app code for Android
Minor update to the android README
Added python/fko.py to Makefile.am so it is also included in
distributions. Minor tweak to address compile error on Mac os X.
Fix check and handling of ndbm as an option for the digest cache.
Added a no-digest-cache configure option and capability (though it is
not recommended).
Set FD_CLOEXEC on pid file descriptor. Added support for setting
the URL for resolving source IP via command-line or the .fwknoprc
file.
Michael Rash (106):
Merged in fwknop-c-ubuntu branch changes via:
- Added command line argument processing for:
- Added code to send SPA packet data over a UDP socket. - Added
minor validation step to enforce --Destination usage if not
running in --Test mode (will extend this validation to include
other option).
minor update to not force --Destination in --Version mode
added Id tag expansion
-Added the --get-key option to allow SPA passwords to be read from a
file. This feature will be useful for an automated test suite
that drives the fwknop C client against an SPA server
implementation.
Added the following options:
minor bug fix to anticipate closing newline in a password read from a
file via --get-key
updated to concatenate the allow IP and access string for
fko_set_spa_message()
updated Copyright to Damien
Minor bug fix to process gpg command line arguments properly when
handling the command line.
removed unnecessary initialization of string vars to 0x0 because the
earlier memset() takes care of this
added the --save-packet argument so that SPA packet data can be saved
to the local filesystem by the fwknop-c client
added --save-packet-append so that SPA packet data can be appended to
a file
minor link update for the cipherdyne.org website
minor wording update to match fwknop help to config_init.h for
--server-proto option
minor typo fix (gps -> gpg)
bug fix suggested by Damien to allow the recompute of the SPA digest
to properly happen when calling spa_digest() with a true value
initial stab at libfko server daemon TODO's
added B64_GPG_PREFIX 'hQ' string for GnuPG prefix handling (similar
to the 'Salted__' handling for Rijndael SPA packet encryption
- Added the ability to send SPA packets over valid HTTP requests with
the fwknop-c client. - Added support for transmitting SPA
packets over IPv6 via TCP and UDP sockets, and also via HTTP.
- Added GnuPG 'hQ' base64 encoded prefix handling (this prefix
is stripped out of encrypted SPA packet data). - Added
hostname resolution support to the fwknop-c client if the SPA
server is specified as a hostname instead of an IP address. -
Minor bug fix to allow a GnuPG password to be specified via the
--get-key functionality.
* Got forward and local NAT modes working with the --nat-access,
--nat-local, --nat-port, and --nat-randport options. All NAT
modes are now passing the fwknop test suite. * Added the
--server-command option to build an SPA packet with a command
for the server to execute. * Added the --fw-timeout option
for client side timeouts to be specified. * Added the
--time-offset-plus and --time-offset-minus options to allow
the user to influence the timestamp associated with an SPA packet.
* Added the --rand-port option so that the SPA packet
destination port can be randomized.
* Added the --show-last and --no-save command line options to show
the command line used for the previous fwknop invocation,
and to have the fwknop client not save its command line
arguments. * Bug fix to force libfko to recalculate the random
data embedded in the the SPA packet after a random port is
acquired via --rand-port or --nat-rand-port. This is a
precaution so that an attacker cannot guess some of the
internal SPA data based on the destination port number.
changed the minimum destination SPA port from 1024 to 10,000
minor doc updates
Added the --source-ip argument to build SPA packets with 0.0.0.0 (the
fwknopd server can wrap access controls around this)
bugfix to order HTTP request headers properly, updated the user agent
for SPA over HTTP to use the options->http_user_agent variable
(can be set from the command line)
added the --resolve-ip-http and --user-agent command line args so the
fwknop-c client can resolve the external network via
http://www.cipherdyne.org/cgi/myip.cgi
updated SPA over HTTP packets to always begin the a slash right after
the GET string, updated to print SPA packets over HTTP to stderr
in test/verbose mode
updated to handle the fwknop-c version string '2.0.0-alpha' in HTTP
tests
Added --List-mode so that identifying strings for tests can be
printed on stdout. This is useful to see what is available
for --test-include regex's.
Added better --debug output for time differences on incoming SPA
packets. This makes it easier to tell when there are problems
with time synchronization between the fwknop client and
fwknopd server systems.
- Added --http-proxy argument to the fwknop C client. - (Legacy
code): Changed HTTP proxy handling to point an SPA packet to
an HTTP proxy with -D specifying the end point host and
--HTTP-proxy pointing to the proxy host. This fix was
suggested by Jonathan Bennett.
added Daniel Lopez, and Jonathan Bennett's proxy fix
added the latest http proxy fixes to the ChangeLog
(Legacy code) Applied patch from Jonthan Bennett to support the usage
of the http_proxy environmental variable for sending SPA
packets through an HTTP proxy. The patch also adds support
for specifying an HTTP proxy user and password via the
following syntax:
* (Legacy code) Bug fix to allow the --rand-port argument to function
along without an inappropriate check for the --Server-port
arg.
minor bug fix to ensure that -R resolution work with
--URL=http://www.cipherdyne.org/cgi/clientip.cgi
minor bug fix to not append --Server-port option in --rand-port mode
bumped version to 2.0.0-alpha-pre1
minor update to include the -f arg in the usage() output
Added --packet-limit to fwknopd so that the number of incoming
candidate SPA packets can be limited from the command line.
When this limit is reached (any packet that contains
application layer data and passes the pcap filter is included
in the count) then fwknopd exits.
added Id tag expansion
added Id tag expansion
minor spacing fix
added --http-proxy and --no-save-args to usage() output
added --http-proxy argument to the fwknop.8 man page
removed unnecessary --no-save arg since --no-save-args covers it
Added --access-file command line arg to fwknopd so that the path to
the access.conf file can be specified from the command line.
added -a arg to fwknopd usage() output
minor update to the fwknop client to use '#define
GETOPTS_OPTION_STRING' for getopt() command line arg
processing.
* Added a new command line argument "--last-cmd" to run the fwknop
client with the same command line arguments as the previous
time it was executed. The previous arguments are parsed out
of the ~/.fwknop.run file (if it exists). * Bug fix to not
send any SPA packet out on the wire if a NULL password/key is
provided to the fwknop client. This could happen if the user
tried to abort fwknop execution by sending the process a
SIGINT while being prompted to enter the password/key for SPA
encryption.
(legacy code) (test suite) Bug fix for GnuPG SPA/HTTP tests not
pointing to the proper HTTP output file
* Fixed a few minor warnings like the following:
added --last-cmd argument to fwknop(8) man page via the
fwknop.man.asciidoc file
added --server-cmd arg to fwknop client man page and help output
bug fix in --packet-limit handling to ensure multi-packet processing
when the arg is not used
Added minor validation code to access.conf parsing to ensure that a
SOURCE stanza begins with the SOURCE variable and that there
is at least one usage of the OPEN_PORTS and KEY variables.
The OPEN_PORTS requirement might be relaxed when
PERMIT_CLIENT_PORTS handling is added.
bug fix to ensure the --last-cmd re-parsing of command line args via
getopt_long() has a reset index
Update to call parse_proto_and_port() before allocating a new port
list. This fixes the following stack trace when generating an
SPA packet that contains "none/0" for the port list:
updated to call dump_access_list() if -D was given to dump config
information
applied patch from Franck to catch a couple of man page typos
Updated to define a default gpg keyring path of /root/.gnupg, and if
the GPG_HOME_DIR variable is not defined in the fwknopd.conf
file or the access.conf file, then this default will take
over.
minor macro update to define the default gpg keyring
minor update to check the gpg keyring path setting in access stanzas
only if a decrypt password is specified
- added is_valid_dir() utility function for checking directory
stat()/existence (this is used for gpg keyring path
validation).
added --fw-list arg to the fwknopd daemon to list all current
firewall rules for any running fwknopd process
removed additional wait() call from run_extcmd(), updated --fw-list
to just use system() to execute the iptables listing commands
Bug fix for USE_NDBM variable so that client-only builds work. The
specific error before the patch along with the command line
invocation of the "configure" script appear below:
minor bug fix to account for PATH_SEP being defined as a character
instead of a string
minor off-by-one fix for home directory path separator
Removed legacy $Id$ tags from svn
Bug fix for uninitialized variable found with splint static analyzer
Minor rename in support of non-dbm file cache
Added autoconf support for non-dbm file cache.
Updated digest file path for gdbm/ndbm support
Added --pcap-filter to the fwknopd command line
Merge branch 'master' into optional_dbm_support
Implemented linked list cache of SPA digests
Started on code to parse the digest cache file
Added dst IP to tracked SPA data
Added source port and protocol to digest tracking
Added digest file import code
Consolidated replay warnings in a single function
Implemented memory clean up for digest cache list
Added fwknop-2.0.0rc2 openwrt support from Jonathan Bennett
Minor variable cleanup to fix compiler warnings
Added stack protection, PIE, fortify source, etc.
Updated replay warnings to include proto/port info
Update to force base64 check for all SPA data
Update to add any missing iptables jump rules
Renamed ChangeLog -> ChangeLog.old for new ChangeLog handling
Added ChangeLog derived from git commit messages.
Bumped version to fwknop-2.0.0-rc3
added the VERSION file
Bug fix for ./configure args to disable compile time security options
Added -Wall for all gcc warnings during compile
minor commit to fix minor compilations warnings
Minor restructuring to suppress compiler "defined but not used
warnings"
Update to suppress additional compiler warning
On FreeBSD disable read-only relocations and immediate binding
protections
Fixed a few minor compiler warnings on FreeBSD
On FreeBSD, made gpgme header path inclusion optional
Bug fix to create the digest.cache file at init
Bug fix for missing set existence check on ipfw firewalls
Bug fix for ipfw firewalls to not always require seeing 'Dynamic'
rules

1310
diffstat-v2.0.0
View File

File diff suppressed because it is too large Load Diff