diff --git a/client/Makefile.am b/client/Makefile.am index ad892c21..8596ebce 100644 --- a/client/Makefile.am +++ b/client/Makefile.am @@ -20,7 +20,7 @@ fwknop.8: fwknop.8.in -e 's|[@]bindir@|$(bindir)|g' \ -e 's|[@]sbindir@|$(sbindir)|g' \ -e 's|[@]localstatedir@|$(localstatedir)|g' \ - < "$<" > "$@" + < "fwknop.8.in" > "$@" clean-local: rm -f fwknop.8 diff --git a/client/spa_comm.h b/client/spa_comm.h index 6950ad0f..57ff006f 100644 --- a/client/spa_comm.h +++ b/client/spa_comm.h @@ -27,125 +27,7 @@ #define SPA_COMM_H #include "fwknop_common.h" -#include - -#ifdef WIN32 - #include - #include -#else - #if HAVE_SYS_SOCKET_H - #include - #endif - #if HAVE_NETDB_H - #include - #endif - #if HAVE_NETINET_IN_H - #include - #endif - #if HAVE_ARPA_INET_H - #include - #endif -#endif - -/* We will roll our own packet header structs. */ - -/* The IP header -*/ -struct iphdr -{ -#if __BYTE_ORDER == __LITTLE_ENDIAN - unsigned int ihl:4; - unsigned int version:4; -#elif __BYTE_ORDER == __BIG_ENDIAN - unsigned int version:4; - unsigned int ihl:4; -#else - #error "Please fix " -#endif - unsigned char tos; - unsigned short tot_len; - unsigned short id; - unsigned short frag_off; - unsigned char ttl; - unsigned char protocol; - unsigned short check; - unsigned int saddr; - unsigned int daddr; -}; - -/* The TCP header -*/ -struct tcphdr -{ - unsigned short source; - unsigned short dest; - unsigned int seq; - unsigned int ack_seq; -#if __BYTE_ORDER == __LITTLE_ENDIAN - unsigned short res1:4; - unsigned short doff:4; - unsigned short fin:1; - unsigned short syn:1; - unsigned short rst:1; - unsigned short psh:1; - unsigned short ack:1; - unsigned short urg:1; - unsigned short res2:2; -#elif __BYTE_ORDER == __BIG_ENDIAN - unsigned short doff:4; - unsigned short res1:4; - unsigned short res2:2; - unsigned short urg:1; - unsigned short ack:1; - unsigned short psh:1; - unsigned short rst:1; - unsigned short syn:1; - unsigned short fin:1; -#else - #error "Adjust your defines" -#endif - unsigned short window; - unsigned short check; - unsigned short urg_ptr; -}; - -/* The ICMP header -*/ -struct icmphdr -{ - unsigned char type; /* message type */ - unsigned char code; /* type sub-code */ - unsigned short checksum; - union - { - struct - { - unsigned short id; - unsigned short sequence; - } echo; /* echo datagram */ - unsigned int gateway; /* gateway address */ - struct - { - unsigned short __unused; - unsigned short mtu; - } frag; /* path mtu discovery */ - } un; -}; - -#define ICMP_ECHOREPLY 0 /* Echo Reply */ -#define ICMP_DEST_UNREACH 3 /* Destination Unreachable */ -#define ICMP_SOURCE_QUENCH 4 /* Source Quench */ -#define ICMP_REDIRECT 5 /* Redirect (change route) */ -#define ICMP_ECHO 8 /* Echo Request */ -#define ICMP_TIME_EXCEEDED 11 /* Time Exceeded */ -#define ICMP_PARAMETERPROB 12 /* Parameter Problem */ -#define ICMP_TIMESTAMP 13 /* Timestamp Request */ -#define ICMP_TIMESTAMPREPLY 14 /* Timestamp Reply */ -#define ICMP_INFO_REQUEST 15 /* Information Request */ -#define ICMP_INFO_REPLY 16 /* Information Reply */ -#define ICMP_ADDRESS 17 /* Address Mask Request */ -#define ICMP_ADDRESSREPLY 18 /* Address Mask Reply */ - +#include "netinet_common.h" /* Function Prototypes */ diff --git a/common/Makefile.am b/common/Makefile.am index 50a0d2b0..6eb7b45d 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -1 +1 @@ -EXTRA_DIST = common.h +EXTRA_DIST = common.h netinet_common.h diff --git a/common/common.h b/common/common.h index 505ee641..3c08e42c 100644 --- a/common/common.h +++ b/common/common.h @@ -33,9 +33,14 @@ #endif #include -#include -#include +#if HAVE_SYS_TYPES_H + #include +#endif + +#if HAVE_ERRNO_H + #include +#endif #if STDC_HEADERS #include @@ -65,10 +70,10 @@ #define strncasecmp _strnicmp #define snprintf _snprintf #define unlink _unlink - #define PATH_SEP "\\" + #define PATH_SEP '\\' #else #include - #define PATH_SEP "/" + #define PATH_SEP '/' #endif #include "fko.h" diff --git a/configure.ac b/configure.ac index a3317e89..0c40805f 100644 --- a/configure.ac +++ b/configure.ac @@ -73,13 +73,24 @@ AC_PROG_MAKE_SET AC_PROG_RANLIB AC_PROG_LIBTOOL +# It seems we need to add these for (at least my) FreeBSD system. +# (--DSS TOD): See if we can either make this conditional on OS or +# add the search path at check time). +# +if [ test "x$CPPFLAGS" = "x" ] ; then + CPPFLAGS="-I/usr/local/include -I/usr/local/include/gpgme" +fi +if [ test "x$LDFLAGS" = "x" ] ; then + LDFLAGS="-L/usr/local/lib" +fi + # Checks for header files. # AC_HEADER_STDC AC_HEADER_TIME AC_HEADER_RESOLV -AC_CHECK_HEADERS([arpa/inet.h ctype.h endian.h errno.h locale.h netdb.h net/ethernet.h netinet/ether.h netinet/in.h netinet/ip.h netinet/tcp.h netinet/udp.h stdint.h stdlib.h string.h strings.h sys/byteorder.h sys/endian.h sys/ethernet.h sys/socket.h sys/stat.h sys/time.h sys/wait.h termios.h time.h unistd.h]) +AC_CHECK_HEADERS([arpa/inet.h ctype.h endian.h errno.h locale.h netdb.h net/ethernet.h netinet/in.h stdint.h stdlib.h string.h strings.h sys/byteorder.h sys/endian.h sys/ethernet.h sys/socket.h sys/stat.h sys/time.h sys/wait.h termios.h time.h unistd.h]) # Type checks. # diff --git a/server/Makefile.am b/server/Makefile.am index 280670f8..7db8dfb7 100644 --- a/server/Makefile.am +++ b/server/Makefile.am @@ -34,7 +34,7 @@ fwknopd.8: fwknopd.8.in -e 's|[@]bindir@|$(bindir)|g' \ -e 's|[@]sbindir@|$(sbindir)|g' \ -e 's|[@]localstatedir@|$(localstatedir)|g' \ - < "$<" > "$@" + < "fwknopd.8.in" > "$@" clean-local: rm -f fwknopd.8 diff --git a/server/fwknopd.c b/server/fwknopd.c index de2917f3..748cc758 100644 --- a/server/fwknopd.c +++ b/server/fwknopd.c @@ -372,7 +372,7 @@ check_dir_path(const char *filepath, const char *fp_desc, unsigned char use_base */ /* But first make sure we are using an absolute path. */ - if(*filepath != '/') + if(*filepath != PATH_SEP) { log_msg(LOG_ERR, "Configured %s directory (%s) is not an absolute path.", fp_desc, filepath @@ -383,13 +383,13 @@ check_dir_path(const char *filepath, const char *fp_desc, unsigned char use_base /* If this is a file path that we want to use only the basename, strip * the trailing filename here. */ - if(use_basename && ((ndx = strrchr(filepath, '/')) != NULL)) + if(use_basename && ((ndx = strrchr(filepath, PATH_SEP)) != NULL)) strlcpy(tmp_path, filepath, (ndx-filepath)+1); else strcpy(tmp_path, filepath); - /* At this point, we should make the path is more than just "/". - * If it is not, silently return. + /* At this point, we should make the path is more than just the + * PATH_SEP. If it is not, silently return. */ if(strlen(tmp_path) < 2) return; @@ -458,7 +458,7 @@ make_dir_path(const char *run_dir) /* Strip any trailing dir sep char. */ - if(tmp_path[len-1] == '/') + if(tmp_path[len-1] == PATH_SEP) tmp_path[len-1] = '\0'; for(ndx = tmp_path+1; *ndx; ndx++) diff --git a/server/fwknopd_common.h b/server/fwknopd_common.h index 8a722a65..4d46c8b3 100644 --- a/server/fwknopd_common.h +++ b/server/fwknopd_common.h @@ -28,7 +28,9 @@ #include "common.h" -#include +#if HAVE_SYS_STAT_H + #include +#endif #if HAVE_LIBPCAP #include diff --git a/server/incoming_spa.c b/server/incoming_spa.c index bcabe0ed..691aaf7c 100644 --- a/server/incoming_spa.c +++ b/server/incoming_spa.c @@ -24,6 +24,12 @@ ***************************************************************************** */ #include "fwknopd_common.h" +#include "netinet_common.h" + +#if HAVE_SYS_WAIT_H + #include +#endif + #include "incoming_spa.h" #include "access.h" #include "extcmd.h" @@ -33,10 +39,6 @@ #include "fwknopd_errors.h" #include "replay_dbm.h" -#if HAVE_ARPA_INET_H - #include -#endif - /* Validate and in some cases preprocess/reformat the SPA data. Return an * error code value if there is any indication the data is not valid spa data. */ diff --git a/server/pcap_capture.c b/server/pcap_capture.c index 3627a507..053d311d 100644 --- a/server/pcap_capture.c +++ b/server/pcap_capture.c @@ -24,8 +24,6 @@ ***************************************************************************** */ #include -#include -#include #include "fwknopd_common.h" #include "pcap_capture.h" @@ -39,12 +37,15 @@ #include "sig_handler.h" #include "tcp_server.h" +#if HAVE_SYS_WAIT_H + #include +#endif + /* The pcap capture routine. */ int pcap_capture(fko_srv_options_t *opts) { -#if HAVE_LIBPCAP pcap_t *pcap; char errstr[PCAP_ERRBUF_SIZE] = {0}; struct bpf_program fp; @@ -63,7 +64,7 @@ pcap_capture(fko_srv_options_t *opts) pcap = pcap_open_live( opts->config[CONF_PCAP_INTF], atoi(opts->config[CONF_MAX_SNIFF_BYTES]), - promisc, 500, errstr + promisc, 100, errstr ); if(pcap == NULL) @@ -125,12 +126,16 @@ pcap_capture(fko_srv_options_t *opts) break; } - /* Set our pcap handle to nonblocking mode. + /* Set our pcap handle nonblocking mode. + * + * NOTE: This is simply set to 0 for now until we find a need + * to actually use this mode (which when set on a FreeBSD + * system, it silently breaks the packet capture). */ - if((pcap_setnonblock(pcap, 1, errstr)) == -1) + if((pcap_setnonblock(pcap, 0, errstr)) == -1) { - log_msg(LOG_ERR, "[*] Error setting pcap to non-blocking: %s", - errstr + log_msg(LOG_ERR, "[*] Error setting pcap nonblocking to %i: %s", + 0, errstr ); exit(EXIT_FAILURE); } @@ -255,11 +260,9 @@ pcap_capture(fko_srv_options_t *opts) /* Check for any expired firewall rules and deal with them. */ - check_firewall_rules(opts); +//--DSS check_firewall_rules(opts); - usleep(10000); } -#endif /* HAVE_LIBPCAP */ pcap_close(pcap); diff --git a/server/process_packet.c b/server/process_packet.c index 15760263..47b982df 100644 --- a/server/process_packet.c +++ b/server/process_packet.c @@ -28,13 +28,8 @@ */ #include -#include -#include -#include -#include -#include - #include "fwknopd_common.h" +#include "netinet_common.h" #include "process_packet.h" #include "utils.h"