Set pcap non-block mode back on unless it is a freebsd system. Server verbose output no longer shows access key or GPG password.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@290 510a4753-2344-4c79-9c09-4d669213fbeb

configure.ac

@@ -7,7 +7,7 @@ dnl Inspiration from RRDtool configure.ac, the AutoConf Archive
 dnl (http://www.nongnu.org/autoconf-archive/), and other examples.
 
 dnl Minimum Autoconf version required.
-AC_PREREQ(2.61)
+AC_PREREQ(2.62)
 
 dnl Define our name, version and email.
 m4_define(my_package,   [fwknop])
@@ -24,7 +24,7 @@ AM_INIT_AUTOMAKE([tar-ustar -Wall -Werror foreign])
 
 dnl AM_MAINTAINER_MODE
 
-AC_CONFIG_HEADER([config.h])
+AC_CONFIG_HEADERS([config.h])
 
 dnl The top of our header
 dnl

server/access.c

@@ -1036,7 +1036,7 @@ dump_access_list(fko_srv_options_t *opts)
             "==============================================================\n"
             "                 OPEN_PORTS:  %s\n"
             "             RESTRICT_PORTS:  %s\n"
-            "                        KEY:  %s\n"
+            "                        KEY:  <see the access.conf file>\n"
             "          FW_ACCESS_TIMEOUT:  %i\n"
             "            ENABLE_CMD_EXEC:  %s\n"
             "              CMD_EXEC_USER:  %s\n"
@@ -1044,7 +1044,7 @@ dump_access_list(fko_srv_options_t *opts)
             "     REQUIRE_SOURCE_ADDRESS:  %s\n"
             "               GPG_HOME_DIR:  %s\n"
             "             GPG_DECRYPT_ID:  %s\n"
-            "             GPG_DECRYPT_PW:  %s\n"
+            "             GPG_DECRYPT_PW:  <see the access.conf file>\n"
             "            GPG_REQUIRE_SIG:  %s\n"
             "GPG_IGNORE_SIG_VERIFY_ERROR:  %s\n"
             "              GPG_REMOTE_ID:  %s\n",
@@ -1052,7 +1052,7 @@ dump_access_list(fko_srv_options_t *opts)
             acc->source,
             (acc->open_ports == NULL) ? "<not set>" : acc->open_ports,
             (acc->restrict_ports == NULL) ? "<not set>" : acc->restrict_ports,
-            (acc->key == NULL) ? "<not set>" : acc->key,
+            //(acc->key == NULL) ? "<not set>" : acc->key,
             acc->fw_access_timeout,
             acc->enable_cmd_exec ? "Yes" : "No",
             (acc->cmd_exec_user == NULL) ? "<not set>" : acc->cmd_exec_user,
@@ -1060,7 +1060,7 @@ dump_access_list(fko_srv_options_t *opts)
             acc->require_source_address ? "Yes" : "No",
             (acc->gpg_home_dir == NULL) ? "<not set>" : acc->gpg_home_dir,
             (acc->gpg_decrypt_id == NULL) ? "<not set>" : acc->gpg_decrypt_id,
-            (acc->gpg_decrypt_pw == NULL) ? "<not set>" : acc->gpg_decrypt_pw,
+            //(acc->gpg_decrypt_pw == NULL) ? "<not set>" : acc->gpg_decrypt_pw,
             acc->gpg_require_sig ? "Yes" : "No",
             acc->gpg_ignore_sig_error  ? "Yes" : "No",
             (acc->gpg_remote_id == NULL) ? "<not set>" : acc->gpg_remote_id

server/pcap_capture.c

@@ -137,7 +137,7 @@ pcap_capture(fko_srv_options_t *opts)
      *       to actually use this mode (which when set on a FreeBSD
      *       system, it silently breaks the packet capture). 
     */
-    if((pcap_setnonblock(pcap, 0, errstr)) == -1)
+    if((pcap_setnonblock(pcap, DEF_PCAP_NONBLOCK, errstr)) == -1)
     {
         log_msg(LOG_ERR, "[*] Error setting pcap nonblocking to %i: %s",
             0, errstr

server/pcap_capture.h

@@ -31,6 +31,17 @@
 */
 #define MAX_PCAP_ERRORS_BEFORE_BAIL 100
 
+/* We normally want pcap in non-blockinbg mode, but this seems to be
+ * broken on FreeBSD 7 (at least my test host), so we'll set the default
+ * mode to on unless it is a FreeBSD system. --DSS XXX: What we really need
+ * to do is figure out what the difference is and address it correctly.
+*/
+#if defined(__FreeBSD__)
+    #define DEF_PCAP_NONBLOCK 0
+#else
+    #define DEF_PCAP_NONBLOCK 1
+#endif
+
 /* Prototypes
 */
 int pcap_capture(fko_srv_options_t *opts);