[server] Updated PCAP_LOOP_SLEEP default to 1/10th of a second (in
microseconds). This was supposed to be the default anyway, but C
Anthony Risinger reported a bug where fwknopd was consuming more
resources than necessary, and the cause was PCAP_LOOP_SLEEP set by
default to 1/100th of a second - this has been fixed.
This commit fixes memory leaks like the following in the fwknop client:
HEAP SUMMARY:
in use at exit: 300 bytes in 11 blocks
total heap usage: 100 allocs, 89 frees, 16,583 bytes allocated
16 bytes in 1 blocks are indirectly lost in loss record 1 of 11
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
by 0x5C3D63E: ???
by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
by 0x508938E: cuserid (cuserid.c:37)
by 0x4E3983A: fko_set_username (fko_user.c:65)
by 0x4E38D5C: fko_new (fko_funcs.c:84)
by 0x10A824: main (fwknop.c:75)
16 bytes in 1 blocks are indirectly lost in loss record 2 of 11
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
by 0x5C3D658: ???
by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
by 0x508938E: cuserid (cuserid.c:37)
by 0x4E3983A: fko_set_username (fko_user.c:65)
by 0x4E38D5C: fko_new (fko_funcs.c:84)
by 0x10A824: main (fwknop.c:75)
16 bytes in 1 blocks are indirectly lost in loss record 3 of 11
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
by 0x5C3D672: ???
by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
by 0x508938E: cuserid (cuserid.c:37)
by 0x4E3983A: fko_set_username (fko_user.c:65)
by 0x4E38D5C: fko_new (fko_funcs.c:84)
by 0x10A824: main (fwknop.c:75)
16 bytes in 1 blocks are indirectly lost in loss record 4 of 11
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
by 0x5C3D68C: ???
by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
by 0x508938E: cuserid (cuserid.c:37)
by 0x4E3983A: fko_set_username (fko_user.c:65)
by 0x4E38D5C: fko_new (fko_funcs.c:84)
by 0x10A824: main (fwknop.c:75)
with the same command line arguments as the previous time it was
executed. The previous arguments are parsed out of the ~/.fwknop.run
file (if it exists).
* Bug fix to not send any SPA packet out on the wire if a NULL password/key
is provided to the fwknop client. This could happen if the user tried to
abort fwknop execution by sending the process a SIGINT while being
prompted to enter the password/key for SPA encryption.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@193 510a4753-2344-4c79-9c09-4d669213fbeb
SPA packets can be limited from the command line. When this limit is
reached (any packet that contains application layer data and passes the
pcap filter is included in the count) then fwknopd exits.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@179 510a4753-2344-4c79-9c09-4d669213fbeb
the http_proxy environmental variable for sending SPA packets through an
HTTP proxy. The patch also adds support for specifying an HTTP proxy
user and password via the following syntax:
'http://username:password@proxy.com:port' or
'http://username:password@proxy.com'
git-svn-id: file:///home/mbr/svn/fwknop/trunk@164 510a4753-2344-4c79-9c09-4d669213fbeb
command line used for the previous fwknop invocation, and to have the
fwknop client not save its command line arguments.
* Bug fix to force libfko to recalculate the random data embedded in the
the SPA packet after a random port is acquired via --rand-port or
--nat-rand-port. This is a precaution so that an attacker cannot guess
some of the internal SPA data based on the destination port number.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@116 510a4753-2344-4c79-9c09-4d669213fbeb
--nat-local, --nat-port, and --nat-randport options. All NAT modes
are now passing the fwknop test suite.
* Added the --server-command option to build an SPA packet with a command
for the server to execute.
* Added the --fw-timeout option for client side timeouts to be specified.
* Added the --time-offset-plus and --time-offset-minus options to allow
the user to influence the timestamp associated with an SPA packet.
* Added the --rand-port option so that the SPA packet destination port can
be randomized.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@115 510a4753-2344-4c79-9c09-4d669213fbeb
the fwknop-c client.
- Added support for transmitting SPA packets over IPv6 via TCP and UDP
sockets, and also via HTTP.
- Added GnuPG 'hQ' base64 encoded prefix handling (this prefix is
stripped out of encrypted SPA packet data).
- Added hostname resolution support to the fwknop-c client if the SPA
server is specified as a hostname instead of an IP address.
- Minor bug fix to allow a GnuPG password to be specified via the
--get-key functionality.
git-svn-id: file:///home/mbr/svn/fwknop/trunk@112 510a4753-2344-4c79-9c09-4d669213fbeb
