DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,717 Commits 15 Branches 0 Tags
03000dde5dda307ea421d19181cf7638240d8fbc
Commit Graph

543 Commits

Author SHA1 Message Date
Michael Rash
fa154259d5 [test suite] added FreeBSD-10.0 and OpenBSD-5.5 compatibility tests 2014-07-28 15:52:57 -04:00
Michael Rash
655abf6f0b [test suite] WGET_CMD and RESOLVE_HTTP_ONLY fwknoprc test coverage 2014-07-28 09:46:08 -04:00
Michael Rash
7f830e0239 revert gpg trustdb.gpg update from test suite 2014-07-28 09:37:50 -04:00
Michael Rash
b06447384e [client] have autoconf resolve the absolute path to wget for SSL IP resolution 2014-07-27 22:03:58 -04:00
Michael Rash
4fcd5b317a [server] fix shift operation bug in SOURCE subnet processing spotted by Coverity 2014-07-26 23:43:48 -04:00
Michael Rash
59718f1a36 [client] Updated IP resolution mode -R to use SSL 
External IP resolution via '-R' (or '--resolve-ip-http') is now done via SSL by
default. The IP resolution URL is now 'https://www.cipherdyne.org/cgi-gin/myip',
and a warning is generated in '-R' mode whenever a non-HTTPS URL is specified
(it is safer just to use the default). The fwknop client leverages 'wget' for
this operation since that is cleaner than having fwknop link against an SSL
library.
 2014-07-25 17:42:06 -04:00
Michael Rash
73490209f7 [test suite] add access.conf file path to a few basic tests 2014-07-22 17:36:31 -04:00
Michael Rash
3df08e3c0e [test suite] handle PF on FreeBSD 2014-07-22 17:35:59 -04:00
Michael Rash
eed3418996 [test suite] update wrapper Makefile gcc -> cc 2014-07-22 17:35:19 -04:00
Michael Rash
9470b3ce21 [test suite] README update to include --enable-complete mode 2014-07-22 11:31:16 -04:00
Michael Rash
3bd1d0742e [test suite] add --gpg-home-dir arg to GPG test 2014-07-08 16:32:26 -05:00
Michael Rash
7e1346c49a [test suite] add variable expansion and fwknopd override tests 2014-07-08 16:31:06 -05:00
Michael Rash
824ebe94f8 [test suite] run interrupt signal test against foreground fwknopd process 2014-07-08 16:28:42 -05:00
Michael Rash
0e5c4644fc [test suite] add GPG test for a manually altered SPA packet 2014-07-07 22:16:47 -05:00
Michael Rash
1b47173906 [test suite] add SYSLOG_FACILITY tests 2014-07-07 21:35:27 -05:00
Michael Rash
5474ced90b [test suite] extend invalid sniff interface test to include promisc mode 2014-07-05 23:10:26 -05:00
Michael Rash
77eb1a763f [test suite] add invalid sniff interface test 2014-07-05 22:44:40 -05:00
Michael Rash
f0285ae2b5 [test suite] add invalid gpg sig ID list 2014-07-04 20:05:54 -04:00
Michael Rash
ffa77a9e54 [test suite] add GPG_DISABLE_SIG test 2014-07-04 19:54:56 -04:00
Michael Rash
a2ff2a396c [server] call clean_exit() upon check_dir_path() error 2014-07-03 10:31:30 -04:00
Michael Rash
5ced103207 [test suite] minor test coverage addition for invalid locale setting 2014-07-03 10:17:52 -04:00
Michael Rash
fed2da3bb0 [test suite] additional valgrind suppression for pcap-file processing 2014-07-03 08:52:48 -04:00
Michael Rash
43b770320a [server] Require sig ID's or fingerprints when sigs are validated 
When validating access.conf stanzas make sure that one of
GPG_REMOTE_ID or GPG_FINGERPRINT_ID is specified whenever GnuPG
signatures are to be verified for incoming SPA packets. Signature
verification is the default, and can only be disabled with
GPG_DISABLE_SIG but this is NOT recommended.
 2014-06-30 11:52:42 -04:00
Michael Rash
77384a904e [server] add access.conf variable GPG_FINGERPRINT_ID 
Add a new GPG_FINGERPRINT_ID variable to the access.conf file
so that full GnuPG fingerprints can be required for incoming SPA packets
in addition to the appreviated GnuPG signatures listed in GPG_REMOTE_ID.
From the test suite, an example fingerprint is

GPG_FINGERPRINT_ID            00CC95F05BC146B6AC4038C9E36F443C6A3FAD56
 2014-06-30 11:11:09 -04:00
Michael Rash
e41e0f5aaf [test suite] added iptables OUTPUT chain test 2014-06-24 22:54:27 -04:00
Michael Rash
a4615a76b5 [test suite] add Rjindael HMAC --no-ipt-check-support test for udp/53 2014-06-24 18:21:46 -04:00
Michael Rash
125f99aa3b [test suite] updated --gdb mode to run the first found fwknop command from an output/*.test file 2014-06-24 17:50:50 -04:00
Michael Rash
3557158620 [test suite] add valgrind suppressions for libfiu 2014-06-16 17:14:52 -04:00
Michael Rash
389e55ddfc [test suite] consolidate valgrind success/failure criteria into a single function 2014-06-16 17:13:54 -04:00
Michael Rash
55a03f3392 [test suite] added suppressions to fko-wrapper/run_valgrind.sh 2014-06-16 17:12:59 -04:00
Michael Rash
4878607254 [libfko] removed fko_new_strdup() fault injection tag since fko_destroy() isn't called 2014-06-16 17:11:52 -04:00
Michael Rash
42a20616b4 [libfko] additional fault injection additions with test suite support 2014-06-14 21:27:18 -04:00
Michael Rash
c00a3e7b26 [test suite] additional fault injection tests 2014-06-12 20:29:54 -04:00
Michael Rash
13ca6261b3 [test suite] minor update to not parse crash messages out of crash test output file 2014-06-12 20:29:24 -04:00
Michael Rash
06ce514111 [test suite] add several fault injection tests 2014-06-12 00:02:18 -04:00
Michael Rash
d8b2ae370a [test suite] always run crash check at the end of test run 2014-06-12 00:01:58 -04:00
Michael Rash
b8ad48eaa9 [test suite] added fiu-run fault injection tests against the fwknopd server 2014-06-10 09:34:48 -04:00
Michael Rash
989d48b7e9 [test suite] make valgrind suppressions slightly more perscriptive 2014-06-08 20:22:19 -04:00
Michael Rash
7fb2f292bc [test suite] in valgrind mode, make tests fail whenever there are 'definitely' or 'indirectly' lost bytes in memory 2014-06-08 20:20:19 -04:00
Michael Rash
dfeecf5c29 [test suite] additional fix for duplicate fault injection tags 2014-06-06 10:31:07 -04:00
Michael Rash
1b4d7f5b19 [test suite] minor fix for duplicate fault injection tags 2014-06-06 10:25:33 -04:00
Michael Rash
6d1d66fe03 add --fault-injection-tag support to the client/server/libfko 
This is a significant commit to add the ability to leverage libfko fault
injections from both the fwknop client and server command lines via a
new option '--fault-injection-tag <tag name>'.  This option is used by
the test suite with the tests/fault_injection.pl tests.
 2014-06-05 23:05:49 -04:00
Michael Rash
6a0af8ed8e [test suite] added coverage_diff.py 
This commit adds support for diff'ing before and after gcov/lcov results
to see when new function/line coverage is added by the test suite.  Here
is an example of its output:

Sun Jun  1 22:28:00 2014 CMD: ./coverage_diff.py
[+] Coverage: /home/mbr/git/fwknop.git/server/config_init.c
[+] new 'fcns' coverage: usage()
[+] new 'lines' coverage: 1015
[+] new 'lines' coverage: 1017
[+] new 'lines' coverage: 1019
[+] new 'lines' coverage: 1059
[+] new 'lines' coverage: 979
[+] Coverage: /home/mbr/git/fwknop.git/server/fw_util_iptables.c
[+] new 'lines' coverage: 560
[+] new 'lines' coverage: 561
 2014-06-01 22:30:54 -04:00
Michael Rash
040b7b10a0 [test suite] add shell escape for /usr/include/* wildcard on lcov command line 2014-05-26 23:15:09 -04:00
Michael Rash
2e150d47a7 restore trustdb.gpg files 2014-05-26 23:06:14 -04:00
Michael Rash
2697bd260c [test suite] fix LD_LIBRARY_PATH for fiu-run execution against fko-wrapper binaries 2014-05-26 22:53:44 -04:00
Michael Rash
ddaf0134d6 use fiu.h instead of fiu-local.h 2014-05-26 15:54:12 -04:00
Michael Rash
e893ecad21 [test suite] added first test to run fwknop client underneath fiu-run for libc fault injection 2014-05-26 15:09:02 -04:00
Michael Rash
a1f1e4b328 [test suite] in --enable-fuzzing-interfaces mode create fko-wrapper/send_spa_payloads file if it does exist 2014-05-26 14:18:27 -04:00
Michael Rash
237602114f [test suite] minor fko_wrapper comment update 2014-05-26 08:40:26 -04:00