DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
2,367 Commits 15 Branches 0 Tags
Commit Graph

2367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Rash
75b059af76 [test suite] use killall to ensure fwknopd is stopped between tests 2015-12-10 14:33:51 -08:00
Michael Rash
4cab37acf9 [test suite] client --time-offset code coverage 2015-12-10 14:32:30 -08:00
Jonathan Bennett
a0c4acd31c Adds the --access-folder command line option 2015-12-10 12:45:28 -06:00
Jonathan Bennett
186101d298 Add the %include_folder directive 2015-12-10 11:16:50 -06:00
Michael Rash
d509925822 [extras] add build support for Google's UndefinedBehaviorSanitizer 2015-12-09 18:19:42 -08:00
Michael Rash
60919a9141 [test suite] make ASan error detection more generic to catch things like LeakSanitizer errors 2015-12-09 17:16:38 -08:00
Michael Rash
0c455ebf9c [test suite] ensure fko-wrapper passes 16-byte string to fko_set_rand_value() 2015-12-09 17:15:48 -08:00
Jonathan Bennett
abad765212 Only initialize the access stanze data on the root access.conf file. 2015-12-09 00:13:53 -06:00
Michael Rash
ae1e804ea1 [test suite] add test for access.conf include directive 2015-12-08 19:51:51 -08:00
Michael Rash
947dbfe6ae Merge branch 'master' into access_conf_includes 2015-12-08 19:04:32 -08:00
Michael Rash
95383149cb [server] bug fix to honor CMD_EXEC_USER and CMD_SUDO_EXEC_USER vars 2015-12-08 19:01:53 -08:00
Michael Rash
3e3bf0d122 Merge branch 'master' into accesss_conf_includes 2015-12-07 18:18:27 -08:00
Michael Rash
4f81dd7747 [server] local NAT should not be enabled by default 2015-12-07 16:51:19 -08:00
Michael Rash
35558097cc [test suite] fix FORCE_NAT and FORCE_SNAT required server regex matches 2015-12-05 16:07:01 -08:00
Michael Rash
a8ec29affa [server] minor cleanup for incoming SPA packet processing 2015-12-05 16:06:25 -08:00
Michael Rash
51c0efb665 [test suite] minor var addition for Rijndael key existence test 2015-12-05 07:00:24 -08:00
Michael Rash
b6674aba6f [server] allow ENABLE_IPT_LOCAL_NAT to enable FORCE_NAT features 2015-12-05 06:05:58 -08:00
Michael Rash
2c74372a4e [test suite] fix fko_set_username_strdup fault injection test 2015-12-05 05:50:39 -08:00
Michael Rash
793813e8ef [test suite] add missing coverage report to coverage_diff.py 2015-12-05 05:46:10 -08:00
Michael Rash
044ebf5e73 [test suite] add -O and -N to coverage diff'ing utility 2015-12-05 05:36:51 -08:00
Michael Rash
988075b52b [server] bug fix to honor client timeout SPA messages in --nat-local mode, fixes #173 2015-12-04 19:36:51 -08:00
Michael Rash
d4ca18dae6 [test suite] more comprehensive code coverage driven by fko-wrapper 2015-12-04 19:04:23 -08:00
Michael Rash
f89af3b8c1 add libfko fko_set_username() crash ChangeLog message 2015-12-04 19:03:22 -08:00
Michael Rash
21149faf89 [libfko] fko_set_username() crash bug fix. 
Bug fix for a crash in libfko that could be triggered in fko_set_username()
when a username that is 64 chars or longer is specified. This crash
cannot be triggered in fwknopd even if an SPA packet contains such a
username however due to additional protections in the SPA decoding
routines. Further, this bug does not apply to the main fwknop client
either because the maximal username size is truncated down below 64
bytes. Hence, this bug only applies to client-side software that is
directly using libfko calling the fko_set_username() function.
 2015-12-04 19:01:26 -08:00
Michael Rash
a000bcd4a0 [client] minor formatting update 2015-12-04 18:49:24 -08:00
Jonathan Bennett
c3d50a9503 Unwind the recursive access.conf properly on an error 
and remove a debugging log message.
 2015-12-04 18:34:09 -06:00
Jonathan Bennett
1e34a3430c Add access.conf %include depth tracking 2015-12-04 18:16:57 -06:00
Jonathan Bennett
ce0b7f6727 Initial work on access.conf includes 2015-12-03 23:23:42 -06:00
Michael Rash
c67008b6a8 minor fault injection tag rework for fko_set_rand_value() and fko_set_username() 2015-11-30 12:28:59 -08:00
Michael Rash
343d0b7f44 Merge branch 'master' of ssh://github.com/mrash/fwknop 2015-11-29 21:31:30 -05:00
Michael Rash
0adb4ac2ba add -fPIC to enforce position-independent code (necessary for gcc > 5.0), fixes #170 2015-11-29 21:30:41 -05:00
Damien Stuart
d2cef1746c Initial update for NETFILTER_QUEUE support. These changes are not tested at all as they were edit on a Mac, but are linux-specific. 2015-11-28 15:03:39 -05:00
Michael Rash
50a5f76080 Merge pull request #171 from vaygr/client-timeout 
respect CMD_CYCLE_TIMER
 2015-11-27 09:47:16 -05:00
Vlad Glagolev
eb88e0ab00 respect CMD_CYCLE_TIMER 2015-11-27 17:44:34 +03:00
Michael Rash
8c7a007a4a [test suite] differentiate TIMEOUT vs. CLIENT_TIMEOUT values in command open close cycles 2015-11-17 22:41:22 -08:00
Michael Rash
f6829fe527 [test suite] added command cycle close NONE test 2015-11-17 22:08:58 -08:00
Michael Rash
0bf4993071 [server] minor update to replace a string compare for command cycle close exclusions 2015-11-17 21:19:59 -08:00
Michael Rash
47663f4215 Merge pull request #169 from vaygr/client-timeout 
added substitution support for CLIENT_TIMEOUT
 2015-11-19 20:55:29 -05:00
Vlad Glagolev
37cc375ea3 added substitution support for CLIENT_TIMEOUT 2015-11-19 21:39:07 +03:00
Michael Rash
cfa02859eb [server] don't run firewall handling code for command-only modes 2015-11-17 20:48:37 -08:00
Michael Rash
882624a2a0 [server] allow 'NONE' to short circuit close command execution 2015-11-13 11:18:19 -08:00
Michael Rash
b0f25ae2e8 [server] (Vlad Glagolev) Add client timeouts to command open/close cycle operations 2015-11-13 08:41:39 -08:00
Michael Rash
51de939846 [test suite] add open/close --fw-timeout test 2015-11-13 08:33:44 -08:00
Michael Rash
97faa2dbdf minor docs update 2015-11-10 21:40:57 -05:00
Michael Rash
347ee04827 [test suite] minor rework of signals to fwknopd 2015-11-08 17:49:04 -08:00
Michael Rash
8484e3ea7a [test suite] add unhandled signal (SIGTSTP) to signal handling test 2015-11-07 13:35:51 -08:00
Michael Rash
2f49be6cb0 [server] For SIGHUP processing, don't send the TCP server SIGTERM unless it is running 2015-11-01 01:58:47 -08:00
Michael Rash
d3dcfc9cf4 Merge remote-tracking branch 'origin/master' into cmd_open_close_cycle 2015-10-31 10:37:06 -07:00
Damien Stuart
02049cb473 Added AM_CONDITIONAL to check if OS is Darwin (Apple) and not use the --whole-archive option if it is. 2015-11-02 23:02:22 -05:00
Damien Stuart
0ef8ba5259 Added use of --whole-archive for linking libfko_util.a to libfko.so. This takes care of the unresolved symbols (from libfko_util) when linking libfko.so. 2015-11-02 21:41:26 -05:00