DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,184 Commits 15 Branches 0 Tags
0c19e5170a9ec5d2f0dfd943e05df514eb26684b
Commit Graph

299 Commits

Author SHA1 Message Date
Michael Rash
0c19e5170a [test suite] added backwards compatibility tests with a dual usage key in access.conf 2013-06-10 21:16:33 -04:00
Michael Rash
88e1e0e099 [test suite] added tests for setting gpg recipient, signer, and homedir via the client rc file 2013-06-09 15:27:19 -04:00
Michael Rash
7a1bdea514 [server] fix 'Use of untrusted string value' bug found by Coverity 
This commit changes iptables policy parsing to re-use rule_exists() for fwknop
jump rule detection instead of using sscanf() against iptables policy list
output.  Also, fwknop jump rules are now deleted from iptables policies in a
loop to ensure all are removed even if there are duplicates (even though this
should not happen under normal circumstances anyway).
 2013-06-09 14:28:17 -04:00
Michael Rash
69ba2d7a06 fko-wrapper update to print fko_errstr() text, and to have one successful HMAC cycle 2013-06-03 20:54:40 -04:00
Michael Rash
66399fed1a Merge remote-tracking branch 'fjoncourt/master' 
Closes #74 - allows a passphrase to be read from STDIN or from a file descriptor
via --fd.
 2013-06-02 22:54:23 -04:00
Michael Rash
164888e075 [test suite] added backwards compatibility test for truncated keys longer > 16 chars 2013-06-02 21:19:19 -04:00
Franck Joncourt
583e1e02c7 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	client/config_init.c
 2013-06-02 21:54:25 +02:00
Franck Joncourt
9fce10abd8 Adding support for reading encryption/key password from a file descriptor. 
* Added tests to the test suite.
 * Updated the usage message.
 * Fixed the password functions.

reference : mrash/fwknop#74
 2013-06-02 21:36:17 +02:00
Michael Rash
b4171fe90c [test suite] minor update to reduce logging noise in valgrind comparison test 2013-05-30 22:50:29 -04:00
Michael Rash
b9bd984768 [test suite] bug fix on FreeBSD to just run the server for the active/expire sets not equal test 2013-05-23 14:44:29 -04:00
Michael Rash
47d235f4fe [test suite] minor formatting update to access.conf files to mimic fwknoprc vars (no colon or trailing semicolon) 2013-05-21 22:12:03 -04:00
Michael Rash
fad0ef8690 [test suite] added 'equal keys' files 2013-05-19 16:15:19 -04:00
Michael Rash
72ab0bf5d5 [test suite] added client -f firewall timeout tests 2013-05-19 15:29:20 -04:00
Michael Rash
15b1382160 [test suite] slurp openssl HMAC from file into single string (it may be binary data) 2013-05-18 16:39:08 -04:00
Michael Rash
23a354fced [client+server] ensure HMAC key and encryption passphrase are not the same 2013-05-18 12:10:18 -04:00
Michael Rash
c02ec41ca0 [test suite] minor bug fix to preserve the init file 2013-05-18 08:34:20 -04:00
Michael Rash
45244114f8 [client] --key-gen bug fix to print keys to stdout 2013-05-17 21:03:16 -04:00
Michael Rash
e73d13e140 minor write_test_file() path bug fix 2013-05-13 23:11:33 -04:00
Michael Rash
4e5fb77dd0 Merge remote-tracking branch 'fjoncourt/master' 
Merged update from Franck - closes issue #71.
 2013-05-13 23:10:26 -04:00
Michael Rash
3246c3c6b0 [test suite] added hmac_get_key_access.conf file 2013-05-12 22:30:28 -04:00
Michael Rash
838782f198 [test suite] added fko_destroy() calls to fko-wrapper 2013-05-12 20:57:19 -04:00
Michael Rash
38395b04c6 [test suite] add -x to run_valgrind.sh fko-wrapper script 2013-05-12 14:43:19 -04:00
Michael Rash
3302dd4220 [test suite] added -g to fko_wrapper Makefile for debugging symbols 2013-05-12 14:42:35 -04:00
Franck Joncourt
31d94d50b1 Added tests to validate the encryption mode for the client. 
Renamed the CBC legacy VI encryption mode by legacy as mentionned in the man page.
 2013-05-12 17:35:19 +02:00
Michael Rash
a8410d8f2a [test suite] allow valgrind coverage test to run after --test-limit 2013-05-11 13:28:55 -04:00
Michael Rash
b92f892ae0 [test suite] minor bug fix for printing the number of test buckets to be executed 2013-05-09 21:11:45 -04:00
Michael Rash
8f423e8b89 [server] added --pcap-any-direction along with config file support 
From the config file comments:

This variable controls whether fwknopd is permitted to sniff SPA packets
regardless of whether they are received on the sniffing interface or sent
from the sniffing interface.  In the later case, this can be useful to have
fwknopd sniff SPA packets that are forwarded through a system and destined
for a different network.  If the sniffing interface is the egress interface
for such packets, then this variable will need to be set to "Y" in order for
fwknopd to see them.  The default is "N" so that fwknopd only looks for SPA
packets that are received on the sniffin

PCAP_ANY_DIRECTION         N;
 2013-05-06 22:23:59 -04:00
Michael Rash
5aac3d978c minor typo fix 2013-05-06 22:22:22 -04:00
Franck Joncourt
a9a143a85d Merge remote-tracking branch 'upstream/master' 2013-05-06 11:52:35 +02:00
Franck Joncourt
d4577ab697 Added new tests to the test suite to validate the --save-rc-stanza command line argument. 2013-05-06 11:49:16 +02:00
Michael Rash
eb143db9a7 [client] added --get-hmac-key to mirror --get-key, closes #68 2013-05-05 21:54:07 -04:00
Franck Joncourt
9f43f7a6ff Merge remote-tracking branch 'upstream/master' 2013-05-04 15:34:34 +02:00
Michael Rash
d61d5b964e [test suite] added Cygwin client compatibility tests 2013-05-03 23:17:24 -04:00
Michael Rash
589a68b97b [test suite] additional iptables init/exit 'no flush' tests 2013-05-03 20:56:05 -04:00
Michael Rash
df5f2d3ac0 [test suite] minor update to not count HMAC OpenSSL tests against non-ascii HMAC keys when the hexkey option is not supported 2013-05-03 20:55:20 -04:00
Michael Rash
5f06cefb02 [test suite] added check for test script inclusion in Makefile.am 2013-05-03 08:35:24 -04:00
Michael Rash
c086105eb1 [server] added tests on Linux systems for the iptables FLUSH_IPT_* vars 2013-05-02 22:29:51 -04:00
Michael Rash
56ef34738e [test suite] add new test files to Makefile.am 2013-05-02 15:08:04 -04:00
Franck Joncourt
23de2d6b5f Removed duplicate variable in the test suite (fake_spoof_ip/spoof_ip). 2013-05-01 15:52:01 +02:00
Franck Joncourt
fca497f0d8 New tests for rc file processing (SPA_SOURCE_PORT, FW_TIMEOUT). 
Added spa source port variable to dump_transmit_options() and renamed port
to destination port.
 2013-05-01 15:29:17 +02:00
Michael Rash
0f24877762 [test suite] minor comment addition so this isn't a zero-byte file 2013-05-01 08:21:11 -04:00
Franck Joncourt
2110790a30 Added new rc file processing tests for the SPA_SERVER_PORT. 2013-04-30 13:54:58 +02:00
Michael Rash
df5066447d Started on --save-rc-stanza tests, client bug fix for HMAC verification in --test mode 2013-04-29 21:43:21 -04:00
Franck Joncourt
b53699ef92 Added tests for the SPA_SERVER_PROTO variable from an rc file. 2013-04-29 22:53:06 +02:00
Michael Rash
ea5bb6937a [test suite] add client rc file processing tests (digest only for now, more coming) 2013-04-28 21:52:14 -04:00
Michael Rash
486f0ea52f [test suite] restore gpg directories after test suite runs 2013-04-27 22:41:17 -04:00
Michael Rash
dd05975217 Merge remote-tracking branch 'fjoncourt/master' 
This merges changes from Franck Joncourt for issues #55 (log module for fwknop)
and #64 (hostname resolution not working for -P icmp spoofing).
 2013-04-27 22:26:38 -04:00
Franck Joncourt
b04de687ce Fixed hostname resolution while spoof ip is used. 
mrash/fwknop#64
 2013-04-27 23:31:40 +02:00
Michael Rash
6b095d948d [test suite] minor openssl verification update to print base64 decode flag value 2013-04-27 12:56:50 -04:00
Michael Rash
5e82adbf3f [test suite] added GPG password required HMAC tests, added --disable-valgrind argument 2013-04-23 21:56:41 -04:00