This commit bumps the fwknop version to 2.5 and sets the libfko version to 2.0 to
signal incompatibility with older libfko versions. Backwards compatibility is
maintained in SPA packet construction, but function prototypes in libfko-2.0 are
no longer compatible with older versions.
This commit also returns non-zero exit status under 'fwknopd --status' if there
is no existing fwknopd process. This is better than always exiting with a zero
status regardless of whether fwknopd is already running or not, and adds a level
of scriptability to --status usage. This change was suggested by George Herlin.
The client --test mode decrypts SPA packet data as a final step, but get_keys()
was being called to re-acquire the encryption/HMAC keys. This commit reuses
the same keys that were supplied for SPA packet encryption/authentication
because the most important code to test is not get_keys() but rather libfko
encryption/decryption/authentication operations.
This change brings similar functionality to the client as the GPG_ALLOW_NO_PW
keyword in the server access.conf file. Although this option is less likely
to be used than the analogous server functionality, it stands to reason that
the client should offer this feature. The test suite has also been updated to
not use the --get-key option for the 'no password' GPG tests.
* Added new constant LOG_WITHOUT_SYSLOG to be able to print messages to
stderr only.
* Renamed LOG_STDERR_MASK as LOG_VERBOSITY_MASK for a better understanding.
* log_msg : New log_set_verbosity(): It sets the default verbosity for the
log module according to the verbose option set by the user through the command
line.
* Remove useless checks of the verbose option when log_msg() is invoked.
Blair Zajac contributed a patch to handle endian detection on PPC systems
and issue a compile time error if it cannot be determined. This commit affects
the BYTEORDER macro.
Blair Zajac reported that strndup() is not available on some PPC systems, so
this commit switches to use the local lib/fko_util.c implementation similarly
to what is done for Windows systems.
This commit changes iptables policy parsing to re-use rule_exists() for fwknop
jump rule detection instead of using sscanf() against iptables policy list
output. Also, fwknop jump rules are now deleted from iptables policies in a
loop to ensure all are removed even if there are duplicates (even though this
should not happen under normal circumstances anyway).
