DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,540 Commits 15 Branches 0 Tags
5176cd09760fbb4de87cbbbbd4ea8bb00cb8dd8c
Commit Graph

123 Commits

Author SHA1 Message Date
Michael Rash
5176cd0976 [test suite] additional test coverage for client/config_init.c 2014-04-06 21:27:15 -04:00
Michael Rash
4d63644ce7 [test suite] additional test coverage for client/config_init.c 2014-04-06 15:42:22 -04:00
Michael Rash
710720b237 [test suite] non-default stanza digest update test 2014-04-05 23:09:04 -04:00
Michael Rash
e95d601a48 [test suite] added --key-gen -K file path too long test 2014-04-05 21:51:56 -04:00
Michael Rash
48eb5fcc94 [test suite] added key file path too long tests 2014-04-05 21:29:24 -04:00
Michael Rash
d0d77ba67f [test suite] added rc file path too long test 2014-04-05 08:19:20 -04:00
Michael Rash
1ec1443768 [test suite] add several validation tests to exercise various client/config_init.c lines 2014-04-04 23:03:03 -04:00
Michael Rash
b8492d4319 [test suite] added --key-rijndael and --key-hmac tests 2014-04-03 22:52:53 -04:00
Michael Rash
2da2704d4c [test suite] fwknoprc GPG tests, more time offset tests 2014-04-03 19:30:58 -04:00
Michael Rash
e4a382a87f [test suite] save pkt to file tests 2014-04-03 10:04:52 -04:00
Michael Rash
083db46416 [test suite] added popen() 'n' answer test 2014-04-03 08:56:27 -04:00
Michael Rash
00fed6132c [test suite] additional save rc file variable coverage 2014-04-02 23:55:00 -04:00
Michael Rash
e60d491864 [test suite] basic ops save rc stanza --encryption-mode tests 2014-04-01 14:22:10 -04:00
Michael Rash
78dd3ea43b [test suite] basic ops save rc stanza time offset minus test 2014-04-01 14:19:49 -04:00
Michael Rash
9f10c3ede6 [test suite] basic ops save rc stanza time offset tests 2014-04-01 14:18:14 -04:00
Michael Rash
b005287aa6 [test suite] basic ops get key tests 2014-04-01 14:09:00 -04:00
Michael Rash
f2484e599f [test suite] rc file time offset tests 2014-04-01 10:41:36 -04:00
Michael Rash
50e454216c [test suite] additional critical var popen() tests 2014-03-31 13:54:10 -04:00
Michael Rash
8ed9728fd3 [test suite] add coverage test for client -M legacy truncated key 2014-03-31 13:44:46 -04:00
Michael Rash
5b6c3768fb [test suite] exercise client rc file ask overwrite feature via popen() 2014-03-31 08:02:08 -04:00
Michael Rash
3ca546092b [test suite] additional rc file code coverage tests 2014-03-29 22:23:45 -04:00
Michael Rash
a9fb3c05db [test suite] minor typo fix 2014-03-29 21:45:10 -04:00
Michael Rash
22b1b2d9d2 [test suite] additional client/config_init.c code coverage test for fwknoprc file parsing 2014-03-29 21:44:24 -04:00
Michael Rash
9c86477e72 [test suite] HTTP proxy tests for client/spa_comm.c test coverage 2014-03-29 15:05:52 -04:00
Michael Rash
535bcdf2a6 [test suite] IP resolution tests for client/http_resolve_host.c coverage 2014-03-29 14:53:52 -04:00
Michael Rash
73bc473563 [client+server] verify GnuPG signatures by default 
- [server] When GnuPG is used, the default now is to require that
incoming SPA packets are signed by a key listed in GPG_REMOTE_ID for each
access.conf stanza. In other words, the usage of GPG_REQUIRE_SIG
is no longer necessary in order to authenticate SPA packets via the
GnuPG signature. Verification of GnuPG signatures can be disabled with a
new access.conf variable GPG_DISABLE_SIG, but this is NOT a
recommended configuration.
- [client+server] Add --gpg-exe command line argument and GPG_EXE
config variable to ~/.fwknoprc and the access.conf file so that the path
to GnuPG can be changed from the default /usr/bin/gpg path.
 2014-03-25 19:53:13 -04:00
Michael Rash
00f878c5ed [test suite] add --spoof-user test 2014-03-17 22:36:49 -04:00
Michael Rash
b33a6e4c22 [test suite] ensure the fko multi-call wrapper is executed under valgrind 2014-03-17 21:43:36 -04:00
Michael Rash
2f9c20fb27 [test suite] minor bug fix to add udpraw mode for spoofed src test 2014-03-16 09:11:31 -04:00
Michael Rash
9e990c9be0 fix header non-ascii chars, and introduce test suite support for detecting this in source files 2014-03-14 09:14:35 -04:00
Michael Rash
ad512ff6e7 [test suite] added Rijndael+HMAC SPOOF_SRC fwknoprc file test 2014-03-13 21:43:51 -04:00
Michael Rash
4181b43f55 [test suite] Added Rijndael+HMAC NAT rand port via client rc file test 2014-03-13 20:10:26 -04:00
Michael Rash
83595bdabb [test suite] Added Rijndael+HMAC command execution test 2014-03-13 19:40:47 -04:00
Michael Rash
873b06b422 [test suite] added portrange bpf filter test 2014-02-07 07:49:50 -05:00
Michael Rash
63a829803e [test suite] added --client-only mode for the test suite 2014-01-17 09:19:13 -05:00
Michael Rash
a347be354d merged android4.4_support branch 2014-01-10 22:46:54 -05:00
Michael Rash
283c72e463 [test suite] run fko-wrapper without valgrind, closes #113 2013-12-29 19:59:16 -05:00
Michael Rash
509dcf93dd [android] added HMAC test along with non-legacy Rijndael test 2013-12-23 23:15:11 -05:00
Michael Rash
aeed8323f7 [test suite] multi-packet pcap test for pcap_dispatch() validation 
This commit adds a new pcap file to the test suite with an SPA packet after
99 other garbage packets.  This can be used for pcap_dispatch() testing,
though this is not meant to be super instensive - it is just to ensure that
if a PCAP_DISPATCH_COUNT of, say, 10 is selected that the SPA is still seen
by fwknopd.  This commit is in support of #110.
 2013-12-10 21:56:20 -06:00
Michael Rash
46b5f2ecaf [server] added the ability to use FORCE_MASQUERADE to access.conf stanzas 2013-12-05 23:00:19 -05:00
Michael Rash
e0114e60c2 [server] Added FORCE_SNAT to access.conf stanzas. 
Added FORCE_SNAT to the access.conf file so that per-access stanza SNAT
criteria can be specified for SPA access.
 2013-12-04 21:52:07 -05:00
Michael Rash
d7aa820e33 [server] Bug fix for SPA NAT modes on iptables firewalls for chain re-creation 
For SPA NAT modes this commit ensures that custom fwknop chains are re-created
if they get deleted out from under the running fwknopd instance.
 2013-12-03 21:42:23 -05:00
Michael Rash
bd73ceb5bd [test suite] added FreeBSD-9.2 and OpenBSD-5.4 compatibility tests 2013-11-27 21:58:13 -05:00
Michael Rash
c382febf3d [client] use libfko is_valid_ipv4_addr() for IP address validation 2013-11-26 23:48:56 -05:00
Michael Rash
6dd5ab8e35 [test suite] added --cmd-verbose to control fwknop command verbosity levels 
This commit provides an easy way to control how verbose fwknop command
execution will be.  For example, fwknopd only calls hex_dump() against
SPA packets when --verbose > 2, so invoking the tests suite as follows
will result in hex_dump() being included in fwknopd output (see the
output/1_fwknopd.test file:

./test-fwknop.pl --include "Rijndael.*complete.*22" --test-limit 1 --cmd-verbose "--verbose --verbose --verbose"

[+] candidate SPA packet payload:

  0x0000:  39 62 72 51 58 75 7a 4b  57 54 53 67 57 56 35 66 9brQXuzKWTSgWV5f
  0x0010:  73 63 78 42 35 78 69 51  65 6c 55 4f 53 78 69 45 scxB5xiQelUOSxiE
  0x0020:  51 30 59 6a 41 50 70 31  4f 70 43 62 32 51 4a 4c Q0YjAPp1OpCb2QJL
  0x0030:  48 34 42 65 68 64 6d 47  35 49 31 50 36 2f 5a 69 H4BehdmG5I1P6/Zi
  0x0040:  6a 34 4b 41 62 34 53 68  6a 59 66 4f 71 2b 46 6c j4KAb4ShjYfOq+Fl
  0x0050:  4a 35 52 75 70 33 39 6f  6e 65 42 79 72 51 46 57 J5Rup39oneByrQFW
  0x0060:  61 38 6c 37 63 48 6e 38  5a 54 36 59 6e 55 56 47 a8l7cHn8ZT6YnUVG
  0x0070:  50 36 6e 53 6f 69 30 61  70 72 32 52 39 62 6b 56 P6nSoi0apr2R9bkV
  0x0080:  37 50 61 67 41 61 6b 49  44 63 58 59 44 6b 2f 64 7PagAakIDcXYDk/d
  0x0090:  67 51 45 61 37 39 32 6f  30 4d 38 6e 30 30 6e 35 gQEa792o0M8n00n5
  0x00a0:  55                                               U
 2013-11-22 23:00:20 -05:00
Michael Rash
28a915c8c8 [test suite] added short and long IP tests (1.1.1.1 and 123.123.123.123) 2013-11-20 23:10:36 -05:00
Michael Rash
8cb5653d5e [test suite] minor update for SNAT tests to not restrict --fw-list search to 127.0.0.2 2013-11-18 22:22:02 -05:00
Michael Rash
a9cc97cd2a [test suite] added tests/code_structure.pl with a test for expected lib/fko.h error code fko_errstr() handling 2013-11-16 23:22:25 -05:00
Michael Rash
cb2fc3abbe [test suite] handle LD_LIBRARY_PATH from the main test-fwknop.pl script 2013-11-14 22:47:13 -05:00
Michael Rash
a6f030412f [test suite] added Rijndael/HMAC compatibility tests for Mac OS X 10.9 2013-11-14 10:37:36 -05:00