DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
482 Commits 15 Branches 0 Tags
Commit Graph

482 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Rash
65b2acd8f5 minor update to print FORCE_NAT settings when access stanzas are printed 2012-07-18 23:17:27 -04:00
Michael Rash
15c76b25cd minor pcap_capture update to not call atoi() against PCAP_LOOP_SLEEP for every sleep interval 2012-07-18 23:00:58 -04:00
Michael Rash
c0aa346890 [test suite] minor hostname bugfix to get 'local NAT' test to work 2012-07-18 22:55:56 -04:00
Michael Rash
72aaeb893e [test suite] better fwknopd is running check 2012-07-18 22:32:16 -04:00
Michael Rash
8ed741dd48 Merge branch 'master' of github.com:mrash/fwknop 2012-07-17 22:20:36 -04:00
Michael Rash
71fc4fe7fe [test suite] file_find_regex() postive vs. negative match styles 
Positive match style requires all regex's to be found, whereas negative match
style only requires seeing one regex.
 2012-07-17 21:55:13 -04:00
Michael Rash
6c73e160d9 Ensure that INPUT rules are added in --nat-local mode 
This change ensures that INPUT rules are added when the fwknop client is used to
request access to a local service with --nat-local mode.
 2012-07-17 21:50:29 -04:00
Michael Rash
981059452b minor file_find_regex() logging prefix update 2012-07-16 22:05:15 -04:00
Michael Rash
1b9f847521 [test suite] added local_nat_fwknopd.conf file for local NAT tests 2012-07-16 21:43:28 -04:00
Michael Rash
de7aa3b619 Add INPUT ACCEPT rule for --nat-local connections 
When using the --nat-local argument on the fwknop client command line, the
fwknopd server needs to add an INPUT ACCEPT rule for the requested access
since the incoming connection is destined for a local socket.  Added test
suite support to test --nat-local access.

[test suite] Minor bug fix to ensure that all file_find_regex() calls return
true if all regex's are matched and false if any regex does not match data in
the specified file.
 2012-07-15 21:32:14 -04:00
Damien Stuart
d49e44dad0 Forgot to update the VERSION file. 2012-07-14 22:10:37 -04:00
Damien Stuart
d5568cb1a1 Bumped version to 2.0.1-pre4 2012-07-14 20:54:05 -04:00
Damien Stuart
2a5bc7ed14 Added tweaks to ipfw command for Mac OS X 2012-07-14 18:22:42 -04:00
Damien Stuart
f06c775654 Merge branch 'master' of ssh://github.com/mrash/fwknop 2012-07-14 10:14:05 -04:00
Damien Stuart
283e213a61 Added gpg validity check. Tweak to rpm spec file. 2012-07-14 10:13:26 -04:00
Michael Rash
c57f4a82b7 bumped version to fwknop-2.0.1-pre3 2012-07-12 22:19:41 -04:00
Michael Rash
3b26157a40 added libfko.dylib test suite fix note to the ChangeLog 2012-07-12 22:18:39 -04:00
Michael Rash
e250776107 [test suite] Bug fix to account for libfko.dylib extension 
Richard Haas reported the test suite failing on Mac OS X systems with the
existence check for the libfko library.  Damien Stuart advised that the library
has a different extention '.dylib' on Mac OS X, so this change accounts for the
difference.
 2012-07-12 22:11:35 -04:00
Michael Rash
86fde0d603 bumped version to 2.0.1-pre2 2012-07-09 22:58:35 -04:00
Michael Rash
2f9368b4d9 added valgrind parsing note 2012-07-09 22:39:13 -04:00
Michael Rash
4d39140148 [test suite] minor directory path bug fix for --diff mode 2012-07-09 22:05:57 -04:00
Michael Rash
e2c34d46fe switched back to older ChangeLog format which is more readable 2012-07-09 21:29:49 -04:00
Michael Rash
06d8f118aa bumped version to 2.0.1-pre1 2012-07-09 16:32:10 -04:00
Michael Rash
b5c6b48cff added dual_key_usage_access.conf to Makefile.am for 'make dist' target 2012-07-09 16:30:26 -04:00
Michael Rash
bc2e41fd47 added unique function names to --enable-valgrind suspect functions test 2012-07-08 21:21:36 -04:00
Michael Rash
9497044f24 added new test in --enable-valgrind mode to collect suspect functions 2012-07-08 15:30:35 -04:00
Michael Rash
be4193d734 Only cache replay digests for SPA packets that decrypt 
This change ensures that we only cache replay digests for those SPA packets
that actually decrypt.  Not doing this would have allowed an attacker to
potentially fill up digest cache space with digests for garbage packets.
 2012-07-08 08:36:30 -04:00
Michael Rash
6b3e5ef3c2 Added a test for a dual-usage key in access.conf 2012-07-08 08:35:50 -04:00
Michael Rash
ba3b7d1d11 Bug fix for multi-stanza key use and replay attack detection 
This commit fixes a bug where the same encryption key used for two stanzas in
the access.conf file would result in access requests that matched the second
stanza to always be treated as a replay attack.  This has been fixed for
the fwknop-2.0.1 release, and was reported by Andy Rowland.  Now the fwknopd
server computes the SHA256 digest of raw incoming payload data before
decryption, and compares this against all previous hashes.  Previous to this
commit, fwknopd would add a new hash to the replay digest list right after
the first access.conf stanza match, so when SPA packet data matched the
second access.conf stanza a matching replay digest would already be there.
 2012-07-07 21:31:30 -04:00
Michael Rash
fcf40b5e6d gcc warning fix fox: fko_decode.c:43:17: warning: variable ‘edata_size’ set but not used [-Wunused-but-set-variable] 2012-05-28 14:22:33 -04:00
Michael Rash
8a73e6dee8 updated PF anchor check to not rely on listing the PF policy 2012-05-28 14:19:52 -04:00
Michael Rash
5c26c0abaa added Ted Wynnychenko for OpenBSD PF testing 2012-05-28 14:18:34 -04:00
Michael Rash
7e8e48412f convert Rijndael blocksize values '16' to use RIJNDAEL_BLOCKSIZE macro 2012-01-15 15:57:45 -05:00
Michael Rash
dd188dc392 added --stat output to ChangeLog 2012-01-02 18:35:41 -05:00
Michael Rash
a36082b543 moved ChangeLog-v2.0 to ChangeLog 2012-01-02 18:33:42 -05:00
Michael Rash
36f21f95ce removed old ChangeLog files 2012-01-02 18:32:35 -05:00
Michael Rash
305708aa27 Added ChangeLog, ShortLog, and diffstat files for the 2.0 release. 2012-01-02 18:26:05 -05:00
Michael Rash
4ecbcba77c bumped version to 2.0 2012-01-02 17:47:01 -05:00
Michael Rash
9dae73d972 added FKO_CHECK_COMPILER_ARG_LDFLAGS_ONLY to fix ro-relocations and immediate binding protection compliation warnings on FreeBSD 2012-01-02 15:26:42 -05:00
Michael Rash
6f6a9d727d minor test suite update to look for linker warnings in a more generic way 2012-01-02 15:25:35 -05:00
Michael Rash
1bd2592d15 minor test suite addition to check for linker input file warnings 2012-01-02 15:10:55 -05:00
Michael Rash
a6a6a004d4 bumped version to 2.0 2012-01-02 11:29:16 -05:00
Michael Rash
ac0bf15ea7 minor wording update subversion -> git 2012-01-02 09:53:36 -05:00
Damien S. Stuart
aff8832d66 Refactored configure.ac to use a custom macro for compiler flag checks. 
Set version to 2.0 (non-release candidate).
Minor typo fixes.
 2011-12-29 14:20:18 -05:00
Michael Rash
99b1a48756 updated copyright and license statement - fwknop is GPL software 2011-12-12 20:41:39 -05:00
Michael Rash
7ac5319847 minor addition of the local_spa.key file for 'make dist' 2011-12-05 22:23:00 -05:00
Michael Rash
7a231a3b72 added local_spa.key file 2011-12-05 22:21:31 -05:00
Michael Rash
3d0ceccf65 added local_spa.key file 2011-12-05 22:20:39 -05:00
Michael Rash
710f98a9b5 minor addition of the CREDITS file for 'make dist' 2011-12-05 22:16:38 -05:00
Michael Rash
9bcd7cb137 Added the CREDITS file for 'make dist' 2011-12-05 22:16:03 -05:00