DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
2,601 Commits 15 Branches 0 Tags
7a9d02ff0052f2092cd6abeef68a4fa0fbb01f74
Commit Graph

707 Commits

Author SHA1 Message Date
Pierre Pronchery
7a9d02ff00 Typo 2018-07-18 22:01:58 +02:00
Pierre Pronchery
3d4b15333d Add IPv6 support to the plain UDP and TCP servers 2018-07-18 00:20:01 +02:00
Pierre Pronchery
5daa522d47 Specify the family at run-time for TCP/UDP servers 
This is still using IPv4 by default for the moment.
 2018-07-18 00:20:01 +02:00
Pierre Pronchery
3b8ff51691 Use a constant for AF_INET 
This should eventually help with portability to IPv6.
 2018-07-18 00:20:01 +02:00
Pierre Pronchery
d1625c71ad Use sizeof() instead of re-using hard-coded values 
This should help with portability for the protocol family eventually.
 2018-07-18 00:20:01 +02:00
Pierre Pronchery
a7ecf432dd Use sizeof() instead of re-using hard-coded values 
This should help with portability for the protocol family eventually.
 2018-07-18 00:20:01 +02:00
Pierre Pronchery
a9c834b6aa Use AF_INET instead of PF_INET 
I believe it should be more portable this way, since AF_INET is required
to be present in <sys/socket.h> in POSIX.
 2018-07-18 00:20:01 +02:00
Pierre Pronchery
c3acef56ef Rework IPv6 support when comparing addresses 2018-07-18 00:20:01 +02:00
Pierre Pronchery
083f812e2c Allow access control "ANY" with any protocol family 2018-07-18 00:20:01 +02:00
Pierre Pronchery
f95fcc75a2 Let access list stanzas be defined in IPv6 2018-07-18 00:20:01 +02:00
Pierre Pronchery
d115b4325d Interpret incoming addresses according to their family 2018-07-18 00:20:01 +02:00
Pierre Pronchery
c49c96b77c Add support for receiving SPA messages over IPv6 2018-07-18 00:20:01 +02:00
Pierre Pronchery
fe1704c41f Rework the network listening routine some more 2018-07-18 00:20:01 +02:00
Pierre Pronchery
f23d9d4b34 Rework the network listening routine 2018-07-18 00:20:01 +02:00
Pierre Pronchery
50f56a581f Fix the configuration variable name for GPG_DECRYPT_PW 2018-07-10 11:31:54 +02:00
Pierre Pronchery
5228fe88d0 Avoid compilation warnings from ctype(3) helpers 
Characters should be casted as unsigned before use in functions from
<ctype.h>. Otherwise the compiler treats 8-bit characters (eg UTF-8) as
negative values (since it expects signed integers) and they no longer
match the comparison tables. Worse, the character 0xff gets interpreted
as -1 (like EOF). In turn, it helps to explicitly cast the result as a
signed integer, since this is what is expected. Characters in the range
0x80-0xff do keep their original values.

See the manual page for ctype(3) for more details (eg from NetBSD)
 2018-06-12 14:01:22 -04:00
Michael Rash
ecb25a042c regenerate fwknopd man page with Jonathan's pcap loop fix 2017-09-18 22:25:52 -04:00
Michael Rash
be39f1a6f7 [server] call exit() upon execvpe() error, fixes #235 2016-10-10 20:38:38 -04:00
Michael Rash
836335ed41 [server] add strerror() to fopen() failures for the digest cache file 2016-10-09 09:35:17 -04:00
Michael Rash
f5509bcd0c [server] Add MAX_FW_TIMEOUT to access.conf variables. 
[server] Add MAX_FW_TIMEOUT to access.conf stanzas to allow a
maximum number of seconds for client-specified timeouts in SPA packets.
This fixes issue #226 which was spotted by Jeremiah Rothschild.
 2016-09-29 22:18:13 -04:00
Markus Gerstel
2b365abcee fix spelling errors flagged by Debian lintian 2016-08-22 22:53:46 +01:00
Michael Rash
779029e8bb doc update 2016-06-08 20:38:40 -04:00
Michael Rash
ae417e43bb recognize Jonathan as a core developer 2016-06-06 20:23:46 -04:00
Michael Rash
5f15119190 clarify GPL v2+ for the license per issue #222 2016-06-03 22:08:15 -04:00
Michael Rash
dd1f05c030 Merge pull request #221 from oneru/master 
[Server] slightly broadens FORWARD rule matching, disables rewriting …
 2016-05-31 21:11:25 -04:00
Jonathan Bennett
3d044a2d04 Minor wording change to error message 2016-05-30 14:32:33 -05:00
Jonathan Bennett
b5db9c66d3 [Server] Free the access list on invalid hostname, fixes memory leak. 2016-05-29 23:40:14 -05:00
Jonathan Bennett
67c46de9dd Minor error message wording fix, also fixes test suite test 2016-05-29 20:07:12 -05:00
Jonathan Bennett
d448004f38 [Server] slightly broadens FORWARD rule matching, disables rewriting sport for snat 2016-05-29 14:13:53 -05:00
Jonathan Bennett
246d8a1db7 [Server] enable global fw variable even for access stanzas that enable command exec 2016-05-29 14:01:53 -05:00
Michael Rash
919156fdf0 apply doc updates to man pages 2016-05-28 09:29:34 -04:00
Michael Rash
74ddbf63b2 minor documentation updates 2016-05-27 23:15:39 -07:00
Michael Rash
6e54e9452a [test suite] add ENABLE_RULE_PREPEND test 2016-05-26 19:21:07 -07:00
Jonathan Bennett
71cea19f3d [Server] Respond to set signal handler failure with clean_exit 2016-05-24 22:00:21 -05:00
Jonathan Bennett
db1cdd2fea [Server] Moves signal handling code to earlier in fwknopd initialization 
Also serves to de-duplicate code slightly
 2016-05-24 20:48:40 -05:00
Michael Rash
270d8bea62 [test suite] fault injection test for build_cmd() error path 2016-05-24 18:40:44 -07:00
Michael Rash
05ede9fe0d [server] minor printf() -> log_msg() update 2016-05-21 06:17:28 -07:00
Michael Rash
ae15e00f0b [server] minor change to set default timeout 2016-05-20 18:42:52 -07:00
Jonathan Bennett
a4273d3627 Server: Add extra check for failing firewall cmd 2016-05-19 23:25:01 -05:00
Jonathan Bennett
7bcd9f7793 Server: Allow more time for server shutdown 2016-05-19 13:50:12 -05:00
Michael Rash
272cd05dc6 Merge branch 'master' of https://github.com/mrash/fwknop 2016-05-11 22:05:35 -07:00
Michael Rash
dd319d5609 Merge pull request #218 from oneru/test-suite 
Test suite: Adds workaround for tcp server test
 2016-05-12 22:05:29 -04:00
Michael Rash
60a9cc203b Merge branch 'master' of ssh://192.168.10.1/home/mbr/git/fwknop 2016-05-11 22:05:20 -07:00
Michael Rash
ba5f5e2424 add sha3_256 sha3_512 to man page docs 2016-05-12 22:23:54 -04:00
Jonathan Bennett
66eedd4f7f Test suite: Adds workaround for tcp server test 2016-05-11 19:31:48 -05:00
Damien Stuart
7c84cadd43 Added missing parens on if statement (was causing compiler error on fw_util_iptables). 2016-05-10 22:43:11 -04:00
Michael Rash
23d70f1aa3 Merge pull request #216 from oneru/add-nat-validation 
Add nat validation
 2016-05-08 21:53:13 -04:00
Jonathan Bennett
b517fdad44 Add checks to avoid calling strlen on a null pointer 2016-05-08 00:41:45 -05:00
Jonathan Bennett
b088030ad5 Adds hostname validation for hostname in NAT on server 2016-05-07 23:21:01 -05:00
Jonathan Bennett
ddc422125f Style changes, and avoid returning undefined value in fw_util functions 2016-05-07 22:36:39 -05:00