DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,062 Commits 15 Branches 0 Tags
9f9bbcbcdd8a47ee29bf60bb2f2728685bbc7aec
Commit Graph

273 Commits

Author SHA1 Message Date
Michael Rash
8f423e8b89 [server] added --pcap-any-direction along with config file support 
From the config file comments:

This variable controls whether fwknopd is permitted to sniff SPA packets
regardless of whether they are received on the sniffing interface or sent
from the sniffing interface.  In the later case, this can be useful to have
fwknopd sniff SPA packets that are forwarded through a system and destined
for a different network.  If the sniffing interface is the egress interface
for such packets, then this variable will need to be set to "Y" in order for
fwknopd to see them.  The default is "N" so that fwknopd only looks for SPA
packets that are received on the sniffin

PCAP_ANY_DIRECTION         N;
 2013-05-06 22:23:59 -04:00
Michael Rash
5aac3d978c minor typo fix 2013-05-06 22:22:22 -04:00
Franck Joncourt
a9a143a85d Merge remote-tracking branch 'upstream/master' 2013-05-06 11:52:35 +02:00
Franck Joncourt
d4577ab697 Added new tests to the test suite to validate the --save-rc-stanza command line argument. 2013-05-06 11:49:16 +02:00
Michael Rash
eb143db9a7 [client] added --get-hmac-key to mirror --get-key, closes #68 2013-05-05 21:54:07 -04:00
Franck Joncourt
9f43f7a6ff Merge remote-tracking branch 'upstream/master' 2013-05-04 15:34:34 +02:00
Michael Rash
d61d5b964e [test suite] added Cygwin client compatibility tests 2013-05-03 23:17:24 -04:00
Michael Rash
589a68b97b [test suite] additional iptables init/exit 'no flush' tests 2013-05-03 20:56:05 -04:00
Michael Rash
df5f2d3ac0 [test suite] minor update to not count HMAC OpenSSL tests against non-ascii HMAC keys when the hexkey option is not supported 2013-05-03 20:55:20 -04:00
Michael Rash
5f06cefb02 [test suite] added check for test script inclusion in Makefile.am 2013-05-03 08:35:24 -04:00
Michael Rash
c086105eb1 [server] added tests on Linux systems for the iptables FLUSH_IPT_* vars 2013-05-02 22:29:51 -04:00
Michael Rash
56ef34738e [test suite] add new test files to Makefile.am 2013-05-02 15:08:04 -04:00
Franck Joncourt
23de2d6b5f Removed duplicate variable in the test suite (fake_spoof_ip/spoof_ip). 2013-05-01 15:52:01 +02:00
Franck Joncourt
fca497f0d8 New tests for rc file processing (SPA_SOURCE_PORT, FW_TIMEOUT). 
Added spa source port variable to dump_transmit_options() and renamed port
to destination port.
 2013-05-01 15:29:17 +02:00
Michael Rash
0f24877762 [test suite] minor comment addition so this isn't a zero-byte file 2013-05-01 08:21:11 -04:00
Franck Joncourt
2110790a30 Added new rc file processing tests for the SPA_SERVER_PORT. 2013-04-30 13:54:58 +02:00
Michael Rash
df5066447d Started on --save-rc-stanza tests, client bug fix for HMAC verification in --test mode 2013-04-29 21:43:21 -04:00
Franck Joncourt
b53699ef92 Added tests for the SPA_SERVER_PROTO variable from an rc file. 2013-04-29 22:53:06 +02:00
Michael Rash
ea5bb6937a [test suite] add client rc file processing tests (digest only for now, more coming) 2013-04-28 21:52:14 -04:00
Michael Rash
486f0ea52f [test suite] restore gpg directories after test suite runs 2013-04-27 22:41:17 -04:00
Michael Rash
dd05975217 Merge remote-tracking branch 'fjoncourt/master' 
This merges changes from Franck Joncourt for issues #55 (log module for fwknop)
and #64 (hostname resolution not working for -P icmp spoofing).
 2013-04-27 22:26:38 -04:00
Franck Joncourt
b04de687ce Fixed hostname resolution while spoof ip is used. 
mrash/fwknop#64
 2013-04-27 23:31:40 +02:00
Michael Rash
6b095d948d [test suite] minor openssl verification update to print base64 decode flag value 2013-04-27 12:56:50 -04:00
Michael Rash
5e82adbf3f [test suite] added GPG password required HMAC tests, added --disable-valgrind argument 2013-04-23 21:56:41 -04:00
Michael Rash
4ea683678b [test suite] added gpg_no_pw_hmac_access.conf file 2013-04-22 20:59:32 -04:00
Michael Rash
f02cc0ddd2 Added HMAC support to GPG encryption modes, closes #58 2013-04-22 20:45:59 -04:00
Michael Rash
2f72960e0f [test suite] clean command tmp files before and after each test 2013-04-21 21:13:15 -04:00
Michael Rash
6c1b755bea [test suite] removed unnecessary comment lines from test config files 2013-04-20 15:31:26 -04:00
Michael Rash
387b6e40d3 [test suite] updated non-based64 keys in non-base64 key files 2013-04-20 11:09:48 -04:00
Michael Rash
e447ef57c0 [test suite] bug fix to properly extract 'KEY' variable for Rijndael key information 2013-04-20 11:04:53 -04:00
Michael Rash
9a366c2d67 [test suite] consolidated client/server interaction result variables into client_server_interaction() 2013-04-19 19:43:15 -04:00
Michael Rash
f010d88016 removed trailing semicolon from KEY value 2013-04-19 19:42:06 -04:00
Michael Rash
a61939c005 [test suite] Reorganize client/server interactions to be more rigorous 
This is a significant commit that alters how the test suite interacts with the
fwknop client and server by looking for indications that SPA packets are
actually received.  This is done by first waiting for 'main event loop' in
fwknopd log output to ensure that fwknopd is ready to receive packets, sending
the SPA packet(s), and then watching for for 'SPA Packet from IP' in fwknopd
output.  This is an improvement over the previous strategy that was only based
on timeout values since it works identically regardless of whether fwknop is
being run under valgrind or when the test suite is run on an embedded system
with very limited resources.  Another check is run for fwknopd receiving the
SIGTERM signal to shutdown via 'fwknopd -K', and that failing, the test suite
manually kills the process (though this should be rarely needed).

The above strategy is the result of discussions with George Herlin who proposed
the verification-based approach to test suite operations.

Other things this commit changes is the ability to detect whether OpenSSL
supports the 'hexkey:<key>' style specification for HMAC keys (an older version
of FreeBSD doesn't support this) and falls back to the '-hmac <key>' method if
not.
 2013-04-18 09:35:23 -04:00
Michael Rash
cbf751e8dd [test suite] check for fwknopd ready to receive packets 
This commit was inspired through conversations with George Herlin.
 2013-04-12 21:50:47 -04:00
Michael Rash
c112cb4811 [test suite] get hmac iptables duplicated and sha512 long key tests to pass 2013-04-10 23:31:58 -04:00
Michael Rash
378305a8ab [test suite] added perl FKO Rijndael key test with embedded NULL char 2013-04-09 22:48:54 -04:00
Michael Rash
b45a1b07ad minor var naming/spacing update 2013-04-09 21:28:32 -04:00
Michael Rash
05ced0a514 add HMAC_KEY variable support to access.conf (alternative to HMAC_KEY_BASE64) 2013-04-08 22:14:06 -04:00
Michael Rash
748715acf8 [test suite] added python->C HMAC test 2013-04-08 20:45:14 -04:00
Michael Rash
57773993e4 [test suite] don't remove output/ directory in --list mode, closes #53 2013-04-07 20:57:35 -04:00
Michael Rash
cccab3c22b [test suite] restore --diff mode, fixes #52 2013-04-07 16:28:33 -04:00
Michael Rash
4f9fbe4549 [test suite] NAT name resolution tests 
This commit adds tests for NAT name resolution in support of issue #43.
 2013-04-07 13:33:42 -04:00
Michael Rash
fcac5ca413 [test suite] minor encryption key variable name update 2013-04-02 07:48:17 -04:00
Michael Rash
08c9cc0938 HMAC function rename for consistency 
Make sure that HMAC function names conform to previously established get_*,
set_* naming convention.
 2013-03-29 20:42:44 -04:00
Michael Rash
d6b4a2a1c3 added fuzzing tests for long Rijndael and HMAC keys 2013-03-28 20:42:12 -04:00
Michael Rash
6ca996a173 [test suite] minor spacing update 2013-03-22 22:34:10 -04:00
Michael Rash
42cfc58e20 [perl FKO] add HMAC support along with test suite HMAC verification (closes #16) 2013-03-21 21:55:18 -04:00
Michael Rash
49c956dafc [test suite] added two basic tests for installation and operations of the python fko extension 2013-03-19 21:23:36 -04:00
Michael Rash
ab40e30022 minor typo fix 2013-03-18 21:49:00 -04:00
Michael Rash
1de5e370e1 [test suite] added 'server_conf' hash key verification 2013-03-16 14:40:08 -04:00