DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,832 Commits 15 Branches 0 Tags
aaa44656bcfcb705d80768a7b9aa0d45a0e55e21
Commit Graph

458 Commits

Author SHA1 Message Date
Michael Rash
aaa44656bc [server] add support for American Fuzzy Lop (ALF) fuzzing 2014-11-13 20:55:04 -05:00
Michael Rash
7022d79ca7 [server] minor code cleanup 2014-11-06 20:24:50 -05:00
Michael Rash
a8879231c3 [server] add run_extcmd_write() call in code coverage mode 2014-11-06 20:24:33 -05:00
Michael Rash
0c59f6e500 add CODE_COVERAGE macro for ./configure --enable-profile-coverage 2014-11-06 20:23:40 -05:00
Michael Rash
04f8b9669a [server] check number of cmd args even when execvpe() is not available 2014-11-05 23:19:51 -05:00
Michael Rash
e7942f48e0 [server] allow loop restart after select() sets EINTR (since we handle signals) - fixes cmd execution through UDP on FreeBSD 2014-11-04 22:44:59 -05:00
Michael Rash
c5f0389281 [server] minor code restructure, use FD_ISSET() test on file descriptors 2014-11-04 22:43:04 -05:00
Michael Rash
50009115b3 [server] bug fix to close write filehandle in _run_extcmd_write() 2014-11-01 12:03:49 -04:00
Michael Rash
34e38fe39e [server] first pass at eliminating popen() write calls with run_extcmd_write() (used for PF firewalls) 2014-10-28 21:28:21 -04:00
Michael Rash
d2abbd8720 [test suite] more code coverage tests 2014-10-25 22:29:49 -04:00
Michael Rash
17608dd01d [test suite] additional code coverage 2014-10-25 08:42:30 -04:00
Michael Rash
58d47cb385 [test suite] additional code coverage for a few areas 2014-10-24 20:39:40 -04:00
Michael Rash
7b70ed08d2 [server] ensure to break out of while loop and close() UDP socket before returning 2014-10-23 23:05:21 -04:00
Michael Rash
0af8faa0b3 Merge branch 'udp_listener' into execvpe 2014-10-13 20:25:14 -04:00
Michael Rash
c70e1c72a0 [server] update firewalld code to use run_extcmd() instead of popen() and system() - allows execvpe() to be used 2014-10-12 21:57:04 -04:00
Michael Rash
62ee780d65 [server] make pid_status a static var at the top of each fw_util_*.c file 2014-10-10 14:20:18 -04:00
Michael Rash
6dd599f3de [server] update ipfw and pf firewall interace code to latest run_extcmd() API 2014-10-07 23:23:05 -04:00
Michael Rash
06f3db1de8 [server] restore shell stderr redirect when execvpe() is not available 2014-10-07 21:42:36 -04:00
Michael Rash
1905baa0e8 [server] minor macro usage update 2014-10-07 21:37:29 -04:00
Michael Rash
b7785a9304 [server] extend run_extcmd() to allow the caller to specify whether to collect stderr 2014-10-07 21:01:17 -04:00
Michael Rash
ed9e1ac236 added setgid() call for command execution along with CMD_EXEC_GROUP access.conf var 2014-10-07 16:18:14 -04:00
Michael Rash
248c4b301e added configure detection of execvpe() - doesn't exist on Mac OS X yet 2014-10-06 20:04:00 -04:00
Michael Rash
652b8cb80e [server] have run_extcmd() collect process exit status for calling function (in addition to return value) 2014-10-05 20:21:05 -04:00
Michael Rash
a47ddfcb1e [server] added WIFEXITED(status) check for external commands run via execvpe() 2014-10-04 21:14:49 -04:00
Michael Rash
841d732c07 [server] removed remaining popen() call for iptables firewalls 2014-10-04 19:56:26 -04:00
Michael Rash
87f3bbdd23 [server] hex_dump() '%' bug fix, minor verbose criteria update 2014-10-04 16:40:44 -04:00
Michael Rash
d71f386971 [server] add search_extcmd() to replace all popen() calls with the execvpe() no env strategy 2014-10-04 10:31:15 -04:00
Michael Rash
e271442aa9 [server] first cut at converting iptables commands to use execvpe() 2014-10-03 21:58:51 -04:00
Michael Rash
0d6917fa4e minor hex_dump() update to use a consistent macro definition for ascii str length 2014-10-03 14:40:48 -04:00
Michael Rash
ddbba5bc90 autoconf update to ensure libpcap is not linked against in --enable-udp-server mode 2014-09-29 11:42:11 -04:00
Michael Rash
52d34a70a2 fwknopd man page updates, added UDPSERV_SELECT_TIMEOUT config option 2014-09-28 22:32:20 -04:00
Michael Rash
52c9d51d7d consolidate signal handling a bit, UDP server msg size updates 2014-09-28 22:06:34 -04:00
Michael Rash
360905ec56 implement --packet-limit for UDP server mode 2014-09-28 21:19:19 -04:00
Michael Rash
5db3a12763 add signal handling code to UDP server mode 2014-09-28 20:30:09 -04:00
Michael Rash
0af7f72500 enforce MAX_SPA_PACKET_LEN restriction for incoming datagrams for UDP listener mode 2014-09-28 16:49:12 -04:00
Michael Rash
f2a3562f71 removed 2014-09-28 11:49:24 -04:00
Michael Rash
1fd0e7e960 first cut at UDP server mode 2014-09-28 11:49:04 -04:00
Michael Rash
c07afac883 calculate sizeof caddr for each client connection 2014-09-28 09:29:30 -04:00
Michael Rash
f7f97d3f30 [server] firewalld reports 'success' as a string upon command success in contrast to iptables 2014-09-03 23:15:34 -04:00
Gerry Reno
2da57da0cb more changes for firewalld 2014-08-31 16:13:46 -04:00
Gerry Reno
ac82b1ced2 more changes for firewalld 2014-08-31 13:51:08 -04:00
Gerry Reno
d47ebb602a more changes for firewalld 2014-08-31 02:23:39 -04:00
Gerry Reno
25d252c11a more changes for firewalld 2014-08-31 00:29:17 -04:00
Gerry Reno
e54383b518 first cut at firewalld 2014-08-31 00:06:37 -04:00
Michael Rash
eb0e8eb6a1 fwknopd man page updates for access.conf vars 2014-08-26 23:21:14 -04:00
Michael Rash
dfcfb2e47b minor code restructure for Ethernet FCS header processing 2014-08-21 21:08:27 -04:00
stubbsw
19f31c3e23 update to indicate Ethernet FCS support vs. bug 2014-08-19 06:54:18 -04:00
stubbsw
b98579ab8f workaround libpcap 4 extra bytes 
Workaround for libpcap returning a length that is 4 bytes longer than
the
packet on the wire. Observed on:

Linux beaglebone 3.8.13-bone50 #1 SMP Tue May 13 13:24:52 UTC 2014
armv7l GNU/Linux
ldd fwknopd
libfko.so.2 => /usr/local/lib/libfko.so.2 (0xb6f62000)
libpcap.so.0.8 => /usr/lib/arm-linux-gnueabihf/libpcap.so.0.8
(0xb6f20000)
libc.so.6 => /lib/arm-linux-gnueabihf/libc.so.6 (0xb6e3b000)
/lib/ld-linux-armhf.so.3 (0xb6f94000)
libgcc_s.so.1 => /lib/arm-linux-gnueabihf/libgcc_s.so.1 (0xb6e17000)

Calculate the new pkt_end from the length in the ip header.
 2014-08-17 11:50:56 -04:00
Michael Rash
4fcd5b317a [server] fix shift operation bug in SOURCE subnet processing spotted by Coverity 2014-07-26 23:43:48 -04:00
Michael Rash
7df1186c66 fixed several socket handle leaks under error conditions spotted by Coverity 2014-07-22 11:30:33 -04:00