DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,832 Commits 15 Branches 0 Tags
aaa44656bcfcb705d80768a7b9aa0d45a0e55e21
Commit Graph

200 Commits

Author SHA1 Message Date
Michael Rash
aaa44656bc [server] add support for American Fuzzy Lop (ALF) fuzzing 2014-11-13 20:55:04 -05:00
Michael Rash
1a76d5586f [test suite] extend server receive criteria 2014-11-09 21:36:36 -05:00
Michael Rash
ba337108af [test suite] implement multi-cycle test sequences 2014-11-08 21:44:49 -05:00
Michael Rash
46fd32a6f1 [test suite] minor bug fix to add --no-firewd-check-support option for one test 2014-11-06 20:22:05 -05:00
Michael Rash
b5fe62bfc7 [test suite] command exec too many args tests 2014-10-26 16:58:13 -04:00
Michael Rash
d2abbd8720 [test suite] more code coverage tests 2014-10-25 22:29:49 -04:00
Michael Rash
17608dd01d [test suite] additional code coverage 2014-10-25 08:42:30 -04:00
Michael Rash
58d47cb385 [test suite] additional code coverage for a few areas 2014-10-24 20:39:40 -04:00
Michael Rash
56a6b7dee5 give firewalld its own namespace (can track firewalld changes independently of iptables) 2014-10-21 22:43:21 -04:00
Michael Rash
6945e23bc9 [test suite] UDP server command execution tests, run configure arg recompile tests after gcov profiling stuff 2014-10-20 22:23:46 -04:00
Michael Rash
15f73c7f9e [test suite] added configure args test with UDP server test for fwknopd not linking against libpcap 2014-10-19 22:58:35 -04:00
Michael Rash
0af8faa0b3 Merge branch 'udp_listener' into execvpe 2014-10-13 20:25:14 -04:00
Michael Rash
00b229b834 [test suite] detect firewalld vs. iptables for server rewrite conf tests 2014-10-13 19:54:30 -04:00
Michael Rash
d9fb29318e [test suite] add --exit-parse-config to fwknopd basic tests where possible 2014-10-12 21:29:44 -04:00
Michael Rash
e54b15ceaf [test suite] fix up Rijndael cmd exec test 2014-10-10 08:16:31 -04:00
Michael Rash
2b5088eb76 [test suite] added use terminal test, fix up Rijndael CMD tests 2014-10-09 16:03:05 -04:00
Michael Rash
ed9e1ac236 added setgid() call for command execution along with CMD_EXEC_GROUP access.conf var 2014-10-07 16:18:14 -04:00
Michael Rash
e6d162215f [test suite] added command execution setuid() 'nobody' test 2014-10-06 22:04:20 -04:00
Michael Rash
85ff6b25e1 updated --last-cmd tests to write the previous args first 2014-09-30 21:12:43 -04:00
Michael Rash
e2c2ad141e TCP/UDP server port validation tests 2014-09-28 22:06:06 -04:00
Michael Rash
ad3b230917 minor client cmd line bug fix for UDP server HMAC test 2014-09-28 21:21:25 -04:00
Michael Rash
360905ec56 implement --packet-limit for UDP server mode 2014-09-28 21:19:19 -04:00
Michael Rash
a5dd273189 replay attack detection test for UDP server mode 2014-09-28 20:48:57 -04:00
Michael Rash
aa2492bba2 Added UDP server HMAC cycle tests 2014-09-28 16:51:38 -04:00
Michael Rash
dc9e8da702 started on UDP server tests for Rijndael mode 2014-09-28 14:54:40 -04:00
Michael Rash
50434c5c4c Use the fwknop User-Agent for wget SSL external IP resolutions 
Bug fix to ensure that a User-Agent string can be specified when the
fwknop client uses wget via SSL to resolve the external IP address. This
closes issue #134 on github reported by Barry Allard. The fwknop now
uses the wget '-U' option to specify the User-Agent string with a
default of "Fwknop/<version>". In addition, a new command line argument
"--use-wget-user-agent" to allow the default wget User-Agent string to
apply instead.
 2014-09-27 23:23:12 -04:00
Michael Rash
e04f3fef21 added Ethernet FCS header test with pcap contributed by Bill Stubs 2014-08-21 21:07:52 -04:00
Michael Rash
fa154259d5 [test suite] added FreeBSD-10.0 and OpenBSD-5.5 compatibility tests 2014-07-28 15:52:57 -04:00
Michael Rash
655abf6f0b [test suite] WGET_CMD and RESOLVE_HTTP_ONLY fwknoprc test coverage 2014-07-28 09:46:08 -04:00
Michael Rash
b06447384e [client] have autoconf resolve the absolute path to wget for SSL IP resolution 2014-07-27 22:03:58 -04:00
Michael Rash
4fcd5b317a [server] fix shift operation bug in SOURCE subnet processing spotted by Coverity 2014-07-26 23:43:48 -04:00
Michael Rash
59718f1a36 [client] Updated IP resolution mode -R to use SSL 
External IP resolution via '-R' (or '--resolve-ip-http') is now done via SSL by
default. The IP resolution URL is now 'https://www.cipherdyne.org/cgi-gin/myip',
and a warning is generated in '-R' mode whenever a non-HTTPS URL is specified
(it is safer just to use the default). The fwknop client leverages 'wget' for
this operation since that is cleaner than having fwknop link against an SSL
library.
 2014-07-25 17:42:06 -04:00
Michael Rash
73490209f7 [test suite] add access.conf file path to a few basic tests 2014-07-22 17:36:31 -04:00
Michael Rash
3bd1d0742e [test suite] add --gpg-home-dir arg to GPG test 2014-07-08 16:32:26 -05:00
Michael Rash
7e1346c49a [test suite] add variable expansion and fwknopd override tests 2014-07-08 16:31:06 -05:00
Michael Rash
0e5c4644fc [test suite] add GPG test for a manually altered SPA packet 2014-07-07 22:16:47 -05:00
Michael Rash
1b47173906 [test suite] add SYSLOG_FACILITY tests 2014-07-07 21:35:27 -05:00
Michael Rash
5474ced90b [test suite] extend invalid sniff interface test to include promisc mode 2014-07-05 23:10:26 -05:00
Michael Rash
77eb1a763f [test suite] add invalid sniff interface test 2014-07-05 22:44:40 -05:00
Michael Rash
f0285ae2b5 [test suite] add invalid gpg sig ID list 2014-07-04 20:05:54 -04:00
Michael Rash
ffa77a9e54 [test suite] add GPG_DISABLE_SIG test 2014-07-04 19:54:56 -04:00
Michael Rash
a2ff2a396c [server] call clean_exit() upon check_dir_path() error 2014-07-03 10:31:30 -04:00
Michael Rash
5ced103207 [test suite] minor test coverage addition for invalid locale setting 2014-07-03 10:17:52 -04:00
Michael Rash
43b770320a [server] Require sig ID's or fingerprints when sigs are validated 
When validating access.conf stanzas make sure that one of
GPG_REMOTE_ID or GPG_FINGERPRINT_ID is specified whenever GnuPG
signatures are to be verified for incoming SPA packets. Signature
verification is the default, and can only be disabled with
GPG_DISABLE_SIG but this is NOT recommended.
 2014-06-30 11:52:42 -04:00
Michael Rash
77384a904e [server] add access.conf variable GPG_FINGERPRINT_ID 
Add a new GPG_FINGERPRINT_ID variable to the access.conf file
so that full GnuPG fingerprints can be required for incoming SPA packets
in addition to the appreviated GnuPG signatures listed in GPG_REMOTE_ID.
From the test suite, an example fingerprint is

GPG_FINGERPRINT_ID            00CC95F05BC146B6AC4038C9E36F443C6A3FAD56
 2014-06-30 11:11:09 -04:00
Michael Rash
e41e0f5aaf [test suite] added iptables OUTPUT chain test 2014-06-24 22:54:27 -04:00
Michael Rash
a4615a76b5 [test suite] add Rjindael HMAC --no-ipt-check-support test for udp/53 2014-06-24 18:21:46 -04:00
Michael Rash
4878607254 [libfko] removed fko_new_strdup() fault injection tag since fko_destroy() isn't called 2014-06-16 17:11:52 -04:00
Michael Rash
42a20616b4 [libfko] additional fault injection additions with test suite support 2014-06-14 21:27:18 -04:00
Michael Rash
c00a3e7b26 [test suite] additional fault injection tests 2014-06-12 20:29:54 -04:00