DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
330 Commits 15 Branches 0 Tags
Commit Graph

41 Commits

Author SHA1 Message Date
Michael Rash
ab7226092d Minor restructuring to suppress compiler "defined but not used warnings" 
This commit fixes several compiler warnings like the following (now that -Wall
is the default):

config_init.h:68: warning: ‘cmd_opts’ defined but not used
 2011-08-20 12:34:57 -04:00
Michael Rash
878fae8e8a Implemented memory clean up for digest cache list 
Upon fwknopd shutdown, a new function free_replay_list() is now called in order
to free heap allocated memory dedicated to SPA digest tracking.  Without this
fix, valgrind reports the following (some output snipped):

valgrind --leak-check=full ./server/.libs/fwknopd -f -i lo -P "udp port 62201"

==30864== 431 (48 direct, 383 indirect) bytes in 1 blocks are definitely lost in loss record 17 of 17
==30864==    at 0x4C27480: calloc (vg_replace_malloc.c:467)
==30864==    by 0x407CB7: replay_check_file_cache (replay_cache.c:461)
==30864==    by 0x407B69: replay_check (replay_cache.c:413)
==30864==    by 0x405813: incoming_spa (incoming_spa.c:363)
==30864==    by 0x406275: pcap_capture (pcap_capture.c:223)
==30864==    by 0x40317D: main (fwknopd.c:297)
 2011-08-14 19:42:50 -04:00
Michael Rash
52c795634b Updated digest file path for gdbm/ndbm support 
If fwknopd is compiled with --disable-file-cache to the ./configure script
then it will assume that the default filename is "digest_db.cache" for the
digest cache.  If the file cache method is used (this is the default), then
"digest.cache" is the default filename.  A new variable DIGEST_DB_FILE in
the fwknopd.conf file controls the digest filename if gdbm/ndbm support is
required.
 2011-08-10 22:07:25 -04:00
Michael Rash
0525cd4a5c Added autoconf support for non-dbm file cache. 
This change starts on support for a simple file-based cache mechanism
for tracking SPA digests.  This removes the libgdbm/libndbm dependency
by default, but it can be re-enabled with the --disable-file-cache
argument to the ./configure script.
 2011-08-10 20:56:42 -04:00
Michael Rash
2dd7c4aac7 Minor rename in support of non-dbm file cache 
Added the optional_dbm_support branch and made a minor renaming change
on this branch for the coming non-dbm file cache support.
 2011-08-08 22:49:28 -04:00
Damien Stuart
69f41eb399 Set FD_CLOEXEC on pid file descriptor. 
Added support for setting the URL for resolving source IP via command-line or the .fwknoprc file.
 2011-07-07 08:12:49 -04:00
Michael Rash
ca5f82c067 Removed legacy $Id$ tags from svn 
$Id$ tags don't really mean anything to git so they have been removed from all
source files.
 2011-06-18 20:53:40 -04:00
Damien Stuart
0f6ca00ac4 Updated the GPL blurb at the top of the source files. Added some missing copyright statements (Thanks to Franck Joncourt). 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@300 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-11-13 03:04:36 +00:00
Damien Stuart
51c21b318f Start of addition of access requests via ipfw. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@282 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-08-23 02:43:43 +00:00
Damien Stuart
838b80fd7d Refactored firewall rule code to separate files by firewall type. Stubbed in ipfw and ipf firewall types. Updated autoconf to set a firewall type and path depending on configure arguments. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@279 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-08-10 02:29:09 +00:00
Damien Stuart
6126b7b7ca Updates to accomodate building and compiling on FreeBSD systems. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@276 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-08-08 18:53:35 +00:00
Damien Stuart
b0886a1d49 Updates and clean-up to address the many compiler warnings when compiled with -Wall. Also some autoconf updates 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@265 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-16 14:28:32 +00:00
Damien Stuart
4c995c146b Almost all he conf variables have a default value if they are not there (or set). All the entries in the initial fwknop.conf file are not commented out adn can be override as needed. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@262 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-15 01:38:16 +00:00
Michael Rash
6f4ff9cb69 added --fw-list arg to the fwknopd daemon to list all current firewall rules for any running fwknopd process 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@260 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-13 04:09:07 +00:00
Damien Stuart
4a85c6fd25 Modified top-level Makefile.am so the legacy perl stuff is not packaged into the distribution tar file. More cleanup of the fwknopd man page. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@249 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-10 00:48:41 +00:00
Damien Stuart
5f1f0650ea Put locale code back in. More cleanup of config directives and options. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@231 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-04 13:34:31 +00:00
Damien Stuart
14e844f3f2 Updates to TCP server to close the lock file handle, use a non-blocking socket, and detect when the parent fwknop dies so it can exit as well. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@228 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-01 03:12:32 +00:00
Damien Stuart
fe09438921 Start of cleanup for beta release candidate. Removed locale-related code (for now) as it was breaking some things like logging. removed some unimplemented and/or unused parameters and config directives (as well as thier respective documentation references. Added a --rotate-digest-cache command-line arg to force a rename of the digest cache file and start a new one. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@224 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-24 02:31:36 +00:00
Damien Stuart
aef097a31f Some tweaks to the sigchld handling in the server. Other misc minor cleanup. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@222 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-22 01:14:42 +00:00
Damien Stuart
68b171ddd4 More tweaks. Added SIGCHLD handler and code to try to restart the TCP server if it dies for whatever reason. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@221 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-21 03:24:27 +00:00
Damien Stuart
315f3e6778 Tweak to client usage message output. Added TCP server funcionality to the server (call it a first cut). 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@220 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-20 23:15:52 +00:00
Damien Stuart
aad2daadbf First cut at creating access rules and removing them when they expire (not sure I like this implementation but it is a start). 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@214 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-05-17 01:27:26 +00:00
Damien Stuart
83a10b96f6 Started firewall rule processing. Added rule initialization. Added some of the initial routines for external command execution with ability to capture stdout, stderr, and exit status. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@211 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-04-12 12:41:57 +00:00
Damien Stuart
f3c33c273b Added an initial fwknopd.8 man page (and source asciidoc). Added the --locale and --no-locale command-line option support. The set_config_entry function now allows setting a config entry to NULL to clear and free it. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@209 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-02-09 20:23:42 +00:00
Michael Rash
903f5f466c updated to call dump_access_list() if -D was given to dump config information 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@202 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-20 01:34:23 +00:00
Michael Rash
ca531c3dcc bug fix in --packet-limit handling to ensure multi-packet processing when the arg is not used 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@198 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-19 02:48:41 +00:00
Michael Rash
1092e6ef46 * Fixed a few minor warnings like the following: 
cipher_funcs.c:85: warning: ignoring return value of ‘fread’, declared with attribute warn_unused_result

A few of these were in code in the lib/ directory, and required adding a
new error code 'FKO_ERROR_FILESYSTEM_OPERATION' and associated error
string 'Read/write bytes mismatch'.




git-svn-id: file:///home/mbr/svn/fwknop/trunk@195 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-16 14:59:36 +00:00
Michael Rash
11cedcf3eb Added --access-file command line arg to fwknopd so that the path to the 
access.conf file can be specified from the command line.


git-svn-id: file:///home/mbr/svn/fwknop/trunk@187 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-04 04:08:58 +00:00
Damien Stuart
055aa365cb Added access.conf handling and processing. Added a new acces.conf parameter: RESTRICT_PORTS for specifying 1 or more proto/ports that are explicitly not allowed. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@183 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-04 00:20:19 +00:00
Michael Rash
153a0964e2 Added --packet-limit to fwknopd so that the number of incoming candidate 
SPA packets can be limited from the command line.  When this limit is
reached (any packet that contains application layer data and passes the
pcap filter is included in the count) then fwknopd exits.



git-svn-id: file:///home/mbr/svn/fwknop/trunk@179 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-03 04:37:37 +00:00
Damien Stuart
909ff4eaec Added check for and create of run dir and/or basename of digest_cache (if different from run dir). Added set_locale() call based on LOCALE setting in the conf file. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@177 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-02 16:42:07 +00:00
Damien Stuart
861c0e8e1a Autoconf updates for detecting locally installed program paths and changes to facilitate portability. Also set AM_MAINTAINER_MODE so we are not forced to regen/reconfigure when we change one of the autoconf source files (but we do now need to remember to do it ourselves before making a new dist). 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@172 510a4753-2344-4c79-9c09-4d669213fbeb
 2009-12-28 03:20:55 +00:00
Damien Stuart
814d7d3565 Fixed bug in signal handling when libpcap version 1.0 is used. Minor doc update. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@170 510a4753-2344-4c79-9c09-4d669213fbeb
 2009-12-07 03:48:53 +00:00
Damien Stuart
8c1261ca39 Fixed memory leak issue in libfko when fko_new_with_data() was called with a bad key. Added autoconf checks for gdbm with fallback to ndbm for server builds. Added digest cache capability using gdbm (in ndbm compatibility mode) or ndbm for replay detection. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@153 510a4753-2344-4c79-9c09-4d669213fbeb
 2009-10-16 02:23:02 +00:00
Damien Stuart
8b4b55fa44 Added stubs and some handling for signals. SIGHUP induces the re-reading the configs and restarting the capture loop. SIGTERM and SIGINT simply trigger a graceful exit. Trimmed some more of the configuration options. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@152 510a4753-2344-4c79-9c09-4d669213fbeb
 2009-10-11 17:42:45 +00:00
Damien Stuart
5a72c4fca7 Updates and enhancements to logging functions. Now log_msg writes only to stderr when running in foreground. Default log facility is LOG_DAEMON. Config file options of ENABLE_PACP_PROMISC, HOSTNAME, SYSLOG_IDENTITY, and SYSLOG_FACILITY are processed. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@150 510a4753-2344-4c79-9c09-4d669213fbeb
 2009-09-27 15:09:41 +00:00
Damien Stuart
8a94aa9412 Updated pid/lock file handling. Implemetned -K option. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@149 510a4753-2344-4c79-9c09-4d669213fbeb
 2009-09-24 03:13:33 +00:00
Damien Stuart
61c243f827 Added some more (stubbed-in) server code and functions. Minor doc tweak. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@148 510a4753-2344-4c79-9c09-4d669213fbeb
 2009-09-14 00:38:31 +00:00
Damien Stuart
998fe8da0a Added more server command-line and config file processing code. Updated autoconf config for new checks and files. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@138 510a4753-2344-4c79-9c09-4d669213fbeb
 2009-09-05 02:54:42 +00:00
Damien Stuart
791eb4055b Added check for libpcap. More stubbing in on the server code side. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@137 510a4753-2344-4c79-9c09-4d669213fbeb
 2009-09-04 21:14:44 +00:00
Damien Stuart
5b3f6f07da Forgot to add the server dir. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@128 510a4753-2344-4c79-9c09-4d669213fbeb
 2009-08-09 15:45:45 +00:00