DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
2,307 Commits 15 Branches 0 Tags
b7ccfc08ac285be6f8982e2a9af880e63dfd8b74
Commit Graph

117 Commits

Author SHA1 Message Date
Michael Rash
5f895db744 [test suite] restore gpg home dir test 2015-12-19 16:13:23 -08:00
Michael Rash
10a2742a88 [test suite] add clean validation test for digest cache 2015-12-19 13:30:49 -08:00
Michael Rash
e25b78e81d [test suite] restore digest cache validation with a new arg --exit-parse-digest-cache 2015-12-19 05:46:36 -08:00
Michael Rash
923b94bda7 [test suite] restore pcap dispatch count test 2015-12-19 05:06:38 -08:00
Michael Rash
beaf31ad5d [test suite] restore previous args test 2015-12-19 05:01:55 -08:00
Michael Rash
fc8b2ee9c3 [test suite] additional %include_folder test 2015-12-17 23:07:03 -05:00
Michael Rash
8533d9d248 [server] use chop_char() to strip trailing '/' chars from directories 2015-12-17 22:51:08 -05:00
Michael Rash
d85b1077fb [test suite] additional %include_folder tests 2015-12-15 11:58:12 -08:00
Michael Rash
42fd4d6afa [test suite] additional FORCE_NAT code coverage 2015-12-14 22:39:57 -08:00
Michael Rash
d8dc1fcdee [server] add is_valid_file() function, default to lstat() instead of stat(), more %include_folder tests 2015-12-13 01:39:29 -08:00
Michael Rash
b305f67ca5 [test suite] start on %include_folder tests, make sure at least one valid access.conf stanza has been parsed 2015-12-12 20:39:37 -08:00
Michael Rash
ba3d16c5e3 [test suite] complete cycle test from %include derived access stanza 2015-12-12 11:19:14 -08:00
Michael Rash
c12ecd092a [test suite] interleaved access.conf %include tests 2015-12-12 06:45:39 -08:00
Michael Rash
bcd0a90a18 [test suite] %include missing key test 2015-12-12 06:32:14 -08:00
Michael Rash
9c92a368fe [test suite] access.conf %include missing file 2015-12-12 06:27:47 -08:00
Michael Rash
7757929624 [test suite] multi-include non-recursive access.conf test 2015-12-12 06:23:16 -08:00
Michael Rash
5b0cfb16a0 [test suite] add access.conf %include recursion limit test 2015-12-10 15:31:18 -08:00
Michael Rash
f0269751e6 [test suite] fix FORCE_SNAT tests 2015-12-10 14:34:35 -08:00
Michael Rash
4cab37acf9 [test suite] client --time-offset code coverage 2015-12-10 14:32:30 -08:00
Michael Rash
95383149cb [server] bug fix to honor CMD_EXEC_USER and CMD_SUDO_EXEC_USER vars 2015-12-08 19:01:53 -08:00
Michael Rash
35558097cc [test suite] fix FORCE_NAT and FORCE_SNAT required server regex matches 2015-12-05 16:07:01 -08:00
Michael Rash
51c0efb665 [test suite] minor var addition for Rijndael key existence test 2015-12-05 07:00:24 -08:00
Michael Rash
21149faf89 [libfko] fko_set_username() crash bug fix. 
Bug fix for a crash in libfko that could be triggered in fko_set_username()
when a username that is 64 chars or longer is specified. This crash
cannot be triggered in fwknopd even if an SPA packet contains such a
username however due to additional protections in the SPA decoding
routines. Further, this bug does not apply to the main fwknop client
either because the maximal username size is truncated down below 64
bytes. Hence, this bug only applies to client-side software that is
directly using libfko calling the fko_set_username() function.
 2015-12-04 19:01:26 -08:00
Michael Rash
4587a279e1 [server] validate CMD_CYCLE_* vars from the access.conf file 2015-10-13 19:17:06 -07:00
Michael Rash
dd1528c829 [test suite] set sudo path on the fwknopd command line 2015-08-21 22:24:45 -04:00
Michael Rash
89b2e8f477 [server] interface goes down will cause fwknopd to exit 
By default, fwknopd will now exit if the interface that it is
sniffing goes down (patch contributed by Github user 'sgh7'). If this
happens, it is expected that the native process monitoring feature in
things like systemd or upstart will restart fwknopd. However, if fwknopd
is not being monitored by systemd, upstart, or anything else, this
behavior can be disabled with the EXIT_AT_INTF_DOWN variable in the
fwknopd.conf file. If disabled, fwknopd will try to recover when a
downed interface comes back up.
 2015-07-18 13:11:25 -07:00
Michael Rash
4874dc9c83 [test suite] add --gpg-exe invalid path test 2015-07-05 22:55:23 -04:00
Michael Rash
ceb1713976 add --key-gen option to fwknopd (suggested by Jonathan Bennett) 2015-05-20 08:55:17 -07:00
Michael Rash
68db4b77a5 [server] allow FORWARD_ALL to control whether FORCE_NAT is required 2015-04-19 07:11:10 -07:00
Michael Rash
2d0b623a9a [test suite] more FORCE_NAT tests 2015-04-08 18:50:26 -07:00
Michael Rash
ca41ce6e75 [test suite] restore FORCE_SNAT test passing result 2015-04-08 18:40:44 -07:00
Michael Rash
429881703f [test suite] minor uninitialized var bug fix 2015-04-08 18:24:26 -07:00
Michael Rash
0fa42ae117 [server] allow DISABLE_DNAT to not require FORCE_NAT 2015-04-07 16:34:49 -07:00
Michael Rash
54625819c9 [test suite] get resolve tests passing (--test mode stopped resolutions) 2014-12-05 21:23:23 -05:00
Michael Rash
a4d6c17512 [test suite] add DESTINATION formatting tests 2014-12-05 20:56:47 -05:00
Michael Rash
42d103d100 [test suite] minor test update for DESTINATION access.conf stanza 2014-11-30 17:02:27 -05:00
Grant Pannell
624872ef48 Add DESTINATION access.conf directive and ENABLE_DESTINATION_RULE fwknopd.conf directive 2014-11-29 15:05:06 +10:30
Michael Rash
d2abbd8720 [test suite] more code coverage tests 2014-10-25 22:29:49 -04:00
Michael Rash
17608dd01d [test suite] additional code coverage 2014-10-25 08:42:30 -04:00
Michael Rash
58d47cb385 [test suite] additional code coverage for a few areas 2014-10-24 20:39:40 -04:00
Michael Rash
56a6b7dee5 give firewalld its own namespace (can track firewalld changes independently of iptables) 2014-10-21 22:43:21 -04:00
Michael Rash
0af8faa0b3 Merge branch 'udp_listener' into execvpe 2014-10-13 20:25:14 -04:00
Michael Rash
00b229b834 [test suite] detect firewalld vs. iptables for server rewrite conf tests 2014-10-13 19:54:30 -04:00
Michael Rash
d9fb29318e [test suite] add --exit-parse-config to fwknopd basic tests where possible 2014-10-12 21:29:44 -04:00
Michael Rash
ed9e1ac236 added setgid() call for command execution along with CMD_EXEC_GROUP access.conf var 2014-10-07 16:18:14 -04:00
Michael Rash
e2c2ad141e TCP/UDP server port validation tests 2014-09-28 22:06:06 -04:00
Michael Rash
360905ec56 implement --packet-limit for UDP server mode 2014-09-28 21:19:19 -04:00
Michael Rash
50434c5c4c Use the fwknop User-Agent for wget SSL external IP resolutions 
Bug fix to ensure that a User-Agent string can be specified when the
fwknop client uses wget via SSL to resolve the external IP address. This
closes issue #134 on github reported by Barry Allard. The fwknop now
uses the wget '-U' option to specify the User-Agent string with a
default of "Fwknop/<version>". In addition, a new command line argument
"--use-wget-user-agent" to allow the default wget User-Agent string to
apply instead.
 2014-09-27 23:23:12 -04:00
Michael Rash
b06447384e [client] have autoconf resolve the absolute path to wget for SSL IP resolution 2014-07-27 22:03:58 -04:00
Michael Rash
4fcd5b317a [server] fix shift operation bug in SOURCE subnet processing spotted by Coverity 2014-07-26 23:43:48 -04:00