DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,331 Commits 15 Branches 0 Tags
Commit Graph

350 Commits

Author SHA1 Message Date
Michael Rash
fa985c1943 Merge remote-tracking branch 'fjoncourt/fko_dump' 
This implements an FKO context dumping function in lib/fko_utils.c, and closes #100
 2013-08-11 15:02:01 -04:00
Michael Rash
5176f9e04b [server] minor addition to access stanza dump output to include hmac digest type 2013-08-10 16:08:19 -04:00
Franck Joncourt
f8ae3b8da3 Merge remote-tracking branch 'upstream/master' into fko_dump 2013-08-10 14:32:34 +02:00
Michael Rash
d9ba40d48f [server] fix compilation warning dealing with new iptables chain validation 2013-08-08 20:55:10 -04:00
Franck Joncourt
7296d3f3bf * Interim commit to add a dump function to dump the FKO context shared 
by both the server and client. mrash/fwknop#95
 2013-08-05 23:28:07 +02:00
Michael Rash
8c73c7801b [server] send IPT_*_ACCESS vars through basic validation at fwknopd.conf parse time 2013-08-05 00:00:45 -04:00
Michael Rash
131c643cad [server] make IPT_INPUT_ACCESS validation more strict on allowed chars 2013-08-04 23:20:53 -04:00
Michael Rash
39fa4cc012 [server] if iptables init fails then no need to remove fwknop chains 
This commit fixes a crash at init time in fwknopd if an improperly formatted
IPT_INPUT_ACCESS variable is used in fwknopd.conf file.  fwknopd should not
try to delete chains with a bogus IPT_INPUT_ACCESS variable, and valgrind
verifies that this change does not introduce any memory leaks (see the
'invalid iptables INPUT spec' tests run in --enable-valgrind mode).
 2013-08-04 23:01:33 -04:00
Michael Rash
24101ac33a [server] add NULL check for SNAT translate IP 2013-08-03 20:37:50 -04:00
Michael Rash
f062ac5706 [server] minor enable check via strncasecmp() 2013-08-02 23:22:10 -04:00
Michael Rash
fc39de607c minor man page update to move --syslog-enable to the server man page 2013-07-29 00:06:52 -04:00
Franck Joncourt
f1cee780d2 Merge remote-tracking branch 'upstream/master' 2013-07-28 22:11:16 +02:00
Franck Joncourt
1977973020 * Allow messages to be sent to syslog even if the foreground mode is invoked. 2013-07-28 22:07:14 +02:00
Michael Rash
dcb7871d02 [server] don't print PID file existence warning in daemon mode (suggested by Ilya Tumaykin) 2013-07-24 23:04:31 -04:00
Michael Rash
dac75c0242 [server] restore backwards compatibility for Rijndael keys > 16 bytes in legacy mode by truncating (upgrading recommended of course) 2013-07-14 15:37:24 -04:00
Michael Rash
dcf9c99fb5 [server] iptables rule duplication bug fix to look for protocol name with -C support isn't available 2013-07-14 14:37:22 -04:00
Michael Rash
baa964a8cd [server] removed iptables '-C' redirection since 2>&1 is always appended by other macros 2013-07-13 23:22:29 -04:00
Michael Rash
a7de80e66e [server] Account for older versions of iptables that don't have -C 
This commit updates fwknopd to test for the existance of the iptables '-C'
rule checking functionality since older versions of iptables don't have this.
If it isn't offered by the installed version of iptables, then revert to parsing
fwknop chains to see if iptables rules already exist before adding new rules (to
avoid duplicates).
 2013-07-12 23:22:50 -04:00
Michael Rash
9664105906 [server] compile bug fix for pf/ipfw firewall systems 2013-07-10 23:11:29 -04:00
Michael Rash
24c4c5e208 continued zeroing out of sensitive data buffers in support of issue #93 2013-07-08 23:00:18 -04:00
Michael Rash
1e77f6ed53 continued changes to zero out sensitive information before exit (#93) 2013-07-07 22:32:30 -04:00
Michael Rash
6f6f7b8de2 [server] update fw_config_init() to allow access stanza key information to be zeroed out upon error (#93) 2013-07-06 15:05:09 -04:00
Michael Rash
cb61fd886d [server] minor header formating update 2013-07-06 14:53:04 -04:00
Michael Rash
4ff518d54a [server] zero out access stanza key information before exit (in support of #93) 2013-07-06 14:52:46 -04:00
Franck Joncourt
9d7feb52f6 Merge remote-tracking branch 'upstream/master' 2013-06-30 22:22:34 +02:00
Franck Joncourt
c2e1a00154 s/GNU Public/GNU General Public/g 2013-06-30 22:21:22 +02:00
Michael Rash
a792e8bf4e minor man page documentation updates (added twitter reference) 2013-06-30 15:55:01 -04:00
Michael Rash
5a4a8a5baa [server] convert several LOG_INFO messages to LOG_DEBUG 2013-06-27 22:15:39 -04:00
Franck Joncourt
5a0700eb46 * Mentionned the VERBOSE variable in fwknopd.conf. 
* Made sure the -v command line switch overrides the value of the
  VERBOSE variable set in an fwknopd.conf file.
 2013-06-27 21:39:38 -04:00
Franck Joncourt
10fdbb509c s/VERBOSITY/VERBOSE/g on the server side for consistency purposes. 2013-06-27 21:39:38 -04:00
Franck Joncourt
7fde3949da Fixed use of --verbose command line switch. 
Set default log verbosity to LOG_INFO in the log_msg driver.
 2013-06-27 21:39:38 -04:00
Franck Joncourt
5db1eeb268 Interim commit to add a VERBOSE variable to fwknopd. 2013-06-27 21:39:38 -04:00
Michael Rash
37b624ac8b bump version to 2.5, minor fwknopd -S exit status update 
This commit bumps the fwknop version to 2.5 and sets the libfko version to 2.0 to
signal incompatibility with older libfko versions.  Backwards compatibility is
maintained in SPA packet construction, but function prototypes in libfko-2.0 are
no longer compatible with older versions.

This commit also returns non-zero exit status under 'fwknopd --status' if there
is no existing fwknopd process.  This is better than always exiting with a zero
status regardless of whether fwknopd is already running or not, and adds a level
of scriptability to --status usage.  This change was suggested by George Herlin.
 2013-06-27 21:21:10 -04:00
Franck Joncourt
47a7ffe22b Merge remote-tracking branch 'upstream/master' 2013-06-25 23:03:28 +02:00
Franck Joncourt
5413d1c48c * Mentionned the VERBOSE variable in fwknopd.conf. 
* Made sure the -v command line switch overrides the value of the
  VERBOSE variable set in an fwknopd.conf file.
 2013-06-25 22:04:54 +02:00
Franck Joncourt
4525a7e57c s/VERBOSITY/VERBOSE/g on the server side for consistency purposes. 2013-06-25 21:56:53 +02:00
Franck Joncourt
07f96f86f8 Fixed use of --verbose command line switch. 
Set default log verbosity to LOG_INFO in the log_msg driver.
 2013-06-24 23:15:50 +02:00
Michael Rash
d125146c37 [server] minor --help update to include cipherdyne.org URL 2013-06-21 21:11:23 -04:00
Michael Rash
371036bad0 [client] re-use encryption/HMAC keys in --test mode 
The client --test mode decrypts SPA packet data as a final step, but get_keys()
was being called to re-acquire the encryption/HMAC keys.  This commit reuses
the same keys that were supplied for SPA packet encryption/authentication
because the most important code to test is not get_keys() but rather libfko
encryption/decryption/authentication operations.
 2013-06-21 21:08:41 -04:00
Franck Joncourt
afd6f6b23c Interim commit to add a VERBOSE variable to fwknopd. 2013-06-20 23:33:04 +02:00
Michael Rash
68acbaadc4 remove newline chars from log_msg() calls 2013-06-19 23:42:58 -04:00
Franck Joncourt
5667d8e151 Fixed default verbosity to LOG_NOTICE rather than LOG_WARNING. 2013-06-18 22:12:41 +02:00
Franck Joncourt
2cc1ac65bc Replaced some uses of *fprintf(stderr* by *log_msg(LOG_ERR* in config_init.c 2013-06-17 12:31:07 +02:00
Franck Joncourt
57cf6dc472 s/fprintf(stderr/log_msg(LOG_ERR/ 2013-06-16 22:16:41 +02:00
Franck Joncourt
84f8704949 Fix static_log_flag in the log_module. 2013-06-16 21:24:37 +02:00
Franck Joncourt
935565cd90 Fix log_msg(). 
* Added new constant LOG_WITHOUT_SYSLOG to be able to print messages to
    stderr only.
  * Renamed LOG_STDERR_MASK as LOG_VERBOSITY_MASK for a better understanding.
 2013-06-16 21:16:25 +02:00
Franck Joncourt
b48295c69b Interim commit to make the log_msg strategy. 
* log_msg : New log_set_verbosity(): It sets the default verbosity for the
    log module according to the verbose option set by the user through the command
    line.
  * Remove useless checks of the verbose option when log_msg() is invoked.
 2013-06-16 19:12:06 +02:00
Michael Rash
8155cf3331 [server] ensure 'Rule added' log messages are generated when create_rule() is called 2013-06-13 21:23:59 -04:00
Michael Rash
c23d2d644f minor typo and format fixes 2013-06-13 21:22:58 -04:00
Michael Rash
1341601a66 [server] when log_msg() is called fflush() output to stderr (when stderr is used) 2013-06-13 21:21:40 -04:00