DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
2,033 Commits 15 Branches 0 Tags
Commit Graph

2033 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Rash
db80c81f66 Merge pull request #152 from Coacher/master 
server: remove extra '/run' subdir from paths
 2015-04-19 21:15:51 -04:00
Michael Rash
e39d34750b [server] switch from abs() to labs() for time difference calculation 
This commit fixes the following warning during compilation on Mac OS X:

gcc -DHAVE_CONFIG_H -I. -I..  -I ../lib -I ../common -DSYSCONFDIR=\"/etc\" -DSYSRUNDIR=\"/var\"   -g -O2 -Wall -Wformat -Wformat-security -fstack-protector-all -fstack-protector -fPIE -D_FORTIFY_SOURCE=2 -MT fwknopd-incoming_spa.o -MD -MP -MF .deps/fwknopd-incoming_spa.Tpo -c -o fwknopd-incoming_spa.o `test -f 'incoming_spa.c' || echo './'`incoming_spa.c
incoming_spa.c:736:23: warning: absolute value function 'abs' given an argument of
      type 'long' but has parameter of type 'int' which may cause truncation of
      value [-Wabsolute-value]
            ts_diff = abs(now_ts - spadat.timestamp);
                      ^
incoming_spa.c:736:23: note: use function 'labs' instead
            ts_diff = abs(now_ts - spadat.timestamp);
                      ^~~
                      labs
1 warning generated.
 2015-04-19 17:48:18 -07:00
Ilya Tumaykin
b21c04e9d6 Merge remote-tracking branch 'upstream/master' 2015-04-20 02:46:41 +03:00
Ilya Tumaykin
e333cba945 server: remove extra '/run' subdir from paths 
Having extra '/run' subdirectory hardcoded into paths used for options
'digest-file', 'pid-file', 'run-dir' is counterintuitive and can lead to
bogus directory layouts when 'localstatedir' differs from the default
value.

For example, if 'localstatedir' is set to '/run', which is a common and
recommended substitute for /var/run in many distros nowadays, then
fwknop files will be placed under /run/run/fwknop.

This changeset removes extra '/run' subdirectory from all relevant paths
by changing DEF_RUN_DIR. Default value of 'localstatedir' is changed to
'/var/run' so users who relied on the previous behaviour won't have to
bother changing anything.

This is tested and works. Gentoo have this patch applied since 2.6.0.
 2015-04-20 02:43:10 +03:00
Michael Rash
93a3798cc1 [test suite] exclude server restart cycle from valgrind results parsing 2015-04-19 13:25:11 -07:00
Michael Rash
cc765a23db [test suite] minor FORCE_NAT config tweak 2015-04-19 12:22:55 -07:00
Michael Rash
b1100cb730 [server] NAT validation only applies to systems running iptables or firewalld 2015-04-19 07:16:30 -07:00
Michael Rash
68db4b77a5 [server] allow FORWARD_ALL to control whether FORCE_NAT is required 2015-04-19 07:11:10 -07:00
Michael Rash
0ecc2d2333 minor docs update 2015-04-19 07:10:26 -07:00
Michael Rash
bb5aa928d9 [server] fix typos from corresponding firewalld changes 2015-04-18 12:33:11 -07:00
Michael Rash
c9dedd3378 Merge branch 'master' of https://github.com/mrash/fwknop 2015-04-18 05:39:01 -07:00
Michael Rash
03959653ca [server] differentiate MASQUERADE from SNAT with a dedicated FWKNOP_MASQUERADE chain 2015-04-18 05:38:35 -07:00
Michael Rash
f06c6e3b9c [test suite] allow default FORCE_NAT 0.0.0.0 0 to apply 2015-04-18 05:37:31 -07:00
Michael Rash
19f00c0dbe [test suite] add jump rule validation, include complete fwknopd chain listings 2015-04-18 05:33:00 -07:00
Michael Rash
55cbebe7bb ChangeLog and doc updates 2015-04-18 05:30:39 -07:00
Michael Rash
baf3f706d8 Merge pull request #151 from mrdanbrooks/master 
android: allow definition of custom server udp port
 2015-04-16 21:45:59 -04:00
dan brooks
fba6473b1c android: allow definition of custom server udp port 2015-04-15 16:52:34 -04:00
Michael Rash
1e9f7e94f0 [server] consolidate chain creation within mk_chain() 2015-04-14 08:21:00 -07:00
Michael Rash
c0f3ed38a8 [server] further error status simplication for firewalld 2015-04-14 08:15:03 -07:00
Michael Rash
cf8c4df50e [server] remove DISABLE_DNAT exception for SPA packets that request a NAT operation - this is reserved for FORCE_NAT scenarios 2015-04-14 08:12:56 -07:00
Michael Rash
912c625e9e [server] remove DISABLE_DNAT exception for SPA packets that request a NAT operation - this is reserved for FORCE_NAT scenarios 2015-04-13 08:34:24 -07:00
Michael Rash
654f455ba6 Revert "[server] use 'success' string for firewalld as returned firewall-cmd for command success" 
This reverts commit 1e33119b04a583fbf18b5b562edb14301a2ca7d6.
 2015-04-12 15:49:19 -07:00
Michael Rash
ffeb60677d [test suite] update SNAT MASQ test to use force masq access file 2015-04-12 15:49:08 -07:00
Michael Rash
7dc41e68ef [test suite] add open_ports_force_masq_access.conf file 2015-04-12 15:48:14 -07:00
Michael Rash
86cdc90f4a [test suite] add open_ports_force_masq_access.conf file 2015-04-12 15:47:41 -07:00
Michael Rash
5164378b17 [build] add --enable-32bit-mode for ASAN+AFL fuzzing 2015-04-09 22:23:17 -04:00
Michael Rash
513fb239df Merge branch 'master' of ssh://github.com/mrash/fwknop 2015-04-09 21:21:45 -04:00
Michael Rash
87a4acb636 [test suite] added detection for crashes triggered with AddressSanitizer (requires --enable-asan-support) 2015-04-09 18:04:31 -07:00
Michael Rash
1986c9aaf9 [test suite] added AFL results for client-rc fuzzing 2015-04-09 09:20:19 -04:00
Michael Rash
2d0b623a9a [test suite] more FORCE_NAT tests 2015-04-08 18:50:26 -07:00
Michael Rash
ca41ce6e75 [test suite] restore FORCE_SNAT test passing result 2015-04-08 18:40:44 -07:00
Michael Rash
547dbb66b3 [server] minor return value handling update for create_chain() and add_jump_rule() 2015-04-08 18:30:03 -07:00
Michael Rash
1e33119b04 [server] use 'success' string for firewalld as returned firewall-cmd for command success 2015-04-08 18:29:03 -07:00
Michael Rash
429881703f [test suite] minor uninitialized var bug fix 2015-04-08 18:24:26 -07:00
Michael Rash
ab2d9c0aec [test suite] minor path bug fix 2015-04-07 16:35:07 -07:00
Michael Rash
0fa42ae117 [server] allow DISABLE_DNAT to not require FORCE_NAT 2015-04-07 16:34:49 -07:00
Michael Rash
7a21494f39 added --enable-asan-support for Google's Address Sanitizer compiler flags 2015-04-07 16:32:44 -07:00
Michael Rash
21dc1e8968 Merge branch 'master' of ssh://minastirith/Users/mbr/git/fwknop 2015-04-07 08:24:21 -04:00
Michael Rash
3d8b524019 [test suite] FORCE_SNAT requires FORCE_NAT test 2015-04-07 08:23:55 -04:00
Michael Rash
37c9f38565 [test suite] FORCE_SNAT requires FORCE_NAT test 2015-04-06 21:20:31 -04:00
Michael Rash
8e6db3a5da [server] extend FORWARD_ALL to apply to NAT operations 
This is a significant commit to allow all ports and protocols to be
NAT'd in conjunction with FORWARD ACCEPT rules. This commit is in
support of 6b7a3bbdae295c29a15a59385e637bd391858bc2 to allow fwknopd to
function as an SPA gateway.
 2015-04-06 20:04:33 -04:00
Michael Rash
8010690039 [server] add missing #define's for firewalld 2015-04-06 11:47:07 -07:00
Michael Rash
ef6c0549a5 [test suite] added --prefer-iptables to exclude firewalld 2015-04-06 01:33:18 -07:00
Michael Rash
c25f34e7a2 [server] update firewalld for FORWARD_ALL NAT operations 2015-04-06 01:24:55 -07:00
Michael Rash
ca467b9030 [test suite] added AFL results for spa-pkts and server-digest-cache fuzzing runs 2015-03-31 19:58:18 -04:00
Michael Rash
c4ffd4b00a [extras] minor ramdisk creation bug fix 2015-03-30 21:38:31 -04:00
Michael Rash
a18b3e9027 [server] minor code coverage update for firewalld systems 2015-03-29 18:15:11 -07:00
Michael Rash
244d2692f2 [test suite] added server-access plot data 2015-03-29 08:04:55 -04:00
Michael Rash
cb089c550d [test suite] added server-access AFL results run 2015-03-29 08:00:03 -04:00
Michael Rash
60d982a103 [test suite] added GPG 4096-bit key combination tests 2015-03-28 07:54:30 -04:00