When --enable-valgrind is used, this commit adds support for running the
perl FKO built-in tests (in the t/ directory) under the CPAN
Test::Valgrind module. A check is performed to see whether
Test::Valgrind is install before attempting to use it. Any 'fko_'
function that shows up under the test output is flagged and causes the
test-suite test to fail.
This commit adds an AppArmor policy that is known to work in Debian and Ubuntu
systems. The original version of this policy was contributed by Radostan Riedel
to the fwknop mailing list.
This commit fixes a crash if the replay digest init() routine fails - fwknopd
attempted to make use of replay tracking anyway. The crash was discovered
during testing fwknopd with an AppArmor enforce policy deployed. The
following stack trace shows the crash (taken before the previous static
function commit):
Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:31
31 ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory.
(gdb) where
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:31
#1 0x00007f59cabd8b26 in add_replay_file_cache (opts=opts@entry=0x7fff3eaa0bb0, digest=digest@entry=0x0) at replay_cache.c:516
#2 0x00007f59cabd8cf5 in add_replay (opts=opts@entry=0x7fff3eaa0bb0, digest=digest@entry=0x0) at replay_cache.c:472
#3 0x00007f59cabd62eb in incoming_spa (opts=0x7fff3eaa0bb0) at incoming_spa.c:536
#4 0x00007f59ca56164e in ?? () from /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
#5 0x00007f59cabd7175 in pcap_capture (opts=opts@entry=0x7fff3eaa0bb0) at pcap_capture.c:269
#6 0x00007f59cabd3d4d in main (argc=5, argv=0x7fff3eaa1458) at fwknopd.c:314
[libfko] (Hank Leininger) Contributed a patch to greatly extend libfko
error code descriptions at various places in order to give much better
information on what certain error conditions mean. Closes#98.
This commit fixes a crash at init time in fwknopd if an improperly formatted
IPT_INPUT_ACCESS variable is used in fwknopd.conf file. fwknopd should not
try to delete chains with a bogus IPT_INPUT_ACCESS variable, and valgrind
verifies that this change does not introduce any memory leaks (see the
'invalid iptables INPUT spec' tests run in --enable-valgrind mode).
This commit allows the test suite to execute the same fwknop/fwknopd command
used in a specified test output file under gdb. This is a convenience
measure to allow the user to more rapidly execute fwknop/fwknopd commands
under gdb in the same way the test suite does without having to copy and paste
command line args.
Here is a basic example:
root@lorien:/home/mbr/git/fwknop.git/test# ./test-fwknop.pl --gdb output/6.test
GNU gdb
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /home/mbr/git/fwknop.git/server/.libs/fwknopd...done.
(gdb) run
Starting program: /home/mbr/git/fwknop.git/server/.libs/fwknopd -c conf/invalid_ipt_input_chain_6_fwknopd.conf -a conf/default_access.conf -d run/digest.cache -p run/fwknopd.pid -i lo --foreground --verbose --verbose
