DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
2,661 Commits 15 Branches 0 Tags
Commit Graph

21 Commits

Author SHA1 Message Date
Pierre Pronchery
f35c1d7cb7 Add IPv6 support to the plain UDP and TCP servers 2018-08-20 11:02:15 +02:00
Pierre Pronchery
32cdd1183e Specify the family at run-time for TCP/UDP servers 
This is still using IPv4 by default for the moment.
 2018-08-20 11:02:15 +02:00
Pierre Pronchery
d6ce22b989 Set the address family for incoming SPA over UDP 2018-08-20 11:02:15 +02:00
Pierre Pronchery
da1ab0563d Use a constant for AF_INET 
This should eventually help with portability to IPv6.
 2018-08-20 11:02:15 +02:00
Pierre Pronchery
b070e80623 Use sizeof() instead of re-using hard-coded values 
This should help with portability for the protocol family eventually.
 2018-08-20 11:02:15 +02:00
Jonathan Bennett
db1cdd2fea [Server] Moves signal handling code to earlier in fwknopd initialization 
Also serves to de-duplicate code slightly
 2016-05-24 20:48:40 -05:00
Jonathan Bennett
3378ba2423 Add Doxygen headers for server files 2016-01-01 02:09:59 +00:00
Michael Rash
a85b081f79 copyright update 2015-12-23 14:34:51 -05:00
Michael Rash
c0b6db20be [server] start on not calling strtol_wrapper() repeatedly after the config is parsed 2015-12-16 20:26:17 -08:00
Michael Rash
cfa02859eb [server] don't run firewall handling code for command-only modes 2015-11-17 20:48:37 -08:00
Michael Rash
4909b629d5 [server] add command cycle close support to UDP server mode 2015-10-19 20:17:44 -04:00
Michael Rash
795b1de4dd [server] Added RULES_CHECK_THRESHOLD to define 'deep' rule expiration check frequency 
The RULES_CHECK_THRESHOLD variable defines the number of times firewall rule
expiration times must be checked before a "deep" check is run. This allows
fwknopd to remove rules that contain a proper '_exp_<time>' even if a third party
program added them instead of fwknopd. The default value for this variable is 20,
and this typically results in this check being run every two seconds or so. To
disable this type of checking altogether, set this variable to zero.
 2015-07-18 10:37:17 -07:00
Michael Rash
ef9498f783 [server] Implement garbage cleanup mode for rule deletion 
This is a significant commit that allows fwknopd to delete expired rules
from the firewall policy regardless of whether fwknopd is tracking them.
That is, a third party program could insert rules into the fwknopd
chains (iptables for now, but this will be extended to the other
firewalls) in order to take advantage of fwknopd rule deletion.
 2015-07-13 21:29:16 -04:00
Michael Rash
e7942f48e0 [server] allow loop restart after select() sets EINTR (since we handle signals) - fixes cmd execution through UDP on FreeBSD 2014-11-04 22:44:59 -05:00
Michael Rash
7b70ed08d2 [server] ensure to break out of while loop and close() UDP socket before returning 2014-10-23 23:05:21 -04:00
Michael Rash
52d34a70a2 fwknopd man page updates, added UDPSERV_SELECT_TIMEOUT config option 2014-09-28 22:32:20 -04:00
Michael Rash
52c9d51d7d consolidate signal handling a bit, UDP server msg size updates 2014-09-28 22:06:34 -04:00
Michael Rash
360905ec56 implement --packet-limit for UDP server mode 2014-09-28 21:19:19 -04:00
Michael Rash
5db3a12763 add signal handling code to UDP server mode 2014-09-28 20:30:09 -04:00
Michael Rash
0af7f72500 enforce MAX_SPA_PACKET_LEN restriction for incoming datagrams for UDP listener mode 2014-09-28 16:49:12 -04:00
Michael Rash
1fd0e7e960 first cut at UDP server mode 2014-09-28 11:49:04 -04:00