commit 707c59d12793fbf7805767ef868f4166c831c90b (HEAD, refs/heads/master) Author: Michael Rash Date: Wed Apr 22 19:09:46 2015 -0700 minor 2.6.6 release date update fwknop.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e209acc196fa673037642512d9571485b592face Author: Michael Rash Date: Wed Apr 22 01:10:00 2015 -0700 minor ChangeLog update ChangeLog | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 17d1071aa8265030c7944ce932bf984b9920ec2b Author: Michael Rash Date: Wed Apr 22 01:00:57 2015 -0700 [server / test suite] cleaner SNAT MASQUERADE support Makefile.am | 1 + server/fw_util_firewalld.c | 27 +++++++++++---------------- server/fw_util_iptables.c | 27 +++++++++++---------------- test/test-fwknop.pl | 3 +++ test/tests/rijndael_hmac.pl | 21 ++++++++++++++++++++- 5 files changed, 46 insertions(+), 33 deletions(-) commit 6bdfa95067d3f9e1374273edfa5db857e10ca47c Author: Michael Rash Date: Wed Apr 22 00:58:35 2015 -0700 [server / test suite] cleaner SNAT MASQUERADE support test/conf/hmac_forward_all_masq_access.conf | 6 ++++++ 1 file changed, 6 insertions(+) commit 176afecd9fd325a0479826d877887997ece97fc0 (refs/remotes/origin/master, refs/remotes/origin/HEAD) Author: Michael Rash Date: Tue Apr 21 21:09:20 2015 -0400 [server] minor spacing fix server/fw_util_firewalld.c | 2 -- server/fw_util_iptables.c | 2 -- 2 files changed, 4 deletions(-) commit d961165a5ba38261fbdba275c45820c261455bd2 Merge: 3512f7f 6467b92 Author: Michael Rash Date: Tue Apr 21 19:28:05 2015 -0400 Merge branch 'master' of ssh://fedora21/home/mbr/git/fwknop commit 6467b922d53949ffa0cf49af1e0632e0b4b55534 Author: Michael Rash Date: Tue Apr 21 03:30:32 2015 -0700 [test suite] additional FORWARD_ALL tests Makefile.am | 6 +++ test/conf/firewd_snat_translate_ip_fwknopd.conf | 3 ++ test/conf/firewd_spa_dst_snat_fwknopd.conf | 3 ++ test/conf/hmac_force_nat_forward_all_access.conf | 6 +++ test/conf/hmac_forward_all_and_dnat_access.conf | 7 ++++ test/conf/ipt_snat_translate_ip_fwknopd.conf | 3 ++ test/conf/ipt_spa_dst_snat_fwknopd.conf | 3 ++ test/test-fwknop.pl | 6 ++- test/tests/rijndael_hmac.pl | 49 +++++++++++++++++++++--- 9 files changed, 80 insertions(+), 6 deletions(-) commit 3512f7f417d61ccab669ab637038688ba44385a9 Author: Michael Rash Date: Mon Apr 20 21:34:12 2015 -0400 doc updates ChangeLog | 4 +++- client/fwknop.8.in | 6 +++--- server/fwknopd.8.in | 40 ++++++++++++++++++++++++++++++---------- 3 files changed, 36 insertions(+), 14 deletions(-) commit 95bf4dcb8703ce7637519294df979b94e781f163 Merge: bdc3751 f757b4e Author: Michael Rash Date: Mon Apr 20 21:28:10 2015 -0400 Merge pull request #153 from Coacher/master extras: adjust 'localstatedir' value for the AppArmor profile commit 75d40049630c9239a17bfb17c01920e5c356a6d9 Author: Michael Rash Date: Mon Apr 20 09:19:37 2015 -0700 changes since 2.6.5 ChangeLog.git | 1794 +++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 1233 insertions(+), 561 deletions(-) commit bdc3751a840d7cc0c5944b767cd11d4355d59137 Author: Michael Rash Date: Mon Apr 20 08:47:51 2015 -0700 bump version to 2.6.6 ChangeLog | 2 +- VERSION | 2 +- configure.ac | 2 +- fwknop.spec | 11 +++++++---- 4 files changed, 10 insertions(+), 7 deletions(-) commit f18827b002e9f878b567bf0b05a1756a698de163 Author: Michael Rash Date: Mon Apr 20 08:45:09 2015 -0700 [test suite] make valgrind results requirements stronger for test passage test/test-fwknop.pl | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) commit 94af6172bb9ad73d3c1fe7f7641c1b52a0c85a91 Author: Michael Rash Date: Mon Apr 20 08:41:28 2015 -0700 [server] minor -h usage update server/config_init.c | 2 ++ 1 file changed, 2 insertions(+) commit 85733ded3cfab98fe4c95fc9f64680219334d5cf (refs/remotes/moria/master) Author: Michael Rash Date: Sun Apr 19 20:34:01 2015 -0400 [test suite] additional iptables exclusions for non-iptables systems test/test-fwknop.pl | 3 +++ test/tests/rijndael_hmac.pl | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) commit f757b4ebdad0f304528ad2d7cd26c09e0917988b Author: Ilya Tumaykin Date: Mon Apr 20 14:32:37 2015 +0300 extras: adjust 'localstatedir' value for the AppArmor profile Comments in the shipped AppArmor profile state that fwknopd is assumed to be built with 'localstatedir=/var', which is misleading for several reasons: * AppArmor profile assumes that fwknopd's pidfile and digest cache are under /run/fwknop by the looks of it, i.e. 'localstatedir' is '/run'. * By default these files are placed under /var/run/fwknop. Thus this profile implicitly relies on the existence of '/var/run -> /run' symlink and won't work otherwise when 'localstatedir' is '/var' Since GitHub PR#152 was merged, 'localstatedir' can be simply set to '/run' for AppArmor users to avoid this confusion. This changeset does it. If anyone had it working before, they should have it working now as the shipped AppArmor profile required /run existence before as well. extras/apparmor/configure_args.sh | 2 +- extras/apparmor/usr.sbin.fwknopd | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit b2109f563011786ab8cc7d8aca79d72db1b74cdf Author: Michael Rash Date: Sun Apr 19 19:44:43 2015 -0700 [server] remove unncessary NULL check spotted by Coverity server/replay_cache.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f962edda0023a07554342cb7a0aaabd15ad1c8ff Author: Michael Rash Date: Sun Apr 19 19:37:06 2015 -0700 [extras] update Coverity installation path extras/coverity/coverity_scan.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a606a9c565df1359c383f7f356b8dfd0203fba9f Author: Michael Rash Date: Sun Apr 19 18:52:08 2015 -0700 [test suite] fw prefixes aren't used on non-Linux systems yet test/test-fwknop.pl | 4 ---- 1 file changed, 4 deletions(-) commit 48acac160a230baf1d892ef60b796f33d5790121 Author: Michael Rash Date: Sun Apr 19 18:49:28 2015 -0700 [test suite] pick up pf and ipfw firewalls for prefix designation test/test-fwknop.pl | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit db80c81f660e0be5ba8229af631b87462fa273e8 Merge: e39d347 b21c04e Author: Michael Rash Date: Sun Apr 19 21:15:51 2015 -0400 Merge pull request #152 from Coacher/master server: remove extra '/run' subdir from paths commit e39d34750bc9a751c07d4132715ef3d971e0821f Author: Michael Rash Date: Sun Apr 19 17:48:18 2015 -0700 [server] switch from abs() to labs() for time difference calculation This commit fixes the following warning during compilation on Mac OS X: gcc -DHAVE_CONFIG_H -I. -I.. -I ../lib -I ../common -DSYSCONFDIR=\"/etc\" -DSYSRUNDIR=\"/var\" -g -O2 -Wall -Wformat -Wformat-security -fstack-protector-all -fstack-protector -fPIE -D_FORTIFY_SOURCE=2 -MT fwknopd-incoming_spa.o -MD -MP -MF .deps/fwknopd-incoming_spa.Tpo -c -o fwknopd-incoming_spa.o `test -f 'incoming_spa.c' || echo './'`incoming_spa.c incoming_spa.c:736:23: warning: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Wabsolute-value] ts_diff = abs(now_ts - spadat.timestamp); ^ incoming_spa.c:736:23: note: use function 'labs' instead ts_diff = abs(now_ts - spadat.timestamp); ^~~ labs 1 warning generated. server/incoming_spa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b21c04e9d6c49ebbc613080733193698569dd639 Merge: e333cba 93a3798 Author: Ilya Tumaykin Date: Mon Apr 20 02:46:41 2015 +0300 Merge remote-tracking branch 'upstream/master' commit e333cba945925ae356d83ba0da3a95ee82bc8fb2 Author: Ilya Tumaykin Date: Mon Apr 20 02:43:10 2015 +0300 server: remove extra '/run' subdir from paths Having extra '/run' subdirectory hardcoded into paths used for options 'digest-file', 'pid-file', 'run-dir' is counterintuitive and can lead to bogus directory layouts when 'localstatedir' differs from the default value. For example, if 'localstatedir' is set to '/run', which is a common and recommended substitute for /var/run in many distros nowadays, then fwknop files will be placed under /run/run/fwknop. This changeset removes extra '/run' subdirectory from all relevant paths by changing DEF_RUN_DIR. Default value of 'localstatedir' is changed to '/var/run' so users who relied on the previous behaviour won't have to bother changing anything. This is tested and works. Gentoo have this patch applied since 2.6.0. doc/fwknopd.man.asciidoc | 10 +++++----- fwknop.spec | 2 +- server/fwknopd.8.in | 10 +++++----- server/fwknopd_common.h | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) commit 93a3798cc10ea1a3eb746d8a2a1fc844410a9c83 Author: Michael Rash Date: Sun Apr 19 13:25:11 2015 -0700 [test suite] exclude server restart cycle from valgrind results parsing test/test-fwknop.pl | 7 +++++++ 1 file changed, 7 insertions(+) commit cc765a23dba91f7ef4f7bbfe75dba90377cf4e68 Author: Michael Rash Date: Sun Apr 19 12:22:55 2015 -0700 [test suite] minor FORCE_NAT config tweak test/conf/require_force_nat_access.conf | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit b1100cb730a71bafb5bd42184e5981afc305858c Author: Michael Rash Date: Sun Apr 19 07:16:30 2015 -0700 [server] NAT validation only applies to systems running iptables or firewalld server/access.c | 2 ++ 1 file changed, 2 insertions(+) commit 68db4b77a5c0c87682160e212a81acb4e682d8ee Author: Michael Rash Date: Sun Apr 19 07:11:10 2015 -0700 [server] allow FORWARD_ALL to control whether FORCE_NAT is required server/access.c | 4 ++-- test/conf/open_ports_force_masq_access.conf | 1 + test/tests/basic_operations.pl | 28 +++++++++++++++++++++++----- test/tests/rijndael.pl | 5 ++--- 4 files changed, 28 insertions(+), 10 deletions(-) commit 0ecc2d233365234cd0690e19000bfd56d910104e Author: Michael Rash Date: Sun Apr 19 07:10:26 2015 -0700 minor docs update CREDITS | 6 ++++++ ChangeLog | 5 +++++ 2 files changed, 11 insertions(+) commit bb5aa928d90963bc43ca320d0680b5bcaaa95718 Author: Michael Rash Date: Sat Apr 18 12:33:11 2015 -0700 [server] fix typos from corresponding firewalld changes server/fw_util_iptables.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c9dedd33784581726571a7437dda3ccc7476655a Merge: 0395965 baf3f70 Author: Michael Rash Date: Sat Apr 18 05:39:01 2015 -0700 Merge branch 'master' of https://github.com/mrash/fwknop commit 03959653ca1dee79337bea76bd2320fe86418569 Author: Michael Rash Date: Sat Apr 18 05:38:35 2015 -0700 [server] differentiate MASQUERADE from SNAT with a dedicated FWKNOP_MASQUERADE chain server/fw_util_firewalld.c | 76 ++++++++++++++++++++-------------------------- server/fw_util_firewalld.h | 1 + server/fw_util_iptables.c | 72 +++++++++++++++++++------------------------ server/fwknopd.conf | 4 +-- server/fwknopd_common.h | 4 +-- 5 files changed, 69 insertions(+), 88 deletions(-) commit f06c6e3b9c4e4d5a83af4d22f0d5d7592f1a45de Author: Michael Rash Date: Sat Apr 18 05:37:31 2015 -0700 [test suite] allow default FORCE_NAT 0.0.0.0 0 to apply test/conf/hmac_forward_all_access.conf | 1 - 1 file changed, 1 deletion(-) commit 19f00c0dbef4548cb702794a5757301357b2a259 Author: Michael Rash Date: Sat Apr 18 05:33:00 2015 -0700 [test suite] add jump rule validation, include complete fwknopd chain listings test/test-fwknop.pl | 46 +++++++++++++++++++++++++++++++++++++++------- 1 file changed, 39 insertions(+), 7 deletions(-) commit 55cbebe7bbda3540d6113bc6807be5ddebbaf059 Author: Michael Rash Date: Sat Apr 18 05:30:39 2015 -0700 ChangeLog and doc updates ChangeLog | 16 +++++++++++++--- doc/fwknopd.man.asciidoc | 18 +++++++++++++++++- 2 files changed, 30 insertions(+), 4 deletions(-) commit baf3f706d8cbce7f0a91e2b394a054f8b590eaf0 Merge: 1e9f7e9 fba6473 Author: Michael Rash Date: Thu Apr 16 21:45:59 2015 -0400 Merge pull request #151 from mrdanbrooks/master android: allow definition of custom server udp port commit fba6473b1cd5475311c990477dbff05d56d439dc Author: dan brooks Date: Wed Apr 15 16:52:34 2015 -0400 android: allow definition of custom server udp port android/project/jni/fwknop/fwknop_client.c | 10 +++++++++- android/project/res/layout/main.xml | 21 +++++++++++++++++++++ .../src/com/max2idea/android/fwknop/Fwknop.java | 13 +++++++++++++ 3 files changed, 43 insertions(+), 1 deletion(-) commit 1e9f7e94f0152e14535ce66de915ee05664d9a3b Author: Michael Rash Date: Sun Apr 12 16:05:01 2015 -0700 [server] consolidate chain creation within mk_chain() server/fw_util_firewalld.c | 2 +- server/fw_util_iptables.c | 30 ++++++++++-------------------- 2 files changed, 11 insertions(+), 21 deletions(-) commit c0f3ed38a8f2347e9db5679fa2488ad3cc31c94a Author: Michael Rash Date: Sun Apr 12 16:01:29 2015 -0700 [server] further error status simplication for firewalld server/fw_util_firewalld.c | 56 ++++++++++++++++++++++------------------------ server/fw_util_firewalld.h | 4 +++- 2 files changed, 30 insertions(+), 30 deletions(-) commit cf8c4df50e20b352897b130fa1abde6bb8a75eeb Author: Michael Rash Date: Sun Apr 12 15:57:44 2015 -0700 [server] remove DISABLE_DNAT exception for SPA packets that request a NAT operation - this is reserved for FORCE_NAT scenarios server/fw_util_iptables.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 912c625e9e71ec186d7c8ee6179e34a2ee00dfd7 Author: Michael Rash Date: Sun Apr 12 15:55:20 2015 -0700 [server] remove DISABLE_DNAT exception for SPA packets that request a NAT operation - this is reserved for FORCE_NAT scenarios server/fw_util_firewalld.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 654f455ba685b0272b19e1689d13d0e4849a2751 Author: Michael Rash Date: Sun Apr 12 15:49:19 2015 -0700 Revert "[server] use 'success' string for firewalld as returned firewall-cmd for command success" This reverts commit 1e33119b04a583fbf18b5b562edb14301a2ca7d6. server/fw_util_firewalld.c | 46 ++++++++++++++++++++-------------------------- 1 file changed, 20 insertions(+), 26 deletions(-) commit ffeb60677d926882063e89896b6c16cc9a82e334 Author: Michael Rash Date: Sun Apr 12 15:49:08 2015 -0700 [test suite] update SNAT MASQ test to use force masq access file test/tests/rijndael.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7dc41e68eff9e19ab4d1e4084978b8127cc45dcf Author: Michael Rash Date: Sun Apr 12 15:48:14 2015 -0700 [test suite] add open_ports_force_masq_access.conf file Makefile.am | 1 + 1 file changed, 1 insertion(+) commit 86cdc90f4a961017d8e0821ef750cb65e1b79a07 Author: Michael Rash Date: Sun Apr 12 15:47:41 2015 -0700 [test suite] add open_ports_force_masq_access.conf file test/conf/open_ports_force_masq_access.conf | 6 ++++++ test/test-fwknop.pl | 1 + 2 files changed, 7 insertions(+) commit 5164378b17a88a6dc008a2ac5495b7885d2b4524 Author: Michael Rash Date: Thu Apr 9 22:23:17 2015 -0400 [build] add --enable-32bit-mode for ASAN+AFL fuzzing configure.ac | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 513fb239dfd92287e910240b8ed3b8c29f77c66e Merge: 87a4acb 1986c9a Author: Michael Rash Date: Thu Apr 9 21:21:45 2015 -0400 Merge branch 'master' of ssh://github.com/mrash/fwknop commit 87a4acb6364070cb2a58888352147e29788770b5 Author: Michael Rash Date: Thu Apr 9 18:04:31 2015 -0700 [test suite] added detection for crashes triggered with AddressSanitizer (requires --enable-asan-support) test/test-fwknop.pl | 8 ++++++++ 1 file changed, 8 insertions(+) commit 1986c9aaf94dfc76ebc7c669a61df0c289dbda91 Author: Michael Rash Date: Thu Apr 9 20:01:59 2015 -0400 [test suite] added AFL results for client-rc fuzzing test/afl/results/2.6.6/c4ffd4b/client-rc | 25 +++++++++++++++++++++ .../2.6.6/c4ffd4b/client-rc-plot/exec_speed.png | Bin 0 -> 36489 bytes .../2.6.6/c4ffd4b/client-rc-plot/high_freq.png | Bin 0 -> 20967 bytes .../2.6.6/c4ffd4b/client-rc-plot/index.html | 10 +++++++++ .../2.6.6/c4ffd4b/client-rc-plot/low_freq.png | Bin 0 -> 12932 bytes 5 files changed, 35 insertions(+) commit 2d0b623a9a12e6f75339c94650a84185d017cdcc Author: Michael Rash Date: Wed Apr 8 18:50:26 2015 -0700 [test suite] more FORCE_NAT tests test/tests/basic_operations.pl | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) commit ca41ce6e7592de7aed1137014b39a1cd0fac1d5d Author: Michael Rash Date: Wed Apr 8 18:40:44 2015 -0700 [test suite] restore FORCE_SNAT test passing result test/tests/basic_operations.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 547dbb66b3314206b9b1db619e512a687a18a94c Author: Michael Rash Date: Wed Apr 8 18:30:03 2015 -0700 [server] minor return value handling update for create_chain() and add_jump_rule() server/fw_util_iptables.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit 1e33119b04a583fbf18b5b562edb14301a2ca7d6 Author: Michael Rash Date: Wed Apr 8 18:29:03 2015 -0700 [server] use 'success' string for firewalld as returned firewall-cmd for command success server/fw_util_firewalld.c | 46 ++++++++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 20 deletions(-) commit 429881703f7afbd92a803a16a4afb88a2350ff2d Author: Michael Rash Date: Wed Apr 8 18:24:26 2015 -0700 [test suite] minor uninitialized var bug fix test/tests/basic_operations.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ab2d9c0aec1fbd6bc226181ac5c1bee3ad8f173c Author: Michael Rash Date: Tue Apr 7 16:35:07 2015 -0700 [test suite] minor path bug fix test/test-fwknop.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0fa42ae11781c1347c183473c47c3005bf4ca2e9 Author: Michael Rash Date: Tue Apr 7 16:34:49 2015 -0700 [server] allow DISABLE_DNAT to not require FORCE_NAT server/access.c | 23 ++++++++----- server/fw_util_firewalld.c | 57 +++++++++++++++++---------------- server/fw_util_iptables.c | 57 +++++++++++++++++---------------- test/conf/require_force_nat_access.conf | 2 +- test/tests/basic_operations.pl | 10 ++++++ test/tests/rijndael_hmac.pl | 10 ------ 6 files changed, 84 insertions(+), 75 deletions(-) commit 7a21494f3913142885c0744e18443f8528105d3d Author: Michael Rash Date: Tue Apr 7 16:32:44 2015 -0700 added --enable-asan-support for Google's Address Sanitizer compiler flags ChangeLog | 3 +++ configure.ac | 13 +++++++++++++ 2 files changed, 16 insertions(+) commit 21dc1e8968e69a51cea89f8c5299d4f7b020453c Merge: 8010690 3d8b524 Author: Michael Rash Date: Tue Apr 7 08:24:21 2015 -0400 Merge branch 'master' of ssh://minastirith/Users/mbr/git/fwknop commit 3d8b524019f7bfdfe409196f65877b6975117bb1 Author: Michael Rash Date: Tue Apr 7 08:23:55 2015 -0400 [test suite] FORCE_SNAT requires FORCE_NAT test Makefile.am | 3 +++ test/test-fwknop.pl | 1 + test/tests/rijndael_hmac.pl | 10 ++++++++++ 3 files changed, 14 insertions(+) commit 37c9f38565c48244fe4606f87b93ba2b3db28f6d Author: Michael Rash Date: Mon Apr 6 21:20:31 2015 -0400 [test suite] FORCE_SNAT requires FORCE_NAT test test/conf/require_force_nat_access.conf | 8 ++++++++ 1 file changed, 8 insertions(+) commit 8e6db3a5da1d2624a10929742aa1b58f374b7949 Author: Michael Rash Date: Mon Apr 6 20:04:33 2015 -0400 [server] extend FORWARD_ALL to apply to NAT operations This is a significant commit to allow all ports and protocols to be NAT'd in conjunction with FORWARD ACCEPT rules. This commit is in support of 6b7a3bbdae295c29a15a59385e637bd391858bc2 to allow fwknopd to function as an SPA gateway. server/access.c | 6 +- server/fw_util_iptables.c | 492 ++++++++++++++++---------- server/fw_util_iptables.h | 2 + server/fwknopd.conf | 8 +- server/fwknopd_common.h | 5 +- test/conf/hmac_force_masq_no_dnat_access.conf | 7 + test/conf/hmac_forward_all_access.conf | 8 + test/test-fwknop.pl | 2 + test/tests/rijndael_hmac.pl | 46 ++- 9 files changed, 375 insertions(+), 201 deletions(-) commit 80106900394505e6932e7f55a49ddae9b22a3d5c Author: Michael Rash Date: Mon Apr 6 11:47:07 2015 -0700 [server] add missing #define's for firewalld server/fw_util_firewalld.h | 2 ++ 1 file changed, 2 insertions(+) commit ef6c0549a58aff051ff796b215223b8590aa0078 Author: Michael Rash Date: Mon Apr 6 01:33:18 2015 -0700 [test suite] added --prefer-iptables to exclude firewalld test/test-fwknop.pl | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit c25f34e7a2808c276364532f6e0f8fd98e6c1b61 Author: Michael Rash Date: Mon Apr 6 01:24:55 2015 -0700 [server] update firewalld for FORWARD_ALL NAT operations server/fw_util_firewalld.c | 492 ++++++++++++++++++++++++++++----------------- server/fwknopd_common.h | 3 - 2 files changed, 305 insertions(+), 190 deletions(-) commit ca467b9030705189499001cf53d7068c1a5d4561 Author: Michael Rash Date: Tue Mar 31 19:58:18 2015 -0400 [test suite] added AFL results for spa-pkts and server-digest-cache fuzzing runs test/afl/results/2.6.6/a18b3e9/spa-pkts | 26 +++++++++++++++++++++ .../2.6.6/a18b3e9/spa-pkts-plot/exec_speed.png | Bin 0 -> 15670 bytes .../2.6.6/a18b3e9/spa-pkts-plot/high_freq.png | Bin 0 -> 23913 bytes .../results/2.6.6/a18b3e9/spa-pkts-plot/index.html | 10 ++++++++ .../2.6.6/a18b3e9/spa-pkts-plot/low_freq.png | Bin 0 -> 10437 bytes test/afl/results/2.6.6/c4ffd4b/server-digest-cache | 26 +++++++++++++++++++++ .../server-digest-cache-plot/exec_speed.png | Bin 0 -> 14618 bytes .../c4ffd4b/server-digest-cache-plot/high_freq.png | Bin 0 -> 22748 bytes .../c4ffd4b/server-digest-cache-plot/index.html | 10 ++++++++ .../c4ffd4b/server-digest-cache-plot/low_freq.png | Bin 0 -> 8961 bytes 10 files changed, 72 insertions(+) commit c4ffd4b00a86d46ebf3cc3fcd65e6e841d7bb899 Author: Michael Rash Date: Mon Mar 30 21:38:31 2015 -0400 [extras] minor ramdisk creation bug fix extras/ramdisk/ramdisk-create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a18b3e90272709bf1660b97421dd208e72af0bff Author: Michael Rash Date: Sun Mar 29 18:15:11 2015 -0700 [server] minor code coverage update for firewalld systems server/fw_util_firewalld.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 244d2692f284034fa75ea37be4ea21e303abb1eb Author: Michael Rash Date: Sun Mar 29 08:04:55 2015 -0400 [test suite] added server-access plot data .../2.6.6/ea7f22f/server-access-plot/exec_speed.png | Bin 0 -> 22475 bytes .../2.6.6/ea7f22f/server-access-plot/high_freq.png | Bin 0 -> 22220 bytes .../results/2.6.6/ea7f22f/server-access-plot/index.html | 10 ++++++++++ .../2.6.6/ea7f22f/server-access-plot/low_freq.png | Bin 0 -> 10671 bytes 4 files changed, 10 insertions(+) commit cb089c550d994708154b8265027b1afe46efbe92 Author: Michael Rash Date: Sun Mar 29 08:00:03 2015 -0400 [test suite] added server-access AFL results run test/afl/results/2.6.6/ea7f22f/server-access | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) commit 60d982a1034dd3519fc0d682e6c1050454e0c570 Author: Michael Rash Date: Sat Mar 28 07:54:30 2015 -0400 [test suite] added GPG 4096-bit key combination tests Makefile.am | 1 + test/conf/gpg_dirs.tar.gz | Bin 20585 -> 29331 bytes test/conf/gpg_server_large_key_access.conf | 6 ++++++ test/test-fwknop.pl | 14 ++++++++++++++ test/tests/gpg_no_pw.pl | 22 ++++++++++++++++++++++ 5 files changed, 43 insertions(+) commit 1dc4a47357347cec43590086df0b98dfc5ff0d93 Author: Michael Rash Date: Thu Mar 26 22:04:20 2015 -0400 [libfko] minor update to make process_sigs() static lib/gpgme_funcs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9de2a61d040f7fce247ef47de36214ac26b919c2 Author: Michael Rash Date: Thu Mar 26 22:01:52 2015 -0400 add subkey gpg access.conf file Makefile.am | 1 + 1 file changed, 1 insertion(+) commit 0f86406afb37fc571d97d383bb7db5b3fa250419 Author: Michael Rash Date: Thu Mar 26 22:01:02 2015 -0400 [test suite] added gpg subkey signing test test/conf/gpg_dirs.tar.gz | Bin 12472 -> 20585 bytes test/conf/gpg_subkey_access.conf | 6 ++++++ test/test-fwknop.pl | 19 +++++++++++++++++++ test/tests/gpg_no_pw.pl | 12 ++++++++++++ 4 files changed, 37 insertions(+) commit edd57f48de63d4ebd6fcaa8842ced82017b3b664 Author: Michael Rash Date: Tue Mar 24 22:45:07 2015 -0400 add test/conf/gpg_large_signing_key_access.conf Makefile.am | 1 + 1 file changed, 1 insertion(+) commit 91a4e82f237a6df4233d1f4830ad2b647aa7759c Author: Michael Rash Date: Tue Mar 24 22:38:41 2015 -0400 [test suite] added 4096-bit signing key test test/conf/gpg_large_signing_key_access.conf | 6 ++++++ test/test-fwknop.pl | 10 ++++++++++ test/tests/gpg_no_pw.pl | 12 ++++++++++++ 3 files changed, 28 insertions(+) commit 59d0ef0b17e8fb8c6c05b8de07de0767b76823e1 Author: Michael Rash Date: Tue Mar 24 22:03:21 2015 -0400 [test suite] minor file rename Makefile.am | 2 +- test/conf/gpg_dirs.tar.gz | Bin 0 -> 12472 bytes test/conf/gpg_dirs_orig.tar.gz | Bin 12472 -> 0 bytes test/test-fwknop.pl | 6 +++--- 4 files changed, 4 insertions(+), 4 deletions(-) commit 1594194e7335ce660e1b73302711677f0c67762a Author: Michael Rash Date: Tue Mar 24 22:01:55 2015 -0400 [test suite] added new gpg keyrings for large key tests (4096 bits) test/conf/gpg_dirs_orig.tar.gz | Bin 3876 -> 12472 bytes 1 file changed, 0 insertions(+), 0 deletions(-) commit 17382953e86b7f3a5fad1ba4de36a2805f52442e Author: Michael Rash Date: Tue Mar 24 21:44:38 2015 -0400 [test suite] minor usage update test/test-fwknop.pl | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit ce0bb64830dbd782aadd9e932aa117a70b64643d Author: Michael Rash Date: Mon Mar 23 18:07:13 2015 -0700 [test suite] restructured AFL results directory to results/version/commit/ test/afl/results/2.6.5/67f969f/server-access | 25 + .../67f969f/server-access-plot/exec_speed.png | Bin 0 -> 20466 bytes .../2.6.5/67f969f/server-access-plot/high_freq.png | Bin 0 -> 22305 bytes .../2.6.5/67f969f/server-access-plot/index.html | 10 + .../67f969f/server-access-plot/index.html.orig | 10 + .../2.6.5/67f969f/server-access-plot/low_freq.png | Bin 0 -> 11027 bytes .../2.6.5/67f969f/server-access-plot/plot_data | 7337 ++++++++++++++++++++ test/afl/results/2.6.5/7a2763a/spa-pkts | 25 + test/afl/results/2.6.5/aeac6a4/server-conf | 25 + test/afl/results/2.6.5/aeac6a4/server-digest-cache | 25 + test/afl/results/2.6.5/aeac6a4/server-enc-pkts | 25 + test/afl/results/2.6.5/db8b5e4/server-access | 25 + .../db8b5e4/server-access-plot/exec_speed.png | Bin 0 -> 27214 bytes .../2.6.5/db8b5e4/server-access-plot/high_freq.png | Bin 0 -> 22590 bytes .../2.6.5/db8b5e4/server-access-plot/index.html | 10 + .../db8b5e4/server-access-plot/index.html.orig | 10 + .../2.6.5/db8b5e4/server-access-plot/low_freq.png | Bin 0 -> 10548 bytes test/afl/results/2.6.6/59edf64/spa-pkts | 27 + test/afl/results/plot-2.6.5.67f969f/exec_speed.png | Bin 20466 -> 0 bytes test/afl/results/plot-2.6.5.67f969f/high_freq.png | Bin 22305 -> 0 bytes test/afl/results/plot-2.6.5.67f969f/index.html | 10 - .../afl/results/plot-2.6.5.67f969f/index.html.orig | 10 - test/afl/results/plot-2.6.5.67f969f/low_freq.png | Bin 11027 -> 0 bytes test/afl/results/plot-2.6.5.67f969f/plot_data | 7337 -------------------- test/afl/results/plot-2.6.5.db8b5e4/exec_speed.png | Bin 27214 -> 0 bytes test/afl/results/plot-2.6.5.db8b5e4/high_freq.png | Bin 22590 -> 0 bytes test/afl/results/plot-2.6.5.db8b5e4/index.html | 10 - .../afl/results/plot-2.6.5.db8b5e4/index.html.orig | 10 - test/afl/results/plot-2.6.5.db8b5e4/low_freq.png | Bin 10548 -> 0 bytes test/afl/results/server-access-2.6.5.67f969f | 25 - test/afl/results/server-access-2.6.5.db8b5e4 | 25 - test/afl/results/server-conf-2.6.5.aeac6a4 | 25 - test/afl/results/server-digest-cache-2.6.5.aeac6a4 | 25 - test/afl/results/server-enc-pkts-2.6.5.aeac6a4 | 25 - test/afl/results/spa-pkts-2.6.5.59edf64 | 27 - test/afl/results/spa-pkts-2.6.5.7a2763a | 25 - 36 files changed, 7554 insertions(+), 7554 deletions(-) commit 08bc2aa60301912716acc882b918d73fcbfbdafb Author: Michael Rash Date: Mon Mar 23 17:55:59 2015 -0700 [test suite] rely exclusively on tarball for gpg keyrings Makefile.am | 12 ------------ test/conf/client-gpg-no-pw/pubring.gpg | Bin 2480 -> 0 bytes test/conf/client-gpg-no-pw/secring.gpg | Bin 1274 -> 0 bytes test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 0 bytes test/conf/client-gpg/pubring.gpg | Bin 2480 -> 0 bytes test/conf/client-gpg/secring.gpg | Bin 1350 -> 0 bytes test/conf/client-gpg/trustdb.gpg | Bin 1360 -> 0 bytes test/conf/server-gpg-no-pw/pubring.gpg | Bin 2480 -> 0 bytes test/conf/server-gpg-no-pw/secring.gpg | Bin 1276 -> 0 bytes test/conf/server-gpg-no-pw/trustdb.gpg | Bin 1360 -> 0 bytes test/conf/server-gpg/pubring.gpg | Bin 2480 -> 0 bytes test/conf/server-gpg/secring.gpg | Bin 1352 -> 0 bytes test/conf/server-gpg/trustdb.gpg | Bin 1360 -> 0 bytes test/test-fwknop.pl | 4 ++++ 14 files changed, 4 insertions(+), 12 deletions(-) commit 90fb4c9aca0e10b75394a5cf5fa60e03df3e293e Author: Michael Rash Date: Sun Mar 22 22:26:29 2015 -0400 minor comment addition test/afl/fuzzing-wrappers/helpers/afl-cmin/README | 1 + 1 file changed, 1 insertion(+) commit 5aacd6ae213d3a7ece43e51b732b28b55933f7ea Author: Michael Rash Date: Sun Mar 22 22:18:04 2015 -0400 added convenience script to create a ramdisk for AFL fuzzing runs extras/ramdisk/ramdisk-create.sh | 8 ++++++++ 1 file changed, 8 insertions(+) commit ea7f22f8421420205d4ff759ca51b3ecb2c571b5 Author: Michael Rash Date: Sun Mar 22 22:12:37 2015 -0400 fix line separators Makefile.am | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) commit f87e18635c9c37f13f864939cc6830fcf266201a Author: Michael Rash Date: Sun Mar 22 22:06:19 2015 -0400 update Makefile.am for latest AFL scripts and test cases Makefile.am | 63 ++++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 41 insertions(+), 22 deletions(-) commit 2414393c94a75661949fd76ebd5f0bc0618a22f7 Author: Michael Rash Date: Sun Mar 22 22:02:12 2015 -0400 added the extras/patches/ directory (initial patch to link against pthreads for libfiu support) extras/patches/libfiu_add_pthreads.patch | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 211f1fb5a2b3597cbdfd5016b2d22de9d891f3ed Author: Michael Rash Date: Sun Mar 22 22:00:21 2015 -0400 [test suite] update afl-compile-code-coverage.sh to not use afl-gcc Makefile.am | 1 - test/afl/compile/afl-compile-code-coverage.sh | 17 ++++++++++++----- test/afl/compile/afl-gen-code-coverage.sh | 13 ------------- 3 files changed, 12 insertions(+), 19 deletions(-) commit d058493d3b0e6b8b073f7d4ebe09236dcc4ea109 Author: Michael Rash Date: Sun Mar 22 17:41:26 2015 -0700 [test suite] handle versions of lcov that don't have the --rc option ChangeLog | 8 ++++++-- Makefile.am | 2 ++ test/gen-coverage-report.sh | 8 ++++---- test/init-lcov.sh | 4 ++-- test/lcov.env | 9 +++++++++ 5 files changed, 23 insertions(+), 8 deletions(-) commit c7be9baf9c22757af3e37c70a8d7d23b37c14c97 Author: Michael Rash Date: Sun Mar 22 14:46:07 2015 -0700 [test suite] better lcov coverage report handling with --initial and --zerocounters test/gen-coverage-report.sh | 28 ++++++---------------------- test/init-lcov.sh | 14 ++++++++++++++ test/lcov.env | 5 +++++ test/test-fwknop.pl | 2 ++ 4 files changed, 27 insertions(+), 22 deletions(-) commit 56e2e5ca2fa5e2335b5faff194f4e8c4b0f7898d Author: Michael Rash Date: Thu Mar 19 23:45:22 2015 -0400 [test suite] restore digest length calculation for AFL fuzzing, fixes #148 lib/fko_decode.c | 6 ------ 1 file changed, 6 deletions(-) commit 67fefd67ae1a470bf8753811bffa5cdf2f3442e4 Author: Michael Rash Date: Thu Mar 19 23:39:16 2015 -0400 [test suite] added README for afl-cmin helper scripts test/afl/fuzzing-wrappers/helpers/afl-cmin/README | 12 ++++++++++++ .../fuzzing-wrappers/helpers/afl-cmin/server-access-cmin.sh | 1 - 2 files changed, 12 insertions(+), 1 deletion(-) commit c4048573c6d325cd692c1b58159abca2e68c7b19 Author: Michael Rash Date: Thu Mar 19 23:37:04 2015 -0400 [test suite] removed SPA packet from afl-cmin corpus test/afl/test-cases/spa-pkts.cmin/spa3_md5.start | 1 - 1 file changed, 1 deletion(-) commit 8ad434aed5dfa18d9e15ce586e0464ddc6bae10f Author: Michael Rash Date: Thu Mar 19 23:02:40 2015 -0400 [test suite] the large afl-cmin directories are not used by default test/afl/fuzzing-wrappers/server-conf.sh | 2 +- .../server-access.cmin/cfb_mode_access.conf | 4 --- .../test-cases/server-access.cmin/cmd_access.conf | 4 --- .../server-access.cmin/cmd_giduid_access.conf | 6 ---- .../server-access.cmin/cmd_setuid_access.conf | 5 --- .../server-access.cmin/ctr_mode_access.conf | 4 --- .../server-access.cmin/default_fwknopd.conf | 1 - .../dual_key_legacy_iv_access.conf | 10 ------ .../server-access.cmin/ecb_mode_access.conf | 4 --- .../expired_epoch_stanza_access.conf | 4 --- .../server-access.cmin/expired_stanza_access.conf | 4 --- .../server-access.cmin/force_nat_access.conf | 4 --- .../fuzzing_open_ports_access.conf | 4 --- .../fuzzing_restrict_ports_access.conf | 5 --- .../server-access.cmin/fuzzing_source_access.conf | 4 --- .../server-access.cmin/fwknoprc_with_default_key | 2 -- .../gpg_no_sig_no_fpr_access.conf | 8 ----- .../hmac_dual_key_usage_access.conf | 12 ------- .../server-access.cmin/hmac_equal_keys_access.conf | 17 --------- .../server-access.cmin/hmac_force_masq_access.conf | 6 ---- .../server-access.cmin/hmac_force_snat_access.conf | 6 ---- .../server-access.cmin/hmac_fuzzing_access.conf | 5 --- .../server-access.cmin/hmac_get_key_access.conf | 4 --- .../hmac_invalid_type_access.conf | 5 --- .../hmac_md5_short_key_access.conf | 5 --- .../hmac_no_b64_cygwin_access.conf | 4 --- .../hmac_sha1_short_key_access.conf | 5 --- .../server-access.cmin/hmac_sha384_access.conf | 5 --- .../hmac_sha512_short_key2_access.conf | 5 --- .../hmac_simple_keys_access.conf | 4 --- .../icmp_pcap_filter_fwknopd.conf | 1 - .../server-access.cmin/invalid_expire_access.conf | 4 --- .../server-access.cmin/invalid_source_access.conf | 6 ---- .../server-access.cmin/ip_source_match_access.conf | 3 -- .../ipt_custom_nat_chain_fwknopd.conf | 5 --- .../ipt_no_flush_init_or_exit_fwknopd.conf | 2 -- .../server-access.cmin/ipt_snat_fwknopd.conf | 3 -- .../legacy_iv_long_key2_access.conf | 4 --- .../server-access.cmin/multi_stanzas_access.conf | 12 ------- .../multi_stanzas_with_broken_keys.conf | 15 -------- .../no_multi_source_match_access.conf | 3 -- .../server-access.cmin/ofb_mode_access.conf | 4 --- .../server-conf.cmin/default_fwknopd.conf | 1 - .../server-conf.cmin/fwknoprc_gpg_invalid_exe | 4 --- .../server-conf.cmin/fwknoprc_hmac_defaults | 40 --------------------- .../fwknoprc_hmac_time_offset_days | 18 ---------- .../server-conf.cmin/fwknoprc_stanza_list | 8 ----- .../server-conf.cmin/fwknoprc_with_named_key | 3 -- .../test-cases/server-conf.cmin/gpg_access.conf | 7 ---- .../server-conf.cmin/gpg_dirs_orig.tar.gz | Bin 3876 -> 0 bytes .../server-conf.cmin/icmp_pcap_filter_fwknopd.conf | 1 - .../invalid_ipt_input_chain_3_fwknopd.conf | 1 - .../invalid_ipt_input_chain_4_fwknopd.conf | 1 - .../invalid_ipt_input_chain_5_fwknopd.conf | 1 - .../invalid_ipt_input_chain_fwknopd.conf | 1 - .../ipt_custom_nat_chain_fwknopd.conf | 5 --- .../ipt_no_flush_init_fwknopd.conf | 1 - .../server-conf.cmin/ipt_output_chain_fwknopd.conf | 2 -- .../server-conf.cmin/ipt_snat_fwknopd.conf | 3 -- .../ipt_snat_no_translate_ip_fwknopd.conf | 2 -- .../test-cases/server-conf.cmin/multi_pkts.pcap | Bin 46890 -> 0 bytes .../server-conf.cmin/override2_fwknopd.conf | 2 -- .../override_no_digest_tracking_fwknopd.conf | 1 - .../test-cases/server-conf.cmin/spa_over_http.pcap | Bin 1846 -> 0 bytes .../server-conf.cmin/spa_over_http_fwknopd.conf | 1 - .../test-cases/server-conf.cmin/spa_replay.pcap | Bin 910 -> 0 bytes .../server-conf.cmin/var_expansion_fwknopd.conf | 2 -- .../var_expansion_invalid_fwknopd.conf | 2 -- 68 files changed, 1 insertion(+), 326 deletions(-) commit ab5c000a32dca8e6584be55d168810f774856b32 Author: Michael Rash Date: Thu Mar 19 22:55:50 2015 -0400 [test suite] added afl-cmin scripts, and the main test suite configs are referenced server/config_init.c | 4 +-- .../helpers/afl-cmin/server-access-cmin.sh | 19 ++++++++++ .../helpers/afl-cmin/server-conf-cmin.sh | 18 ++++++++++ .../helpers/afl-cmin/spa-pkts-cmin.sh | 9 +++-- test/afl/fuzzing-wrappers/server-access.sh | 5 +-- test/afl/fuzzing-wrappers/server-conf.sh | 7 ++-- .../server-access.cmin/cfb_mode_access.conf | 4 +++ .../test-cases/server-access.cmin/cmd_access.conf | 4 +++ .../server-access.cmin/cmd_giduid_access.conf | 6 ++++ .../server-access.cmin/cmd_setuid_access.conf | 5 +++ .../server-access.cmin/ctr_mode_access.conf | 4 +++ .../server-access.cmin/default_fwknopd.conf | 1 + .../dual_key_legacy_iv_access.conf | 10 ++++++ .../server-access.cmin/ecb_mode_access.conf | 4 +++ .../expired_epoch_stanza_access.conf | 4 +++ .../server-access.cmin/expired_stanza_access.conf | 4 +++ .../server-access.cmin/force_nat_access.conf | 4 +++ .../fuzzing_open_ports_access.conf | 4 +++ .../fuzzing_restrict_ports_access.conf | 5 +++ .../server-access.cmin/fuzzing_source_access.conf | 4 +++ .../server-access.cmin/fwknoprc_with_default_key | 2 ++ .../gpg_no_sig_no_fpr_access.conf | 8 +++++ .../hmac_dual_key_usage_access.conf | 12 +++++++ .../server-access.cmin/hmac_equal_keys_access.conf | 17 +++++++++ .../server-access.cmin/hmac_force_masq_access.conf | 6 ++++ .../server-access.cmin/hmac_force_snat_access.conf | 6 ++++ .../server-access.cmin/hmac_fuzzing_access.conf | 5 +++ .../server-access.cmin/hmac_get_key_access.conf | 4 +++ .../hmac_invalid_type_access.conf | 5 +++ .../hmac_md5_short_key_access.conf | 5 +++ .../hmac_no_b64_cygwin_access.conf | 4 +++ .../hmac_sha1_short_key_access.conf | 5 +++ .../server-access.cmin/hmac_sha384_access.conf | 5 +++ .../hmac_sha512_short_key2_access.conf | 5 +++ .../hmac_simple_keys_access.conf | 4 +++ .../icmp_pcap_filter_fwknopd.conf | 1 + .../server-access.cmin/invalid_expire_access.conf | 4 +++ .../server-access.cmin/invalid_source_access.conf | 6 ++++ .../server-access.cmin/ip_source_match_access.conf | 3 ++ .../ipt_custom_nat_chain_fwknopd.conf | 5 +++ .../ipt_no_flush_init_or_exit_fwknopd.conf | 2 ++ .../server-access.cmin/ipt_snat_fwknopd.conf | 3 ++ .../legacy_iv_long_key2_access.conf | 4 +++ .../server-access.cmin/multi_stanzas_access.conf | 12 +++++++ .../multi_stanzas_with_broken_keys.conf | 15 ++++++++ .../no_multi_source_match_access.conf | 3 ++ .../server-access.cmin/ofb_mode_access.conf | 4 +++ .../server-conf.cmin/default_fwknopd.conf | 1 + .../server-conf.cmin/fwknoprc_gpg_invalid_exe | 4 +++ .../server-conf.cmin/fwknoprc_hmac_defaults | 40 +++++++++++++++++++++ .../fwknoprc_hmac_time_offset_days | 18 ++++++++++ .../server-conf.cmin/fwknoprc_stanza_list | 8 +++++ .../server-conf.cmin/fwknoprc_with_named_key | 3 ++ .../test-cases/server-conf.cmin/gpg_access.conf | 7 ++++ .../server-conf.cmin/gpg_dirs_orig.tar.gz | Bin 0 -> 3876 bytes .../server-conf.cmin/icmp_pcap_filter_fwknopd.conf | 1 + .../invalid_ipt_input_chain_3_fwknopd.conf | 1 + .../invalid_ipt_input_chain_4_fwknopd.conf | 1 + .../invalid_ipt_input_chain_5_fwknopd.conf | 1 + .../invalid_ipt_input_chain_fwknopd.conf | 1 + .../ipt_custom_nat_chain_fwknopd.conf | 5 +++ .../ipt_no_flush_init_fwknopd.conf | 1 + .../server-conf.cmin/ipt_output_chain_fwknopd.conf | 2 ++ .../server-conf.cmin/ipt_snat_fwknopd.conf | 3 ++ .../ipt_snat_no_translate_ip_fwknopd.conf | 2 ++ .../test-cases/server-conf.cmin/multi_pkts.pcap | Bin 0 -> 46890 bytes .../server-conf.cmin/override2_fwknopd.conf | 2 ++ .../override_no_digest_tracking_fwknopd.conf | 1 + .../test-cases/server-conf.cmin/spa_over_http.pcap | Bin 0 -> 1846 bytes .../server-conf.cmin/spa_over_http_fwknopd.conf | 1 + .../test-cases/server-conf.cmin/spa_replay.pcap | Bin 0 -> 910 bytes .../server-conf.cmin/var_expansion_fwknopd.conf | 2 ++ .../var_expansion_invalid_fwknopd.conf | 2 ++ 73 files changed, 378 insertions(+), 9 deletions(-) commit 104aeca978d323db3e3a9cfb2c543547b32416cb Author: Michael Rash Date: Thu Mar 19 22:48:11 2015 -0400 [test suite] switch SPA packets test to use afl-cmin test cases test/afl/fuzzing-wrappers/helpers/afl-cmin/spa-pkts-cmin.sh | 7 +++++++ test/afl/fuzzing-wrappers/helpers/fwknopd-stdin-test.sh | 9 ++++++--- test/afl/fuzzing-wrappers/spa-pkts.sh | 2 +- test/afl/test-cases/spa-pkts.cmin/spa1_md5.start | 1 + test/afl/test-cases/spa-pkts.cmin/spa1_sha256.start | 1 + test/afl/test-cases/spa-pkts.cmin/spa1_sha384.start | 1 + test/afl/test-cases/spa-pkts.cmin/spa2_md5.start | 1 + test/afl/test-cases/spa-pkts.cmin/spa2_sha384.start | 1 + test/afl/test-cases/spa-pkts.cmin/spa3_md5.start | 1 + 9 files changed, 20 insertions(+), 4 deletions(-) commit 89d7241a51f102619ec24ac85566730c550e0652 Author: Michael Rash Date: Thu Mar 19 22:37:01 2015 -0400 [test suite] include all digest lengths for SPA input packets (afl-cmin usage will be next) test/afl/test-cases/spa-pkts/spa.start | 1 - test/afl/test-cases/spa-pkts/spa1_md5.start | 1 + test/afl/test-cases/spa-pkts/spa1_sha256.start | 1 + test/afl/test-cases/spa-pkts/spa1_sha384.start | 1 + test/afl/test-cases/spa-pkts/spa1_sha512.start | 1 + test/afl/test-cases/spa-pkts/spa2.start | 1 - test/afl/test-cases/spa-pkts/spa2_md5.start | 1 + test/afl/test-cases/spa-pkts/spa2_sha256.start | 1 + test/afl/test-cases/spa-pkts/spa2_sha384.start | 1 + test/afl/test-cases/spa-pkts/spa2_sha512.start | 1 + test/afl/test-cases/spa-pkts/spa3.start | 1 - test/afl/test-cases/spa-pkts/spa3_md5.start | 1 + test/afl/test-cases/spa-pkts/spa3_sha256.start | 1 + test/afl/test-cases/spa-pkts/spa3_sha384.start | 1 + test/afl/test-cases/spa-pkts/spa3_sha512.start | 1 + 15 files changed, 12 insertions(+), 3 deletions(-) commit 3febc74c22a337795eea844d16dcb200842e2243 Author: Michael Rash Date: Thu Mar 19 22:34:45 2015 -0400 [test suite] extend digest lengths for SPA input packets test/afl/test-cases/spa-pkts/spa.start | 2 +- test/afl/test-cases/spa-pkts/spa2.start | 2 +- test/afl/test-cases/spa-pkts/spa3.start | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit 95ae8dd1fe494b9f68eb05bb2648ba58ff81f9f1 Author: Michael Rash Date: Thu Mar 19 22:20:26 2015 -0400 minor ChangeLog update ChangeLog | 2 ++ 1 file changed, 2 insertions(+) commit 40c695097ed73d566861ba69c7e812c702aeac7a Author: Michael Rash Date: Thu Mar 19 22:05:10 2015 -0400 added spa-pkts-2.6.5.59edf64 AFL test results file test/afl/results/spa-pkts-2.6.5.59edf64 | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) commit 59edf64d9cc507047d429ad02b71fc5ad3767878 Author: Michael Rash Date: Sat Mar 7 20:09:31 2015 -0800 [server] consolidate fw creation, add FORWARD_ALL functionality server/fw_util_firewalld.c | 271 ++++++++++++++++----------------------------- server/fw_util_firewalld.h | 1 + server/fw_util_iptables.c | 1 - 3 files changed, 97 insertions(+), 176 deletions(-) commit cfd1cbf2bfc023e92c92928aafd10ce074b3affa Author: Michael Rash Date: Sat Mar 7 19:45:50 2015 -0800 [server] minor macro usage update for 127.0.0.2 server/fw_util.h | 1 + server/fw_util_firewalld.h | 6 +++--- server/fw_util_iptables.h | 6 +++--- 3 files changed, 7 insertions(+), 6 deletions(-) commit 745a442f1830f9b4b36cf9657f518d67395530c4 Author: Michael Rash Date: Sat Mar 7 19:36:23 2015 -0800 [test suite] add AFL_HARDEN=1 to AFL compilation scripts test/afl/compile/afl-compile-no-enable-arg.sh | 2 +- test/afl/compile/afl-compile.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 26aceb9db6d4872960c37cf8d4e11e6bc912660e Author: Michael Rash Date: Sat Mar 7 19:12:39 2015 -0800 [test suite] add more rigorous multi-port tests with per-rule regex search criteria test/tests/rijndael.pl | 27 +++++++++++++++++++++++++++ test/tests/rijndael_hmac.pl | 16 ++++++++++++++++ 2 files changed, 43 insertions(+) commit 322ae853888b17f250125acd91942b0ed1ed9eea Author: Damien Stuart Date: Wed Feb 18 22:44:53 2015 -0500 Fixed a bug in configure.ac that did not allow specifying alternate firewall exe if firewall-cmd was found by configure. configure.ac | 80 +++++++++++++++++++++++++++++++----------------------------- 1 file changed, 42 insertions(+), 38 deletions(-) commit bf251034e3ac16a92fa2df59ce05c9cde2c13cc8 Author: Michael Rash Date: Wed Feb 18 19:37:37 2015 -0500 [server] bug fix to exclude pcap.h only in --enable-udp-server mode This commit fixes issue #143 on github reported by Coacher. The previous commit introduced a build time error for non UDP server mode as seen here: https://paste.kde.org/pkaxwobwr server/pcap_capture.c | 6 ++++-- server/process_packet.c | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) commit 1ce800446da6f22a802159dff7879bec52ce0ade Author: Michael Rash Date: Tue Feb 17 23:21:05 2015 -0800 [server] Bug fix to not include pcap.h in --enable-udp-server mode CREDITS | 4 ++++ ChangeLog | 5 +++++ server/pcap_capture.c | 3 +-- server/process_packet.c | 5 +++++ 4 files changed, 15 insertions(+), 2 deletions(-) commit 987455b902aef54090837ac1001c93ba094b84fe Author: Damien Stuart Date: Sat Feb 14 12:40:58 2015 -0500 Remove commented out entries from the client and server Makefile.am. client/Makefile.am | 5 ----- server/Makefile.am | 4 ---- 2 files changed, 9 deletions(-) commit b152d15970316f16272877c5c98b984c440acad8 Author: Damien Stuart Date: Sat Feb 14 12:29:30 2015 -0500 Refactored how the cunit tests are processed so "make dist" does not fail and builds with c-unit-tests enabled work on systems with firewalld (added fw_util_firewalld.c for server tests). client/Makefile.am | 4 ++ client/config_init.c | 3 +- common/Makefile.am | 10 +++- common/cunit_common.c | 50 +++++++++++++++++++ common/cunit_common.h | 52 ++++++++++---------- lib/Makefile.am | 8 +++- lib/cunit_common.c | 51 -------------------- server/Makefile.am | 7 ++- server/access.c | 4 +- test/c-unit-tests/Makefile.am | 108 ++++++++++++++++++++---------------------- 10 files changed, 156 insertions(+), 141 deletions(-) commit e8cfeaf77209e017c715963e07a49373e2db317a Merge: 6b7a3bb 1c81aef Author: Michael Rash Date: Sat Jan 17 09:11:29 2015 -0500 Merge pull request #142 from fjoncourt/c_unit_testing C unit testing - excellent, thank you Franck. I'll work on the relative path issue you mentioned as well. commit 6b7a3bbdae295c29a15a59385e637bd391858bc2 Author: Michael Rash Date: Sat Jan 17 08:38:32 2015 -0500 [server] Add FORWARD_ALL access.conf wildcard This is a significant commit that allows iptables firewalls to be used as an "SPA gateway" for all ports/protocols upon providing a valid SPA packet. Additional commits will be made to extend this capability, but this commit adds two new access.conf keywords: FORWARD_ALL and DISABLE_DNAT. These are used in conjunction to add ACCEPT rules for all ports/protocols in the FORWARD chain, and also disable DNAT rules at the same time. Then, by buildling the SNAT chain to provide translation for an internal network (where an SPA cliet is located), but DROP all forwarded traffic by default at the same time, SPA can be used to gain access to the internet. So, this would allow, say, an RFC 1918 internal network to have IP's assigned via DHCP but they wouldn't be able to access the internet before sending a SPA packet to the gateway. This scenario was suggested by spartan1833 to the fwknop list and tracked via github issue 131. Additional commits will be made to fully support this feature. common/common.h | 2 ++ server/access.c | 17 +++++++++++-- server/fw_util_iptables.c | 64 ++++++++++++++++++++++++++++++++++------------- server/fw_util_iptables.h | 1 + server/fwknopd_common.h | 7 +++--- 5 files changed, 67 insertions(+), 24 deletions(-) commit d148fb091a14d0cbbe5a5d61fc0b16d7e78364d5 Merge: 08bc935 4f94a05 Author: Michael Rash Date: Sat Jan 17 08:33:22 2015 -0500 Merge branch 'master' of https://github.com/mrash/fwknop commit 4f94a0584e84708c48502961392b1472bc92d827 Author: Michael Rash Date: Sat Jan 17 08:11:37 2015 -0500 [test suite] minor candidate big fix for readline on closed filehandle errors seen in GPG tests test/test-fwknop.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 08bc93579675b702c6a5ac56c227850298ee7735 Author: Michael Rash Date: Mon Jan 5 21:55:38 2015 -0500 [server] remove redundant mk_chain() calls server/fw_util_iptables.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) commit 1f9e939c950ee14653947140a0465fcb61ff7dd7 Author: Michael Rash Date: Mon Jan 5 21:37:09 2015 -0500 [server] consolidate iptables rule additions into a single ipt_rule() function server/fw_util_iptables.c | 255 ++++++++++++++-------------------------------- 1 file changed, 79 insertions(+), 176 deletions(-) commit 1c81aef39d426d7426ef07a692fb243e61e254b1 Author: Franck Joncourt Date: Wed Dec 31 09:51:08 2014 +0100 Fixed file permissions client/config_init.c | 0 client/config_init.h | 0 client/getpasswd.c | 0 client/getpasswd.h | 0 common/Makefile.am | 0 common/common.h | 0 configure.ac | 0 lib/Makefile.am | 0 lib/cunit_common.c | 0 server/Makefile.am | 0 server/access.c | 0 server/access.h | 0 server/fwknopd.c | 0 server/utils.c | 0 14 files changed, 0 insertions(+), 0 deletions(-) commit 29a5a9804d68395c10a176bd9baec1ecbe1a701a Author: Franck Joncourt Date: Tue Dec 30 20:49:14 2014 +0100 * Added libfko unit tests lib/fko_decode.c | 49 ++++++++++++++++- test/c-unit-tests/Makefile.am | 7 +-- test/c-unit-tests/README.md | 123 +++++++++++++++++++++++++++--------------- 3 files changed, 130 insertions(+), 49 deletions(-) commit 1ece9d022b0e4d13b03f879b74f54a7e3fdad231 Author: Michael Rash Date: Tue Dec 30 10:42:31 2014 -0500 [server] consolidate create_chain() and add_jump_rule() into a single function server/fw_util_firewalld.c | 52 ++++++++++++++++++---------------------------- server/fw_util_iptables.c | 52 ++++++++++++++++++---------------------------- 2 files changed, 40 insertions(+), 64 deletions(-) commit 620d31364e6984eb25ad2279fb4fd71fc33870ef Author: Franck Joncourt Date: Mon Dec 29 18:47:17 2014 +0100 * Removed duplicated entry in Makefile.am for libfko * Added c unit tests for fko (draft) * Updated c unit test README file. lib/Makefile.am | 2 +- lib/fko.h | 4 + lib/fko_decode.c | 23 +++ test/c-unit-tests/Makefile.am | 39 ++++- test/c-unit-tests/README.md | 341 +++++++++++++++++++++++------------------ test/c-unit-tests/fko_utests.c | 34 ++++ 6 files changed, 291 insertions(+), 152 deletions(-) commit cb13d84d489b2f9a43ec47e7ba2b72bd03789bca Author: Franck Joncourt Date: Mon Dec 29 13:25:01 2014 +0100 Use of subdir-objects libtool option. configure.ac | 2 +- test/c-unit-tests/Makefile.am | 52 ++++++++++++++++++++++++------------------- 2 files changed, 30 insertions(+), 24 deletions(-) commit 750fd97bda3a5f482ff2a41f6a534d40eed47b24 Author: Franck Joncourt Date: Mon Dec 29 11:45:30 2014 +0100 Allow to build without c unit test lib/cunit_common.c | 4 ++++ 1 file changed, 4 insertions(+) commit fdb3da0769be166ff73b4b7c8c4db710aec7356e Author: Franck Joncourt Date: Mon Dec 29 11:45:23 2014 +0100 Added README for c unit test test/c-unit-tests/README.md | 150 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) commit 526cae6464633696bc9241412b0bdb975bcabbd2 Author: Franck Joncourt Date: Sun Dec 28 23:55:52 2014 +0100 Fixed upper case test/c-unit-tests/fwknop_utests.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 5c3a7090148f824f1495594de6d789de6d60072b Merge: b7ecb33 bd0035a Author: Franck Joncourt Date: Sun Dec 28 23:24:15 2014 +0100 Merge branch 'c_unit_testing' of https://github.com/fjoncourt/fwknop into c_unit_testing Conflicts: client/config_init.c common/cunit_common.h lib/cunit_common.c server/access.c commit b7ecb3334ae7397b8ee73cb5e56666d326c16d63 Merge: 260cd54 2430f3a Author: Franck Joncourt Date: Sun Dec 28 15:00:24 2014 +0100 Merge upstream changes to our changes commit 2430f3ae80f90a2d9758beaab00620b42588d59f Author: Michael Rash Date: Mon Dec 22 09:22:39 2014 -0500 [test suite] added long running server-access AFL fuzzing results test/afl/results/plot-2.6.5.db8b5e4/exec_speed.png | Bin 0 -> 27214 bytes test/afl/results/plot-2.6.5.db8b5e4/high_freq.png | Bin 0 -> 22590 bytes test/afl/results/plot-2.6.5.db8b5e4/index.html | 10 +++++++++ .../afl/results/plot-2.6.5.db8b5e4/index.html.orig | 10 +++++++++ test/afl/results/plot-2.6.5.db8b5e4/low_freq.png | Bin 0 -> 10548 bytes test/afl/results/server-access-2.6.5.db8b5e4 | 25 +++++++++++++++++++++ 6 files changed, 45 insertions(+) commit 260cd5481b41384f802eaa4bd1a33824d751cf8f Author: Franck Joncourt Date: Sun Sep 7 20:33:39 2014 +0200 Use of init and cleanup functions for the test suite. client/config_init.c | 66 +++++++++++++++++++++++++++------------------------ common/cunit_common.h | 54 ++++++++++++++++++++++------------------- lib/cunit_common.c | 22 +++++++++-------- server/access.c | 36 ++++++++++++++-------------- 4 files changed, 95 insertions(+), 83 deletions(-) commit bd0035af1e1efa2d6b82f9be27bac075c69d9f52 Author: Franck Joncourt Date: Sun Sep 7 15:40:03 2014 +0200 Fixed tab vs spaces client/config_init.c | 58 ++++++++++++++++++------------------ common/common.h | 2 +- common/cunit_common.h | 44 ++++++++++++++-------------- lib/cunit_common.c | 60 +++++++++++++++++++------------------- server/access.c | 36 +++++++++++------------ test/c-unit-tests/fwknop_utests.c | 16 +++++----- test/c-unit-tests/fwknopd_utests.c | 18 ++++++------ 7 files changed, 117 insertions(+), 117 deletions(-) commit 32c5afae83ef38f34eae6ba1257a9043c0518487 Merge: 688f08c aae72a9 Author: Franck Joncourt Date: Sun Sep 7 15:24:59 2014 +0200 Merge remote-tracking branch 'upstream/master' into c_unit_testing commit 688f08c2a0378fb9afc9b9015a454ffdde6e969e Author: Franck Joncourt Date: Sun Aug 31 20:48:44 2014 +0200 Both the fwknop client and server have their own test suites tied to fwknop_utests and fwknopd_utests binaries. When profil coverage is enbaled, lcov filee are parsed by test-fwknop.pl and added to the main profil coverage report in the output directory. Running make from the main directory build the c-unit test suites if enabled. Makefile.am | 5 +++ client/config_init.c | 63 ++++++++++++++++++++------------------ client/getpasswd.c | 52 ------------------------------- client/getpasswd.h | 4 --- common/Makefile.am | 2 +- common/common.h | 11 +------ common/cunit_common.h | 31 +++++++++++++++++++ configure.ac | 4 ++- lib/Makefile.am | 3 +- lib/cunit_common.c | 45 +++++++++++++++++++++++++++ server/Makefile.am | 3 +- server/access.c | 35 +++++++++++++++++++++ server/access.h | 4 +++ server/fwknopd.c | 22 ------------- server/utils.c | 26 ++++++++++++++++ test/c-unit-tests/Makefile.am | 30 ++++++++++++++---- test/c-unit-tests/fko_utests.c | 37 ---------------------- test/c-unit-tests/fko_utests.h | 4 --- test/c-unit-tests/fwknop_utests.c | 35 +++++++++++++++++++++ test/c-unit-tests/fwknopd_utests.c | 35 +++++++++++++++++++++ test/test-fwknop.pl | 2 +- 21 files changed, 283 insertions(+), 170 deletions(-) commit 934d764159293ef93a3a5c382e94655922a0c658 Author: Franck Joncourt Date: Sun Aug 24 21:14:45 2014 +0200 Minor update. test/c-unit-tests/Makefile.am | 16 ++++++++-------- test/c-unit-tests/fko_utests.c | 9 ++++++--- test/c-unit-tests/fko_utests.h | 4 +--- 3 files changed, 15 insertions(+), 14 deletions(-) commit 306dd0f6852a383d0c4ba2ef17f73c411b75c6b9 Author: Franck Joncourt Date: Sun Aug 24 21:05:44 2014 +0200 First layout to add c unit testing support to fwknop. client/config_init.c | 57 ++++++++++++++++++++++++++++++++++++++++++ client/config_init.h | 4 +++ client/getpasswd.c | 52 ++++++++++++++++++++++++++++++++++++++ client/getpasswd.h | 4 +++ common/common.h | 15 +++++++++++ configure.ac | 16 ++++++++++++ test/c-unit-tests/Makefile.am | 16 ++++++++++++ test/c-unit-tests/fko_utests.c | 34 +++++++++++++++++++++++++ test/c-unit-tests/fko_utests.h | 6 +++++ 9 files changed, 204 insertions(+)