Changeset 1112

Show
Ignore:
Timestamp:
06/02/08 23:30:10 (6 months ago)
Author:
mbr
Message:

merged -r 1109:1111 from file:///home/mbr/svn/fwknop_repos/fwknop/tags/fwknop-1.9.4

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • fwknop/trunk/ChangeLog

    r1106 r1112  
    5353    - Updated the install.pl script to try to determine the OS type as early 
    5454      as possible during the install process. 
    55     - Added the MIN_SPA_PKT_LEN variable with 160 (bytes) as the default. 
     55    - Added the MIN_SPA_PKT_LEN variable with 150 (bytes) as the default. 
    5656      This allows fwknopd to ignore packets that are not at least this many 
    5757      bytes (including packet headers) before any decryption attempt is made. 

  • fwknop/trunk/fwknop

    r1106 r1112  
    102102my $pcap_sleep_interval  = 1;  ### seconds 
    103103my $knock_dst_pre_resolve = ''; 
     104my $selected_random_nat_port = 0; 
    104105my $rand_port     = 0;  ### for SPA packet destination port 
    105106my $NAT_rand_port = 0;  ### for randomized access based on 
     
    330331 
    331332if ($NAT_local and not $NAT_access_str) { 
    332     $NAT_access_str = "$knock_dst,55000"; 
    333     print 
    334 "[-] Requesting NAT support for port 55,000; use --NAT-rand-port for a\n", 
     333    if ($NAT_rand_port) { 
     334        my $rand_port = &rand_port(); 
     335        $NAT_access_str = "$knock_dst,$rand_port"; 
     336        print "[+] Requesting NAT access for randomized port: $rand_port\n"; 
     337        $selected_random_nat_port = 1; 
     338    } else { 
     339        $NAT_access_str = "$knock_dst,55000"; 
     340        print 
     341"[+] Requesting NAT support for port 55,000; use --NAT-rand-port for a\n", 
    335342"    random port.\n"; 
     343    } 
    336344} 
    337345 
     
    15991607    if ($NAT_rand_port) { 
    16001608 
    1601         $NAT_access_str =~ s/,\d+$//; 
    1602         $NAT_access_str =~ s/:\d+$//; 
    1603  
    1604         unless ($NAT_access_str =~ /^$ip_re$/) { 
    1605             die "[*] Must specify '<internal_IP>'"; 
    1606         } 
    1607  
    1608         ### append a random destination port (between 10,000 
    1609         ### and 65535); this is the port number that will be 
    1610         ### used on the SSH command line 
    1611         $NAT_access_str .= ',' . &rand_port(); 
     1609        unless ($selected_random_nat_port) { 
     1610            $NAT_access_str =~ s/,\d+$//; 
     1611            $NAT_access_str =~ s/:\d+$//; 
     1612 
     1613            unless ($NAT_access_str =~ /^$ip_re$/) { 
     1614                die "[*] Must specify '<internal_IP>'"; 
     1615            } 
     1616 
     1617            ### append a random destination port (between 10,000 
     1618            ### and 65535); this is the port number that will be 
     1619            ### used on the SSH command line 
     1620            $NAT_access_str .= ',' . &rand_port(); 
     1621        } 
    16121622 
    16131623    } else { 

  • fwknop/trunk/fwknop.conf

    r1099 r1112  
    218218### Default minimum for any SPA packet (including both the data link, 
    219219### network, and transport layer headers) 
    220 MIN_SPA_PKT_LEN             160; 
     220MIN_SPA_PKT_LEN             150; 
    221221 
    222222### Default minimum message size SPA messages encrypted with GnuPG. The