Changeset 1231
- Timestamp:
- 08/23/08 23:39:15 (3 months ago)
- Files:
-
- fwknop/trunk/ChangeLog (modified) (1 diff)
- fwknop/trunk/fwknop (modified) (4 diffs)
- fwknop/trunk/fwknop.conf (modified) (1 diff)
- fwknop/trunk/fwknopd (modified) (3 diffs)
- fwknop/trunk/test/conf/blacklist_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/default_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/filter_62203_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/forward_chain_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/md5_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/no_local_nat_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/no_promisc_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/output_chain_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/pcap_file_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/pk_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/rand_port_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/sha1_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/sha256_fwknop.conf (modified) (1 diff)
- fwknop/trunk/test/conf/spa_aging_fwknop.conf (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
fwknop/trunk/ChangeLog
r1226 r1231 32 32 This fixes a problem reported by Mike Holzmann where the 'encrypt-to' 33 33 option in the default options file was causing SPA packets to exceed 34 1500 bytes when encrypted with a 2048-bit GnuPG key. 34 1500 bytes when encrypted with a 2048-bit GnuPG key. Also added the 35 MAX_SNIFF_BYTES to the fwknop.conf file and --Max-packet-size to the 36 fwknop command line to alter the default of 1500 bytes if needed (but 37 this shouldn't really be necessary). 35 38 - Bugfix for 'Premature end of base64 data' and 'Premature padding of 36 39 base64 data' warning messages from MIME::Base64 errors. Now fwknopd fwknop/trunk/fwknop
r1225 r1231 90 90 my $use_gpg_agent = 0; 91 91 my $max_msg_len = 1500; 92 my $max_resolve_http_recv = 1500; 92 93 my $gpg_verbose = 0; 93 94 my $gpg_no_options = 0; … … 1255 1256 "Accept: */*\r\n", 1256 1257 "Connection: Keep-Alive\r\n\r\n"; 1257 recv($sock, my $web_data, 1500, 0);1258 recv($sock, my $web_data, $max_resolve_http_recv, 0); 1258 1259 close $sock; 1259 1260 $web_data =~ s/[^\w\.]/ /g; … … 1616 1617 'NAT-local' => \$NAT_local, 1617 1618 'NAT-access=s' => \$NAT_access_str, 1619 'Max-packet-size=i' => \$max_msg_len, 1620 'Max-resolve-http-size=i' => \$max_resolve_http_recv, 1618 1621 'Source-port=i' => \$client_src_port, 1619 1622 'Spoof-user=s' => \$spoof_username, … … 2003 2006 -r, --rotate-proto - Rotate protocol (tcp and udp only) for 2004 2007 encrypted sequences. 2008 --Max-packet-size <bytes> - Maximum size of outbound SPA packets - the 2009 default is $max_msg_len bytes. 2005 2010 --offset <port> - Specify port offset to use when run in 2006 2011 --encrypt knock mode. The default is fwknop/trunk/fwknop.conf
r1152 r1231 135 135 ENABLE_VOLUNTARY_EXITS N; 136 136 EXIT_INTERVAL 1440; ### minutes (1 day) 137 138 ### Specify the the maximum number of bytes to sniff per frame - 1500 139 ### is a good default 140 MAX_SNIFF_BYTES 1500; 137 141 138 142 ### Flush all existing rules in the fwknop chains at fwknop start time. fwknop/trunk/fwknopd
r1229 r1231 475 475 my $enc_msg_len = 0; 476 476 $enc_msg_len = length($transport_data); 477 if (10 < $enc_msg_len and $enc_msg_len < 1500) {477 if (10 < $enc_msg_len and $enc_msg_len < $config{'MAX_SNIFF_BYTES'}) { 478 478 print STDERR localtime() . " [+] Data len: $enc_msg_len bytes\n" 479 479 if $debug; … … 1622 1622 "from interface: $config{'PCAP_INTF'}\n" if $debug; 1623 1623 $pcap_t = Net::Pcap::open_live($config{'PCAP_INTF'}, 1624 1500, 1, 100, \$err) or die "[*] Could not open ",1625 "$config{'PCAP_INTF'}: $!";1624 $config{'MAX_SNIFF_BYTES'}, 1, 100, \$err) 1625 or die "[*] Could not open $config{'PCAP_INTF'}: $!"; 1626 1626 } else { 1627 1627 print STDERR localtime() . " [+] Sniffing (non-promisc) packet ", 1628 1628 "data from interface: $config{'PCAP_INTF'}\n" if $debug; 1629 1629 $pcap_t = Net::Pcap::open_live($config{'PCAP_INTF'}, 1630 1500, 0, 100, \$err) or die "[*] Could not open ",1631 "$config{'PCAP_INTF'}: $!";1630 $config{'MAX_SNIFF_BYTES'}, 0, 100, \$err) 1631 or die "[*] Could not open $config{'PCAP_INTF'}: $!"; 1632 1632 } 1633 1633 } … … 5212 5212 SNAT_TRANSLATE_IP PROC_IP_FORWARD_FILE ENABLE_PROC_IP_FORWARD 5213 5213 MIN_SPA_PKT_LEN ENABLE_IPT_LOCAL_NAT LOCALE ENABLE_SYSLOG_FILE 5214 IPT_SYSLOG_FILE FWKNOP_MOD_DIR 5214 IPT_SYSLOG_FILE FWKNOP_MOD_DIR MAX_SNIFF_BYTES 5215 5215 ) { 5216 5216 die "[*] Required variable $var is not defined in $config_file" fwknop/trunk/test/conf/blacklist_fwknop.conf
r1230 r1231 34 34 ENABLE_VOLUNTARY_EXITS N; 35 35 EXIT_INTERVAL 1440; ### minutes 36 MAX_SNIFF_BYTES 1500; 36 37 FLUSH_IPT_AT_INIT Y; 37 38 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/default_fwknop.conf
r1230 r1231 34 34 ENABLE_VOLUNTARY_EXITS N; 35 35 EXIT_INTERVAL 1440; ### minutes 36 MAX_SNIFF_BYTES 1500; 36 37 FLUSH_IPT_AT_INIT Y; 37 38 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/filter_62203_fwknop.conf
r1230 r1231 31 31 ENABLE_VOLUNTARY_EXITS N; 32 32 EXIT_INTERVAL 1440; ### minutes 33 MAX_SNIFF_BYTES 1500; 33 34 FLUSH_IPT_AT_INIT Y; 34 35 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/forward_chain_fwknop.conf
r1230 r1231 33 33 ENABLE_VOLUNTARY_EXITS N; 34 34 EXIT_INTERVAL 1440; ### minutes 35 MAX_SNIFF_BYTES 1500; 35 36 FLUSH_IPT_AT_INIT Y; 36 37 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/md5_fwknop.conf
r1230 r1231 34 34 ENABLE_VOLUNTARY_EXITS N; 35 35 EXIT_INTERVAL 1440; ### minutes 36 MAX_SNIFF_BYTES 1500; 36 37 FLUSH_IPT_AT_INIT Y; 37 38 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/no_local_nat_fwknop.conf
r1230 r1231 34 34 ENABLE_VOLUNTARY_EXITS N; 35 35 EXIT_INTERVAL 1440; ### minutes 36 MAX_SNIFF_BYTES 1500; 36 37 FLUSH_IPT_AT_INIT Y; 37 38 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/no_promisc_fwknop.conf
r1230 r1231 34 34 ENABLE_VOLUNTARY_EXITS N; 35 35 EXIT_INTERVAL 1440; ### minutes 36 MAX_SNIFF_BYTES 1500; 36 37 FLUSH_IPT_AT_INIT Y; 37 38 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/output_chain_fwknop.conf
r1230 r1231 34 34 ENABLE_VOLUNTARY_EXITS N; 35 35 EXIT_INTERVAL 1440; ### minutes 36 MAX_SNIFF_BYTES 1500; 36 37 FLUSH_IPT_AT_INIT Y; 37 38 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/pcap_file_fwknop.conf
r1230 r1231 33 33 ENABLE_VOLUNTARY_EXITS N; 34 34 EXIT_INTERVAL 1440; ### minutes 35 MAX_SNIFF_BYTES 1500; 35 36 FLUSH_IPT_AT_INIT Y; 36 37 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/pk_fwknop.conf
r1230 r1231 34 34 ENABLE_VOLUNTARY_EXITS N; 35 35 EXIT_INTERVAL 1440; ### minutes 36 MAX_SNIFF_BYTES 1500; 36 37 FLUSH_IPT_AT_INIT Y; 37 38 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/rand_port_fwknop.conf
r1230 r1231 31 31 ENABLE_VOLUNTARY_EXITS N; 32 32 EXIT_INTERVAL 1440; ### minutes 33 MAX_SNIFF_BYTES 1500; 33 34 FLUSH_IPT_AT_INIT Y; 34 35 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/sha1_fwknop.conf
r1230 r1231 34 34 ENABLE_VOLUNTARY_EXITS N; 35 35 EXIT_INTERVAL 1440; ### minutes 36 MAX_SNIFF_BYTES 1500; 36 37 FLUSH_IPT_AT_INIT Y; 37 38 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/sha256_fwknop.conf
r1230 r1231 34 34 ENABLE_VOLUNTARY_EXITS N; 35 35 EXIT_INTERVAL 1440; ### minutes 36 MAX_SNIFF_BYTES 1500; 36 37 FLUSH_IPT_AT_INIT Y; 37 38 IPFW_RULE_NUM 1; fwknop/trunk/test/conf/spa_aging_fwknop.conf
r1230 r1231 34 34 ENABLE_VOLUNTARY_EXITS N; 35 35 EXIT_INTERVAL 1440; ### minutes 36 MAX_SNIFF_BYTES 1500; 36 37 FLUSH_IPT_AT_INIT Y; 37 38 IPFW_RULE_NUM 1;
