Navigation

← Previous Changeset
Next Changeset →

Changeset 1288

Timestamp:

10/05/08 23:32:10 (2 months ago)

Author:

mbr

Message:

added --Override-config

Files:

fwknop/trunk/CREDITS (modified) (1 diff)
fwknop/trunk/ChangeLog (modified) (1 diff)
fwknop/trunk/fwknopd (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

fwknop/trunk/CREDITS

r1275	r1288
172	172	- Bugfix for check_commands() to ensure that proper include/exclude
173	173	criteria for incoming hash refs is performed.
	174	- Suggested the --Override-config command line argument on the fwknopd
	175	command line so that normal config variables from the
	176	/etc/fwknop/fwknop.conf file can be superseded with values from the
	177	specified file(s). Multiple files can be given as a comma-separated
	178	list.
174	179
175	180	Jose Luis Bellido

fwknop/trunk/ChangeLog

r1284	r1288
1	1	fwknop-1.9.9 (10//2008):
2		- Added --Dump-conf to fwknopd (suggested by Franck Joncourt).
3		- Added execution of --Dump-conf to the test suite to collect the
	2	- Added --Override-config to fwknopd (suggested by Franck Joncourt) to
	3	allow config variables in the normal /etc/fwknop/fwknop.conf file to be
	4	superseded by values from other specified files. The --Override-config
	5	command line argument accepts a comma-separated list of multiple files
	6	from which to import configuration variables from.
	7	- Added --Dump-config to fwknopd (suggested by Franck Joncourt).
	8	- Added execution of --Dump-config to the test suite to collect the
4	9	installed version of the fwknop.conf and access.conf files (personal
5	10	information is anonymized).
6		- Added time stamps to MSG and TEST lines for each test (useful to see the
7		relative time if an alarm expires).
	11	- (Test suite): Added time stamps to MSG and TEST lines for each test
	12	(useful to see the relative time if an alarm expires).
	13	- (Test suite): Added tests for fwknopd --Override-config, --Dump-config,
	14	and writing SPA packets to disk with the --Save-packet functionality (in
	15	the fwknop client).
8	16
9	17	fwknop-1.9.8 (09/30/2008):

fwknop/trunk/fwknopd

r1285	r1288
63	63
64	64	my %config = ();
	65	my $override_config_str = '';
	66	my @override_configs = ();
65	67	my %cmds = ();
66	68	my %p0f = ();
…	…
3892	3894	}
3893	3895
	3896	sub import_override_configs() {
	3897	my @override_configs = split /,/, $override_config_str;
	3898	for my $file (@override_configs) {
	3899	die "[*] Override config file $file does not exist"
	3900	unless -e $file;
	3901	&import_config($file);
	3902	}
	3903	return;
	3904	}
	3905
3894	3906	sub import_config() {
3895	3907	my $config_file = shift;
…	…
3904	3916	my $varname = $1;
3905	3917	my $val = $2;
3906		if ($val =~ m\|/.+\| && $varname =~ /^(\w+)Cmd$/) {
	3918	if ($val =~ m\|/.+\| and $varname =~ /^(\w+)Cmd$/) {
3907	3919	### found a command
3908		$cmds{$1} = $val;
	3920	$cmds{$1} = $val unless defined $cmds{$1};
3909	3921	} else {
3910		$config{$varname} = $val;
	3922	$config{$varname} = $val unless defined $config{$varname};
3911	3923	}
3912	3924	}
…	…
4110	4122	'Restart' => \$restart,
4111	4123	'Status' => \$status,
	4124	'Override-config=s' => \$override_config_str,
4112	4125	'Linux-cooked-intf' => \$PCAP_COOKED_INTF,
4113	4126	'Include-all-config' => \$include_all_config_data,
…	…
4306	4319
4307	4320	sub fwknop_init() {
	4321
	4322	### import any override config files first
	4323	&import_override_configs() if $override_config_str;
4308	4324
4309	4325	### import config
…	…
5457	5473
5458	5474	Options:
5459		-c, --config <file> - Specify path to config file instead of
5460		using the default $config_file.
5461		-a, --access-conf <file> - Specify path to access.conf file.
5462		-o, --os - Parse iptables logs and fingerprint
5463		operating systems from which tcp SYN
5464		packets have been logged.
5465		-i, --intf <interface> - Manually specify interface on which to
5466		sniff.
5467		--fw-log <file> - Specify path to iptables logfile. This
5468		is used only when running in --os mode.
5469		--fw-list - List all active fwknop firewall rules.
5470		--fw-flush - Flush all active fwknop firewall rules.
5471		--fw-del-chains - Delete all fwknop iptables chains (must
5472		also use --fw-flush).
5473		--fw-del-ip <IP> - Delete <IP> accept or pass rules from the
5474		firewall policy.
5475		--fw-type <ipfw\|iptables> - Manually specify the firewall type from
5476		the command line (usually only used by
5477		the fwknop test suite).
5478		-C, --Count <num> - Exit after processing <num> SPA packets.
5479		-K, --Kill - Kill all running fwknopd processes.
5480		-R, --Restart - Restart all running fwknopd processes.
5481		-S, --Status - Displays the status of any
5482		currently running fwknopd processes.
5483		--gpg-agent-info <info> - Specify the value for the GPG_AGENT_INFO
5484		environment variable as returned by
5485		'gpg-agent --daemon'.
5486		--gpg-no-options - In GnuPG mode, instruct GnuPG to not use
5487		the local ~/.gnupg/options file for config
5488		parameters.
5489		-T, --Test-mode - Run in testing mode for compatibility
5490		with the fwknop test suite (sets the
5491		PCAP_FILTER var to a standard default).
5492		-I, --Include-all-config - Show all configuration data (including
5493		key information) when running in --debug
5494		and --verbose mode.
5495		--Linux-cooked-intf - Force fwknopd to assume that the sniffing
5496		interface is a "Linux Cooked" interface.
5497		This is useful when fwknopd uses a version
5498		of Net::Pcap that does not implement the
5499		pcap_datalink_val_to_name() function or
5500		have the pcap_datali.al file.
5501		--Lib-dir <path> - Path to the perl modules directory (not
5502		usually necessary).
5503		-d, --debug - Run fwknopd in debugging mode.
5504		--locale <locale> - Manually define a locale setting.
5505		--no-locale - Don't set the locale to anything (the
5506		default is the "C" locale from the LOCALE
5507		variable in the fwknop.conf file).
5508		-v, --verbose - Verbose mode.
5509		-V, --Version - Display version and exit.
5510		-h, --help - Print help and exit.
	5475	-c, --config <file> - Specify path to config file instead of
	5476	using the default path:
	5477	$config_file
	5478	-a, --access-conf <file> - Specify path to access.conf file.
	5479	-i, --intf <interface> - Manually specify interface on which to
	5480	sniff.
	5481	-T, --Test-mode - Run in testing mode for compatibility
	5482	with the fwknop test suite (sets the
	5483	PCAP_FILTER var to a standard default).
	5484	--fw-list - List all active fwknop firewall rules.
	5485	--fw-flush - Flush all active fwknop firewall rules.
	5486	--fw-del-chains - Delete all fwknop iptables chains (must
	5487	also use --fw-flush).
	5488	--fw-del-ip <IP> - Delete <IP> accept or pass rules from the
	5489	firewall policy.
	5490	--fw-type <ipfw\|iptables> - Manually specify the firewall type from
	5491	the command line (usually only used by
	5492	the fwknop test suite).
	5493	-C, --Count <num> - Exit after processing <num> SPA packets.
	5494	-O, --Override-config <str> - Allow config variables from the normal
	5495	$config_file to be superseded with values
	5496	from the specified file(s).
	5497	-K, --Kill - Kill all running fwknopd processes.
	5498	-R, --Restart - Restart all running fwknopd processes.
	5499	-S, --Status - Displays the status of any
	5500	currently running fwknopd processes.
	5501	--gpg-agent-info <info> - Specify the value for the GPG_AGENT_INFO
	5502	environment variable as returned by
	5503	'gpg-agent --daemon'.
	5504	--gpg-no-options - In GnuPG mode, instruct GnuPG to not use
	5505	the local ~/.gnupg/options file for config
	5506	parameters.
	5507	-I, --Include-all-config - Show all configuration data (including
	5508	key information) when running in --debug
	5509	and --verbose mode.
	5510	--Linux-cooked-intf - Force fwknopd to assume that the sniffing
	5511	interface is a "Linux Cooked" interface.
	5512	This is useful when fwknopd uses a version
	5513	of Net::Pcap that does not implement the
	5514	pcap_datalink_val_to_name() function or
	5515	have the pcap_datali.al file.
	5516	-o, --os - Parse iptables logs and fingerprint
	5517	operating systems from which tcp SYN
	5518	packets have been logged.
	5519	--fw-log <file> - Specify path to iptables logfile. This
	5520	is used only when running in --os mode.
	5521	--Lib-dir <path> - Path to the perl modules directory (not
	5522	usually necessary).
	5523	-d, --debug - Run fwknopd in debugging mode.
	5524	--locale <locale> - Manually define a locale setting.
	5525	--no-locale - Don't set the locale to anything (the
	5526	default is the "C" locale from the LOCALE
	5527	variable in the fwknop.conf file).
	5528	-v, --verbose - Verbose mode.
	5529	-V, --Version - Display version and exit.
	5530	-h, --help - Print help and exit.
5511	5531	_HELP_
5512	5532

Navigation

Changeset 1288

Legend:

fwknop/trunk/CREDITS

fwknop/trunk/ChangeLog

fwknop/trunk/fwknopd

Download in other formats: