Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ipv6rebased #309

Open
wants to merge 86 commits into
base: master
Choose a base branch
from
+1,134 −492
Open

Ipv6rebased #309

Changes from 1 commit
Commits
Show all changes
86 commits
Select commit Hold shift + click to select a range
6d65f1d
Use INET_ADDRSTRLEN instead of hardcoding it
bastien-roucaries Apr 4, 2020
4c73258
Let IPs resolve using getaddrinfo
khorben Jun 12, 2018
94bed23
Factorize IP resolution between http and https
bastien-roucaries Apr 4, 2020
03e1c20
Be more consistent when creating ~/.fwknoprc
khorben Jun 12, 2018
de84936
Improve IPV4 min length by using strlen
bastien-roucaries Apr 4, 2020
2dc902b
Let IPs resolve to IPv6 addresses
khorben Jun 12, 2018
5d8e6cf
Allow ipv6 for resolving url
bastien-roucaries Apr 4, 2020
0ab6173
Let IPs resolve to IPv6 addresses
khorben Jun 12, 2018
5a53b3b
Also catch the IPv6 version of INADDR_ANY
khorben Jun 12, 2018
8cc8908
Migrate is_valid_ipv4_addr() to a more generic function
khorben Jun 12, 2018
2754326
Implement is_valid_ip_addr() with getaddrinfo()
khorben Jun 12, 2018
22aa677
Give have_allow_ip() a chance to allow IPv6
khorben Jun 12, 2018
d5ef047
Allow connecting to remote IPv6 hosts for TCP or UDP
khorben Jun 14, 2018
a8aa02d
Use uppercase to log "IP"
khorben Jun 14, 2018
cef18b7
Also check for <netinet/ip6.h> and <netinet/icmp6.h>
khorben Jun 14, 2018
43dc125
Rework the network listening routine
khorben Jun 15, 2018
508c9f3
Rework the network listening routine some more
khorben Jun 15, 2018
47f2309
Code cleanup
khorben Jun 15, 2018
00a4914
Also include <netinet/ip6.h> where relevant
khorben Jun 15, 2018
9b9af40
Protect some more headers for inclusion
khorben Jun 15, 2018
c69c44e
Add support for receiving SPA messages over IPv6
khorben Jun 15, 2018
73de567
Interpret incoming addresses according to their family
khorben Jun 26, 2018
1dc74a1
Let access list stanzas be defined in IPv6
khorben Jun 26, 2018
b3ea4ab
Typo
khorben Jun 26, 2018
43d1b4a
Typo
khorben Jun 26, 2018
429ad67
Constify
khorben Jul 9, 2018
f2db271
Use a more appropriate type for sd_len
khorben Jul 9, 2018
c489d83
Allow access control "ANY" with any protocol family
khorben Jul 9, 2018
65cbaf5
Use AF_INET instead of PF_INET
khorben Jul 9, 2018
b846b35
Use sizeof() instead of re-using hard-coded values
khorben Jul 9, 2018
a4e25b2
Use sizeof() instead of re-using hard-coded values
khorben Jul 9, 2018
b1e637b
Use a constant for AF_INET
khorben Jul 9, 2018
f6bc375
Use /usr/bin/env to locate perl
khorben Jul 10, 2018
4aac32d
Rework IPv6 support when comparing addresses
khorben Jul 10, 2018
f3a2e8d
Fix processing command-line arguments with whitespace
khorben Jul 10, 2018
f956217
Set the address family for incoming SPA over UDP
khorben Jul 10, 2018
8f64afb
Specify the family at run-time for TCP/UDP servers
khorben Jul 10, 2018
7dfe143
Add IPv6 support to the plain UDP and TCP servers
khorben Jul 10, 2018
b18c82c
Constify
khorben Jul 17, 2018
2170845
Terminate IPs resolved externally as expected
khorben Jul 17, 2018
e23c081
Prepare access stanzas for more address families
khorben Jul 18, 2018
885ac36
Use the correct offset for inet_ntop()
khorben Jul 18, 2018
0fe28e5
Simplify the calculation of pkt_data_len
khorben Jul 18, 2018
fa5a2a5
Correct the packet length calculation with IPv6
khorben Jul 18, 2018
9ae3f8d
Fix some issues with TCP over IPv6
khorben Jul 18, 2018
776c7ea
Begin to allow IPv6 addresses in source stanzas
khorben Jul 24, 2018
b17288a
Add a command-line option to enable IPv6 (TCP/UDP)
khorben Jul 27, 2018
e2dad97
Optimize moot variable initialization away
khorben Jul 27, 2018
3cb8025
Fix the build on Linux (iptables)
khorben Jul 27, 2018
dd927b3
Fix the build with firewalld
khorben Jul 27, 2018
2157346
Update the manual page for the -6 option (--ipv6)
khorben Jul 30, 2018
5a24a63
Support further address families in the future
khorben Aug 6, 2018
cb3aa68
Verify if the protocol family matches incoming packets
khorben Aug 6, 2018
f3db1b3
Do not use INADDR_ANY for default ports
khorben Aug 6, 2018
e90822b
Check for errors from inet_addr() with INADDR_NONE
khorben Aug 6, 2018
6ce6464
Fix build with NFQ enabled
khorben Aug 7, 2018
c2703e4
Allow the longest possible IPv6 address in sources
khorben Aug 7, 2018
38d7931
Add a configuration variable for IPv6 firewall binaries
khorben Aug 8, 2018
021c6b4
Add the fw_command6 member to the right struct fw_config
khorben Aug 8, 2018
972b2e7
Initialize the configuration for ip6tables as well
khorben Aug 8, 2018
50661f6
Add IPv6 support to --fw-list{,all}
khorben Aug 8, 2018
5784487
Update a comment
khorben Aug 8, 2018
7217e45
Add preliminary support for IPv6 with iptables
khorben Aug 8, 2018
ff4ea85
Code cleanup
khorben Aug 8, 2018
6cbe8f3
Fix a couple more uses of ctype(3)
khorben Aug 8, 2018
da6f1c9
Provide enough space to resolve IPv6 addresses
khorben Aug 8, 2018
98b367a
Remove support for IPv6 for rules shared with IPv4
khorben Aug 8, 2018
4369eea
Add support for rule expiration with IPv6
khorben Aug 8, 2018
c899fcb
Revert "Remove support for IPv6 for rules shared with IPv4"
khorben Aug 8, 2018
fc5d908
Code cleanup
khorben Aug 12, 2018
a8c8a0d
Default to IPv6 rules when listening on IPv6
khorben Aug 12, 2018
9ae09ed
Remove useless code
khorben Aug 12, 2018
2ff082c
Resolve hostnames to IPv6 addresses in IPv6 mode
khorben Aug 12, 2018
1a020c6
Re-indent
khorben Aug 12, 2018
9633a26
Only support IPv4 on Windows
khorben Aug 12, 2018
f1b8181
Code cleanup
khorben Aug 12, 2018
d83e45a
Use "::" for matching any address for IPv6 rules
khorben Aug 15, 2018
7929e3a
No longer accept colon (":") as port separator
khorben Aug 15, 2018
09b520b
Fix DNAT with IPv6
khorben Aug 15, 2018
c3db6be
Use "::/0" for IPT_ANY_IPV6
khorben Aug 16, 2018
0d28bae
Port src_dst_check() to IPv6
khorben Aug 16, 2018
a9ed5d6
Also output the value obtained for ip6tables
khorben Aug 22, 2018
26c1da6
Complete the check and search for ip6tables
khorben Aug 24, 2018
040459d
[test suite] start on IPv6 tests
mrash Sep 2, 2018
9c5069e
[test suite] first working IPv6 complete cycle test
mrash Sep 2, 2018
2f98e06
add IPv6 UDP server test, and IPv6 invalid destination test
mrash Oct 20, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Specify the family at run-time for TCP/UDP servers 
This is still using IPv4 by default for the moment.
@khorben @bastien-roucaries
khorben authored and bastien-roucaries committed Apr 4, 2020
commit 8f64afb02af1cb8256ed206fa97bea75446c6766
4 changes: 2 additions & 2 deletions server/fwknopd.c
View file
Original file line number Diff line number Diff line change
@@ -259,7 +259,7 @@ main(int argc, char **argv)
if(opts.enable_udp_server ||
strncasecmp(opts.config[CONF_ENABLE_UDP_SERVER], "Y", 1) == 0)
{
if(run_udp_server(&opts) < 0)
if(run_udp_server(&opts, AF_INET) < 0)
{
log_msg(LOG_ERR, "Fatal run_udp_server() error");
clean_exit(&opts, FW_CLEANUP, EXIT_FAILURE);
@@ -280,7 +280,7 @@ main(int argc, char **argv)
*/
if(strncasecmp(opts.config[CONF_ENABLE_TCP_SERVER], "Y", 1) == 0)
{
if(run_tcp_server(&opts) < 0)
if(run_tcp_server(&opts, AF_INET) < 0)
{
log_msg(LOG_ERR, "Fatal run_tcp_server() error");
clean_exit(&opts, FW_CLEANUP, EXIT_FAILURE);
2 changes: 1 addition & 1 deletion server/pcap_capture.c
View file
Original file line number Diff line number Diff line change
@@ -211,7 +211,7 @@ pcap_capture(fko_srv_options_t *opts)

/* Attempt to restart tcp server ? */
usleep(1000000);
run_tcp_server(opts);
run_tcp_server(opts, AF_INET);
}
}

3 changes: 1 addition & 2 deletions server/tcp_server.c
View file
Original file line number Diff line number Diff line change
@@ -51,9 +51,8 @@
* the child process or -1 if there is a fork error.
*/
int
run_tcp_server(fko_srv_options_t *opts)
run_tcp_server(fko_srv_options_t *opts, int family)
{
const int family = AF_INET;
#if !CODE_COVERAGE
pid_t pid, ppid;
#endif
2 changes: 1 addition & 1 deletion server/tcp_server.h
View file
Original file line number Diff line number Diff line change
@@ -32,7 +32,7 @@

/* Function prototypes
*/
int run_tcp_server(fko_srv_options_t *opts);
int run_tcp_server(fko_srv_options_t *opts, int family);

#endif /* TCP_SERVER_H */

3 changes: 1 addition & 2 deletions server/udp_server.c
View file
Original file line number Diff line number Diff line change
@@ -50,9 +50,8 @@
#include <sys/select.h>

int
run_udp_server(fko_srv_options_t *opts)
run_udp_server(fko_srv_options_t *opts, int family)
{
const int family = AF_INET;
int s_sock, sfd_flags, selval, pkt_len;
int rv=1, chk_rm_all=0;
fd_set sfd_set;
2 changes: 1 addition & 1 deletion server/udp_server.h
View file
Original file line number Diff line number Diff line change
@@ -32,7 +32,7 @@

/* Function prototypes
*/
int run_udp_server(fko_srv_options_t *opts);
int run_udp_server(fko_srv_options_t *opts, int family);

#endif /* UDP_SERVER_H */