Nikos Mavrogiannopoulos
96a7f04237
doc update
2013-05-23 16:06:20 +02:00
Nikos Mavrogiannopoulos
2d4ac0bb3a
updated seccomp code
2013-05-22 20:16:07 +02:00
Nikos Mavrogiannopoulos
81dca4ccdc
more verbose printing of signal deaths
2013-05-22 16:21:33 +02:00
Nikos Mavrogiannopoulos
3271674773
simplified seccomp check
2013-05-22 16:08:27 +02:00
Nikos Mavrogiannopoulos
eb90dd78e3
use strtok() to parse client provided string.
2013-05-21 23:51:38 +02:00
Nikos Mavrogiannopoulos
489e0e1dc5
require gnutls 3.2.1 to enable salsa20
2013-05-21 23:38:03 +02:00
Nikos Mavrogiannopoulos
8ed0006c22
relax check on requirement on headers for libopts.
2013-05-21 22:41:57 +02:00
Nikos Mavrogiannopoulos
c723c70a3d
more files to ignore
2013-05-20 11:22:10 +02:00
Nikos Mavrogiannopoulos
b3cdd31dca
Added missing file
2013-05-20 11:03:50 +02:00
Nikos Mavrogiannopoulos
1519c0e4de
updated header
2013-05-20 11:03:26 +02:00
Nikos Mavrogiannopoulos
8b21699089
updated license information
2013-05-20 11:03:08 +02:00
Nikos Mavrogiannopoulos
e5fd319026
emulate gettime
2013-05-20 11:01:29 +02:00
Nikos Mavrogiannopoulos
7eef598a29
updated gnulib
2013-05-20 10:56:54 +02:00
Nikos Mavrogiannopoulos
3b158b19b4
doc fix
2013-05-19 20:08:02 +02:00
Nikos Mavrogiannopoulos
026c31e72a
do not restrict worker's memory
2013-05-19 19:05:13 +02:00
Nikos Mavrogiannopoulos
f803b2bdf6
estream ciphersuite was given priority
2013-05-19 14:10:08 +02:00
Nikos Mavrogiannopoulos
dac888f1f5
increased priority
2013-05-19 11:53:01 +02:00
Nikos Mavrogiannopoulos
d98a9c48c2
print DTLS ciphersuite
2013-05-19 11:24:00 +02:00
Nikos Mavrogiannopoulos
d568b4f920
doc update
2013-05-18 22:46:35 +02:00
Nikos Mavrogiannopoulos
5646c055a1
added missing files.
2013-05-18 17:29:10 +02:00
Nikos Mavrogiannopoulos
3be923c778
configure proceeds if regex library isn't found
2013-05-18 15:40:32 +02:00
Nikos Mavrogiannopoulos
f0afab6782
corrected cipher names
2013-05-17 22:01:53 +02:00
Nikos Mavrogiannopoulos
e8458828ee
Allow for a ciphersuite negotiation
2013-05-17 21:15:24 +02:00
Nikos Mavrogiannopoulos
766d3bec7e
small fixes
2013-05-17 20:21:08 +02:00
Nikos Mavrogiannopoulos
e679fd643f
reorganized HTTP header reading.
2013-05-17 20:07:58 +02:00
Nikos Mavrogiannopoulos
0aff05f0d2
corrected typo
2013-05-17 08:35:29 +02:00
Nikos Mavrogiannopoulos
9a39ec0ce6
documented fix
2013-05-16 23:10:32 +02:00
Faidon Liambotis
3071bda08a
Make seccomp failures non-fatal & lower log prio
...
Building a binary with --enable-seccomp and then running it on a < 3.5
kernel, results in seccomp_load() failing and ocserv's worker process
aborting. This might be okay-ish for users who ./configure && make
install on their own systems but it's obviously non-ideal for e.g.
distributions that need to distribute binaries.
Unfortunately there doesn't seem to be a good way (that I could find) to
check if the running kernel has seccomp -- uname/uts isn't a good
solution as Ubuntu has backported it to 3.2, custom kernels might have
CONFIG_SECCOMP=n etc.
So, this makes a tradeoff call and removes the exit_worker() call on
seccomp failures, lowers the seccomp error logs to LOG_DEBUG from
LOG_WARNING and the "could not disable system calls" to LOG_INFO from
LOG_ERR.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org >
2013-05-16 23:01:38 +02:00
Faidon Liambotis
3bfbe1a371
Workaround libseccomp bug & fix error handling
...
libseccomp has a bug where -EDOM is returned when seccomp_rule_add is
called for pseudo system calls (i.e. < -99). This was triggered by
adding the send() system call on my x86_64 machine. The bug seems to
have been recently (May 7th, 2013) reported and fixed on libseccomp
upstream but it will take a while to find its way to a release and
distributions.
Additionally, there was a bug on how libseccomp calls were error
handled: libseccomp functions don't actually set errno, but set errno
values in their return value instead. This resulted in the
seccomp_rule_add call above to print "could not add send to seccomp
filter: Success".
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org >
2013-05-16 23:00:06 +02:00
Nikos Mavrogiannopoulos
7bb5056d98
fixed length checks
2013-05-16 22:33:16 +02:00
Nikos Mavrogiannopoulos
ddae1e8339
check for children cleanup prior to checking for termination.
...
That allows to quickly terminate after the secmod death is detected.
2013-05-13 22:53:21 +02:00
Nikos Mavrogiannopoulos
30efc0433e
updated example
2013-05-13 22:50:35 +02:00
Nikos Mavrogiannopoulos
200e0cfaaa
use gnulib's ctype
2013-05-13 22:43:54 +02:00
Nikos Mavrogiannopoulos
538d909134
released
2013-05-07 23:48:07 +02:00
Nikos Mavrogiannopoulos
037db7a52c
do not check for a working libregex if it is disabled
2013-05-07 19:32:03 +02:00
Nikos Mavrogiannopoulos
ebe956aec6
bumped version
2013-05-07 19:29:23 +03:00
Nikos Mavrogiannopoulos
c688a6fb43
check for setproctitle
2013-05-07 19:25:01 +03:00
Nikos Mavrogiannopoulos
e9b60cbe4d
added missing files
2013-05-07 00:47:30 +03:00
Nikos Mavrogiannopoulos
bc30d9b20f
design update
2013-05-06 12:11:44 +03:00
Nikos Mavrogiannopoulos
e0a7ad9fe6
Added X-CSTP-Default-Domain option.
2013-05-06 10:56:21 +03:00
Nikos Mavrogiannopoulos
67e83f89d7
Use sigaction() to have a consistent behavior across systems for signals.
2013-05-02 11:46:02 +03:00
Nikos Mavrogiannopoulos
a84664733a
updated TODO
2013-04-30 00:02:16 +03:00
Nikos Mavrogiannopoulos
dd3571bc99
Updates for cisco's client.
2013-04-29 14:19:59 +03:00
Nikos Mavrogiannopoulos
6ee0af050c
corrected bug in anyconnect compat
2013-04-29 02:27:29 +03:00
Nikos Mavrogiannopoulos
d38aaf4d2f
doc update
2013-04-29 00:17:11 +03:00
Nikos Mavrogiannopoulos
58a4e81c94
verify the ICMP IDs prior to checking response.
2013-04-29 00:16:42 +03:00
Nikos Mavrogiannopoulos
947214a9a4
Added config file option ping-leases.
2013-04-29 00:12:37 +03:00
Nikos Mavrogiannopoulos
ce9fb618e5
corrected bug which prevented ocpasswd adding more than a single user.
2013-04-28 16:57:39 +03:00
Nikos Mavrogiannopoulos
bdc6ed3941
more files to ignore
2013-04-28 15:37:48 +03:00
Nikos Mavrogiannopoulos
cb35f8f6ac
updated ocpasswd doc
2013-04-28 15:36:46 +03:00
