2004-01-13 Roy Hills <Roy.Hills@nta-monitor.com>
* Makefile.am: Added new shell-script-based tests check-run1,
check-run2, and check-run3.
* ike-scan.1: Updated man page OPTIONS section and added FILES
section.
* Added Russ Allbery's inet_aton replacement function for systems
like Solaris which don't have inet_aton in the standard library.
Added inet_aton check to configure.ac.
* ike-scan.c: Cast char * to unsigned char * before passing to
isdigit(). isdigit can have problems with char if char is signed
and value >127, esp. when it's implemeted as a macro that indexes
into an array as on Solaris 8.
* Use hexstring() to print cookie values rather than using htonl()
on the two 32-bit pieces. Some systems define htonl() to return
unsigned long while others return unsigned int making it impossible
to use the same printf format string on all systems.
2004-01-10 Roy Hills <Roy.Hills@nta-monitor.com>
* iks-scan.c, isakmp.c: Added regular expression support for
Vendor ID pattern matching. Patterns in ike-vendor-ids
are now Posix basic regular expressions which are compiled
with "regcomp" and matched against the hex representation
of the Vendor ID data with "regexec".
* configure.ac: Added check for Posix regular expression
support.
2003-12-30 Roy Hills <Roy.Hills@nta-monitor.com>
* isakmp.c: Added transform attribute generation functions make_attr()
and add_attr(). Use these functions in make_trans() to improve
readability and allow for future flexibility.
* ike-scan.c: Free various bits of malloc'ed storage when they are
no longer used. The pointers involved are: vid_data, patcopy,
id_data, gss_data, hdr, sa, prop, transforms, ke, nonce, id and vid.
These are all used only at initialisation time. We don't save much
memory by free'ing these, but it's better to be neat & tidy.
* check-sizes.c: New test program which checks the sizes of structures
and types. This is referenced by the TESTS target in Makefile.am,
so it gets run by "make check".
* ike-scan.c: check_struct_sizes() is now obsolete and has been
removed.
2003-12-29 Roy Hills <Roy.Hills@nta-monitor.com>
* isakmp.c: Fixed bug which caused the data length for ID and VID
payloads to be 8 bytes more than it really was (we were not
subtracting the length of the header structure).
* isakmp.c: Only check the returned VID against a candidate pattern if
the VID data length is >= the candidate pattern length.
* isakmp.c: Moved notification_msg[] from global to process_notify()
function. Use STR_OR_ID macro to display appropriate string from
notification_msg[] which avoids a hard-coded constant. Changed
format of "Firewall-1" 9101 notify message.
2003-12-24 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Modified error message if bind() fails to be more
specific depending on the value of errno.
* ike-scan.c: Added --quiet option to prevent packet decode and thus
shorten the output if required and --multiline option to split the
decode over multiple lines (one line per payload).
* ike-scan.c: Improved protocol decode. SA and ID payloads are now
decoded. For SA, the various transform attributes are shown.
* ike-scan.c: Added utility functions printable() and hexstring() to
provide escaped-printable and hex representations of data.
* isakmp.c: New process_id() function to process ID payload. Improved
process_sa() function to decode transforms. Transform decoding is
no longer experimental.
2003-12-19 Roy Hills <Roy.Hills@nta-monitor.com>
* isakmp.c: Added experimental support for displaying transform
attributes. This code is only enabled if the --experimental option is
specified. New attribute parseing function process_attr(),
new macro STR_OR_ID, and new function numstr() as well as additional
code in process_sa() function.
2003-12-11 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Added support for Vendor ID fingerprinting using
fingerprints loaded from the file "ike-vendor-ids". Added
--vidpatterns (-I) option to specify Vendor ID patterns file
location if it's not the default.
* isakmp.c: Modified process_vid() to check for known Vendor ID
and print entry from database if found.
2003-12-10 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Allow target hosts to be specified as IPnet/bits or
IPstart-IPend as well as the traditional single host or IP address.
The new function add_host_pattern() deals with these new formats.
Added details to usage() to explain these additional formats.
This functionallity was first requested by Chris Gripp in Jan 2003.
2003-11-28 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Removed unecessary gethostbyname() call.
2003-11-23 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Removed many global variables and made them local to
main(). Only 4 global variables left now, all of which have
some reason to stay global.
2003-11-22 Roy Hills <Roy.Hills@nta-monitor.com>
* isakmp.c: Added support for GSS ID attribute in make_trans()
function.
2003-11-21 Roy Hills <Roy.Hills@nta-monitor.com>
* isakmp.c: Added support for lifesize (KB) to add_trans() and
make_trans() functions.
* ike-scan.h: Modified function definitions for add_trans(),
make_trans(), and initialise_ike_packet() to take lifesize
argument.
* ike-scan.c: Added support for --lifesize (-z) option. Default
is not to include this attribute.
2003-11-18 Roy Hills <Roy.Hills@nta-monitor.com>
* isakmp.c: Wrote ISAKMP packet parsing routines: skip_payload,
process_isakmp_hdr, process_sa, process_vid, process_notify.
These are used by the new display_packet() routine in ike-scan.c
* ike-scan.c: Re-wrote display_packet() function to parse ISAKMP
packet in a flexible way using functions in isakmp.c. This
allows us to display multiple Vendor ID payloads (previously we
could only display the first), and also to detect and print
vendor ID payloads anwhere in the packet (previously it had to be
immediately after the SA payload, which may not be the case with
aggressive mode).
networks.
Getting TeraNode applications to work optimally on a high speed optical
network is not as simple as connecting ones computer to the Internet.
Today's protocol stacks and scientific applications cannot and do not
know how to utilize this extreme level of bandwidth even when it is
available. We intend to address this problem with Quanta, a
cross-platform adaptive networking toolkit for supporting the
extraordinary networking requirements of Tera-Nodes.
Note: This has nothing to do with www/quanta*, the KDE HTML editor.
So add to ICE and SM libraries to LDFLAGS.
If there is a better way to do this, please let me know.
(This problem would probably fix itself with software using the
pkg-config system.)
networks.
Getting TeraNode applications to work optimally on a high speed optical
network is not as simple as connecting ones computer to the Internet.
Today's protocol stacks and scientific applications cannot and do not
know how to utilize this extreme level of bandwidth even when it is
available. We intend to address this problem with Quanta, a
cross-platform adaptive networking toolkit for supporting the
extraordinary networking requirements of Tera-Nodes.
Note: This has nothing to do with www/quanta*, the KDE HTML editor.
- Do not answer to TCP segments that carry both SYN and RST flags. Without
this fix, it is easy to remotely detect Honeyd.
- Drop privileges if permitted by configuration.
compatible with SGI Open Inventor v2.1, and incorporating many new
features. Coin is portable across Win32, Linux, SGI IRIX, Mac OS X,
HP-UX, Sun Solaris, IBM AIX, and other platforms (like NetBSD :-).
