2003-11-14 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Fixed bug which could cause select() to be passed a
negative timeout when collecting backoff fingerprints.
* Released v1.5.1.
2003-11-13 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Added support for IKE Aggressive Mode. New options:
--aggressive, --id, --idtype, --dhgroup.
* isakmp.c: Added functions to build id, nonce and ke payloads for
Aggressive Mode.
* ike-scan.1: Added details of Aggressive Mode options.
* Released V1.5.
2003-11-08 Roy Hills <Roy.Hills@nta-monitor.com>
* wrappers.c: New file containing system/library call wrappers
for those calls which are not expected to fail. Wrappers have
the same name as the underlying call but with initial capital
letter. This convention is from W. Richard Stevens' Unix Network
Programming book.
* ike-scan.c: Changed to use wrapper functions for Gettimeofday,
Malloc and Realloc.
* isakmp.c: Changed to use wrapper function for Malloc.
* isakmp.c: Wrote new add_trans() function. This allows a multi-
transform payload to be built, it calls make_trans.
* ike-scan.c: Use new add_trans() function in intialise_ike_packet()
rather than manually building the transform payload using
make_trans().
* isakmp.c: Add new add_vid() function.
* ike-scan.c: Use new add_vid() function to allow multiple VIDs to
be specified.
* ike-scan.c: Add new function decode_trans. Use this function to
parse the --trans argument which allows the specification of
encryption key length.
2003-11-07 Roy Hills <Roy.Hills@nta-monitor.com>
* isakmp.c: Wrote ISAKMP payload construction functions.
* ike-scan.c: Use functions from isakmp.c to construct ISAKMP
payloads rather than manually filling in structures.
2003-10-30 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Change loop timing units from ms to us to improve
accuracy. This requires a 64-bit integer type.
2003-10-30 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Added elapsed time statistics to "Ending:" line.
* ike-scan.c: Changed atoi(optarg) to
strtoul(optarg, (char **)NULL, 10) for unsigned options to allow
full unsigned range.
* ike-scan.c: Dynamically adjust select_timeout based on requested
interval and cumulative error.
* ike-scan.c: Removed --selectwait option as it is now unneccesary.
* ike-scan.c: Renamed backoff variable to backoff_factor and changed
type from float to double.
* ike-scan.c: Timeout hosts immediately if possible when
starting the timeout pass. This reduces the scanning time,
especially when scanning a large number of hosts. Previously, the
scanning time tended to <retries+1> * <num-hosts>; now it tends
towards <retries> * <num-hosts>.
* ike-scan.c: Added pass number which is displayed if verbose >= 1.
2003-10-29 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Don't call advance_cursor() if we can't send to a host
yet because the next host won't be ready either.
* ike-scan.c: Start the search for a matching cookie at cursor->prev
rather than cursor.
2003-08-05 Roy Hills <Roy.Hills@nta-monitor.com>
* Released version v1.4. Tarball size 114410 bytes, Zip size 622630.
tarball md5sum: d8755044a041859cde12d111973bb541
zip md5sum: 7871aead615b88e3fd6a516f60ac63d0
2003-07-17 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Print any vendor ID payload in hex if it follows an SA
payload.
* ike-scan.c: allocate vid_data using malloc rather than having a
fixed-length array. This allows the supplied vendor id to be of
arbitary length.
2003-07-16 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Changed --vendor option to use a hex string of arbitary
length (up to MAXLINE) rather than an md5 hash of the supplied
string. This allows us to specify any vandor ID e.g. the one that
SecuRemote uses with main mode.
2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>
* Released version v1.3. Tarball size 113350 bytes.
tarball md5sum: 3fc330e97017ac93bd35fd2973d14e58
Note: this is not an official release and no Windows (zip) version
was produced. It is for internal use to test the new pattern
matching code. However, it is available in the public download
directory if anyone wants to use it.
2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-backoff-patterns: Added new patterns "watchguard-soho" and
"sonicwall-pro". These both use the new "/" notation to represent
per-entry fuzz values.
* ike-scan.c: Add fact that per-pattern fuzz entries override the
values specified with --fuzz to the help output.
* Created detached GPG sigs (.asc) for *.tar.gz and *.zip using DSA
key ID 567B9F3A Roy Hills <Roy.Hills@nta-monitor.com>.
2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Added check_struct_sizes() to check the size of the
ISAKMP structure sizes.
* ike-scan.h: Added definition of check_struct_sizes().
2003-07-04 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Added support for per-pattern-entry fuzz specification
in the patterns file.
* ike-scan.h: New structure to support per-pattern-entry fuzz.
2003-06-27 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.c: Improved backoff pattern display in dump_backoff().
Use integer arithmetic in add_pattern() to avoid rounding errors.
* ike-scan.h: Remove math.h include. Not needed now that we use
integer aritmetic in add_pattern().
* configure.ac: Removed check for maths library. Not needed now that
we use integer aritmetic in add_pattern().
2003-06-17 Roy Hills <Roy.Hills@nta-monitor.com>
* ike-scan.1: Created man page ike-scan.1. This is required by some
Linux distributions e.g. Debian.
* Makefile.am: Added support for new man page.
* NEWS: Added info for v1.0, v1.1 and v1.2.
* Makefile.am: Changed location of "ike-backoff-patterns" from
$datadir to $pkgdatadir.
575808c9fa