Hello Richard,
I was able to find the changes I made to make it work on my Mac. I have
incorporated them into 2.0.1-pre4. You can download it from
http://www.cipherdyne.org/fwknop/download/fwknop-2.0.1-pre4.tar.gz.
You will find that many of the tests still fail. However, basic access request
do work (as long as the existing firewall rules allow established TCP traffic
in a set or rule before the fwknop rules (default set 1 rule 10000 - though
they can be changed in the fwknopd.conf file).
Regards,
-Damien
On Jul 14, 2012, at 8:20 AM, rhaas wrote:
> The pre-release fix is great, gets all the way through to the ipfw tests
> (which Damien Stuart mentioned was a known issue):
>
> $ sudo ./test-fwknop.pl
> Password:
>
> [+] Starting the fwknop test suite...
>
> args:
>
> [build] [client] binary exists......................................pass (1)
> [build security] [client] Position Independent Executable (PIE).....pass (2)
> [build security] [client] stack protected binary....................pass (3)
> [build security] [client] fortify source functions..................pass (4)
> [build security] [client] read-only relocations.....................pass (5)
> [build security] [client] immediate binding.........................pass (6)
> [build] [server] binary exists......................................pass (7)
> [build security] [server] Position Independent Executable (PIE).....pass (8)
> [build security] [server] stack protected binary....................pass (9)
> [build security] [server] fortify source functions..................pass (10)
> [build security] [server] read-only relocations.....................pass (11)
> [build security] [server] immediate binding.........................pass (12)
> [build] [libfko] binary exists......................................pass (13)
> [build security] [libfko] stack protected binary....................pass (14)
> [build security] [libfko] fortify source functions..................pass (15)
> [build security] [libfko] read-only relocations.....................pass (16)
> [build security] [libfko] immediate binding.........................pass (17)
> [preliminaries] [client] usage info.................................pass (18)
> [preliminaries] [client] getopt() no such argument..................pass (19)
> [preliminaries] [client] --test mode, packet not sent...............pass (20)
> [preliminaries] [client] expected code version......................pass (21)
> [preliminaries] [server] usage info.................................pass (22)
> [preliminaries] [server] getopt() no such argument..................pass (23)
> [preliminaries] [server] expected code version......................pass (24)
> [preliminaries] collecting system specifics.........................pass (25)
> [basic operations] dump config......................................pass (26)
> [basic operations] override config..................................pass (27)
> [basic operations] [client] --get-key path validation...............pass (28)
> [basic operations] [client] require [-s|-R|-a]......................pass (29)
> [basic operations] [client] --allow-ip <IP> valid IP................pass (30)
> [basic operations] [client] -A <proto>/<port> specification.........pass (31)
> [basic operations] [client] generate SPA packet.....................pass (32)
> [basic operations] [server] list current fwknopd fw rules...........pass (33)
> [basic operations] [server] list all current fw rules...............pass (34)
> [basic operations] [server] flush current firewall rules............pass (35)
> [basic operations] [server] start...................................ipfw:
> invalid set command 1
>
> ... I'll poke around the ipfw syntax as I have time ... if Damien doesn't
> unearth his previous correction before I get there.
>
> Thanks, everyone.
>
> --
> Richard Haas <[email protected]>
> GnuPG public key ID: 1CB7F0E2
> blog: http://richardhaas.wordpress.com
> Twitter: @rahaas
> --
>
>
>
> On Jul 12, 2012, at 10:32 PM, Michael Rash wrote:
>
>>
>>
>> On Thu, Jul 12, 2012 at 9:51 PM, Damien Stuart <[email protected]> wrote:
>> Hi,
>>
>>
>> Hi Damien,
>>
>> The shared libraries on Mac OS X system use a different extension (.dylib
>> vs. .so). If you edit the test-fwknop.pl script at line xx and make change
>> "libfko.so" to "libfko.dylib", the test will run. However, on my Mac, when
>> it gets to the 'ipfw'-related tests, I get "ipfw: invalid set command X"
>> (where X is '1' or '2').
>>
>> Ah, cool. I've updated the test suite to account for the different .dylib
>> extension:
>>
>> http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=e250776107d09352765b04cc74113c0bfe3a17de
>>
>> Here is a new -pre release that contains the fix:
>>
>> http://www.cipherdyne.org/fwknop/download/fwknop-2.0.1-pre3.tar.gz
>>
>> $ sha1sum fwknop-2.0.1-pre3.tar.gz
>> 62770f4f1c48b2d99e3f42d8c77d350968973578 fwknop-2.0.1-pre3.tar.gz
>>
>>
>> I had played with getting fwknopd to work on a Mac several months ago. I
>> did get it to work after modifying the syntax of the ipfw commands. I will
>> see if I can find that code and post the specifics hereā¦
>>
>>
>> Very cool - wish I had a Mac to help develop on. :)
>>
>> --Mike
>>
>>
>> Regards,
>>
>> -Damien Stuart
>>
>>
>>
>>
>> On Jul 12, 2012, at 9:09 PM, Michael Rash wrote:
>>
>>>
>>> On Thu, Jul 12, 2012 at 11:43 AM, rhaas <[email protected]> wrote:
>>> Greetings.
>>>
>>> Hello,
>>>
>>> Is there a pointer to Mac OS X specific build/install instructions for
>>> fwknop?
>>>
>>> Nothing specific for Mac OS X currently.
>>>
>>>
>>> Sorry for the noob-ish question, but a search of the list archives
>>> didn't turn anything up.
>>>
>>> The client and server build fine but the perl test suite aborts at the
>>> libfko binary check:
>>>
>>> ./test-fwknop.pl
>>>
>>> [+] Starting the fwknop test suite...
>>>
>>> args:
>>>
>>> Saved results from previous run to: output.last/
>>>
>>> [build] [client] binary
>>> exists......................................pass (1)
>>> [build security] [client] Position Independent Executable
>>> (PIE).....pass (2)
>>> [build security] [client] stack protected
>>> binary....................pass (3)
>>> [build security] [client] fortify source
>>> functions..................pass (4)
>>> [build security] [client] read-only
>>> relocations.....................pass (5)
>>> [build security] [client] immediate
>>> binding.........................pass (6)
>>> [build] [server] binary
>>> exists......................................pass (7)
>>> [build security] [server] Position Independent Executable
>>> (PIE).....pass (8)
>>> [build security] [server] stack protected
>>> binary....................pass (9)
>>> [build security] [server] fortify source
>>> functions..................pass (10)
>>> [build security] [server] read-only
>>> relocations.....................pass (11)
>>> [build security] [server] immediate
>>> binding.........................pass (12)
>>> [build] [libfko] binary
>>> exists......................................fail (13)
>>> [*] required test failed, exiting. at ./test-fwknop.pl line 1314.
>>>
>>>
>>> The test suite is looking for the file (usually a symbolic link)
>>> "../lib/.libs/libfko.so" from the test/ directory. Can you post the output
>>> of 'ls -l ../lib/.libs/libfko*'? It should look something like:
>>>
>>> $ ls -l ../lib/.libs/libfko*
>>> -rw-r--r-- 1 mbr mbr 589656 Jul 10 22:07 lib/.libs/libfko.a
>>> lrwxrwxrwx 1 mbr mbr 12 Jul 10 22:07 lib/.libs/libfko.la -> ../libfko.la
>>> -rw-r--r-- 1 mbr mbr 987 Jul 10 22:07 lib/.libs/libfko.lai
>>> lrwxrwxrwx 1 mbr mbr 15 Jul 10 22:07 lib/.libs/libfko.so ->
>>> libfko.so.0.0.3
>>> lrwxrwxrwx 1 mbr mbr 15 Jul 10 22:07 lib/.libs/libfko.so.0 ->
>>> libfko.so.0.0.3
>>> -rwxr-xr-x 1 mbr mbr 282950 Jul 10 22:07 lib/.libs/libfko.so.0.0.3
>>>
>>> This is on an Ubuntu system, so there may be some differences on Mac OS X
>>> that the test suite will need to account for.
>>>
>>> Thanks,
>>>
>>> --Mike
>>>
>>>
>>>
>>>
>>> ... presumably there are still some pieces to build.
>>>
>>> Thanks.
>>>
>>> --
>>> Richard Haas <[email protected]>
>>> GnuPG public key ID: 1CB7F0E2
>>> blog: http://richardhaas.wordpress.com
>>> Twitter: @rahaas
>>> --
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond. Discussions
>>> will include endpoint security, mobile security and the latest in malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Fwknop-discuss mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>>>
>>>
>>>
>>> --
>>> Michael Rash | Founder
>>> http://www.cipherdyne.org/
>>> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond. Discussions
>>> will include endpoint security, mobile security and the latest in malware
>>> threats.
>>> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
>>> Fwknop-discuss mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>>
>>
>>
>>
>> --
>> Michael Rash | Founder
>> http://www.cipherdyne.org/
>> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats.
>> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
>> Fwknop-discuss mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats.
> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
> Fwknop-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
