mirrors/knockd
1
0
Fork 0
mirror of https://salsa.debian.org/debian/knockd synced 2026-01-14 14:52:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: mirrors:master
Branches Tags
mirrors:master mirrors:pristine-tar mirrors:upstream
mirrors:debian/0.8-2 mirrors:debian/0.8-1 mirrors:upstream/0.8 mirrors:debian/0.7-1 mirrors:upstream/0.7 mirrors:upstream/0.5 mirrors:debian/0.5-3
..
compare: mirrors:debian/0.7-1
Branches Tags
mirrors:master mirrors:pristine-tar mirrors:upstream
mirrors:debian/0.8-2 mirrors:debian/0.8-1 mirrors:upstream/0.8 mirrors:debian/0.7-1 mirrors:upstream/0.7 mirrors:upstream/0.5 mirrors:debian/0.5-3

12 Commits
master ... debian/0.7

Author SHA1 Message Date
Leo Antunes
26e4c5ae8c add changelog entry for 0.7-1 
Gbp-Dch: ignore
 2016-10-08 16:08:04 +02:00
Leo Antunes
14a9bb3f09 add watch file 2016-10-08 16:03:25 +02:00
Leo Antunes
805dec719b debian/control: add VCS URL 2016-10-08 16:03:25 +02:00
Leo Antunes
5c686b87a6 remove knock client docs from installation 
otherwise we end up with multiple documentation copies in the single
binary package
 2016-10-08 15:19:17 +02:00
Leo Antunes
848daeab94 add hardening flags 2016-10-08 14:32:05 +02:00
Leo Antunes
197eb24d24 init: add dependency on $remote_fs 2016-10-08 14:32:05 +02:00
Leo Antunes
bfc99c1f23 add systemd support (closes: #729663) 2016-10-08 14:31:50 +02:00
Leo Antunes
733d82a7cb switch to source/format 3.0 (quilt) 2016-09-28 21:44:14 +02:00
Leo Antunes
802af55953 remove debian/docs (README deleted upstream) 
Gbp-Dch: ignore
 2016-09-28 21:38:27 +02:00
Leo Antunes
42ec748116 drop patches/manpage_cmd_timeout: fixed upstream 2016-09-28 21:34:43 +02:00
Leo Antunes
4a38db8d9a drop patches/include_limits_h: fixed upstream 2016-09-28 21:33:15 +02:00
Leo Antunes
86381cd502 migrate to dh short notation 2016-09-28 21:27:32 +02:00
37 changed files with 2335 additions and 3460 deletions
Expand all files Collapse all files

23
.gitignore vendored
View File

@@ -1,22 +1 @@
*.o
*~
.deps
.dirstamp
/Makefile
/Makefile.in
/aclocal.m4
/autom4te.cache/
/compile
/config.h
/config.h.in
/config.log
/config.status
/configure
/depcomp
/doc/*.1
/install-sh
/knock
/knock-*.tar.*
/knockd
/missing
/stamp-h1
.pc

16
CONTRIBUTERS
View File

@@ -1,16 +0,0 @@
Many thanks to everybody who has helped to improve knockd in some way. This is
a fairly old project, and some contributer names have almost surely been lost
along the way. Thanks to the unsung heroes too.
- airwoflgh <paul.rogers@flumps.org>
- catbref <misc-github@talk2dom.com>
- Diego Elio Pettenò <flameeyes@flameeyes.eu>
- Dima Krasner <dima@dimakrasner.com>
- Jonathon Reinhart <jonathon.reinhart@gmail.com>
- Marius Hoch <hoo@online.de>
- Michael Weiss <dev.primeos@gmail.com>
- Oswald Buddenhagen <ossi@kde.org>
- Sébastien Valat <sebastien.valat@gmail.com>
- TDFKAOlli <TDFKAOlli@ish.de>
- Ximin Luo <infinity0@pwned.gg>
- vriera <Vincent.Riera@imgtec.com>

2
COPYING
View File

@@ -2,7 +2,7 @@
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.

30
ChangeLog
View File

@@ -1,35 +1,5 @@
VERSION DESCRIPTION
-----------------------------------------------------------------------------
0.8 - Multiple fixes (#67, #77)
- IPv6 support (Sebastien Valat)
0.7.8 - Fix for Issue #33, #34 and #35 contributed by Alexander
Rumyanstev.
0.7.7 - Fix for Issue #7 & #17 contributed by Michael G<>hler.
All IPs assigned to a single interface are now listened on.
- Fix for compile warning on OSX where daemon() is deprecated.
- Fix for Issue #15 - list.c OpenBSD segfault: change malloc
to calloc.
0.7.6 - Fix for Issue #13 where similar sequences are not detected
correctly.
0.7.5 - Added Greg Kuchyt's knock_add script but updated to be a
generic IPTables helper that also deletes rules
0.7.4 - Patches from Michael G<>hler
- Updated gitignore to include additional autoconf files.
- Updated Makefile to fix deprecated warning on CPPFLAG
-D_BSD_SOURCE.
0.7.3 - Patches from Jonathon Reinhart
- Fixed PCAP filter for PSH flag detection.
- Patches from Christos Triantafyllidis
- Updated FSF address.
0.7.2 - Patches from Paul Rogers
- Applied missing fixes from issue #16 - OpenBSD build
issues, reordering of headers, scoping DLT_LINUX_SLL for
Linux only, for -> while loop in sniff() cleanup.
0.7.1 - Patches from Paul Rogers
- Fixed issue #2 - SIGHUP (reload) now listens for new
sequences in the config file.
- Fixed issue #26 - knockd now fails if a malformed config
file is read during SIGHUP (reload).
0.7 - Patches from Oswald Buddenhagen:
- Document the 'target' configuration directive.
- Merging OS-specific networking code to reduce LOCs and the

9
Makefile.am
View File

@@ -1,12 +1,12 @@
AM_CPPFLAGS=-D_DEFAULT_SOURCE
AM_CFLAGS=-g -Wall -pedantic -fno-exceptions -D_BSD_SOURCE
AM_CPPFLAGS=-D_BSD_SOURCE
AM_CFLAGS=-g -Wall -pedantic -fno-exceptions
bin_PROGRAMS = knock
man_MANS = doc/knock.1
if BUILD_KNOCKD
sbin_PROGRAMS = knockd
dist_sbin_SCRIPTS = src/knock_helper_ipt.sh
man_MANS += doc/knockd.1
sysconf_DATA = knockd.conf
endif
@@ -14,10 +14,9 @@ endif
dist_doc_DATA = README.md TODO ChangeLog COPYING
knock_SOURCES = src/knock.c
knockd_SOURCES = src/knockd.c src/list.c src/list.h src/knock_helper_ipt.sh
knockd_SOURCES = src/knockd.c src/list.c src/list.h
%.1: %.1.in
sed -e "s/#VERSION#/$(VERSION)/" $< > $@
EXTRA_DIST = doc/knock.1 doc/knock.1.in doc/knockd.1 doc/knockd.1.in knockd.conf
CLEANFILES = $(man_MANS)

253
Makefile.in
View File

@@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.16.3 from Makefile.am.
# Makefile.in generated by automake 1.14.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2020 Free Software Foundation, Inc.
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,19 +15,8 @@
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -92,13 +81,14 @@ bin_PROGRAMS = knock$(EXEEXT)
@BUILD_KNOCKD_TRUE@sbin_PROGRAMS = knockd$(EXEEXT)
@BUILD_KNOCKD_TRUE@am__append_1 = doc/knockd.1
subdir = .
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/configure $(am__configure_deps) \
$(srcdir)/config.h.in depcomp $(dist_doc_DATA) COPYING \
ChangeLog TODO compile install-sh missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
$(am__configure_deps) $(am__dist_sbin_SCRIPTS_DIST) \
$(dist_doc_DATA) $(am__DIST_COMMON)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
@@ -106,8 +96,8 @@ CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \
"$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)" \
"$(DESTDIR)$(docdir)" "$(DESTDIR)$(sysconfdir)"
"$(DESTDIR)$(man1dir)" "$(DESTDIR)$(docdir)" \
"$(DESTDIR)$(sysconfdir)"
PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS)
am__dirstamp = $(am__leading_dot)dirstamp
am_knock_OBJECTS = src/knock.$(OBJEXT)
@@ -116,7 +106,41 @@ knock_LDADD = $(LDADD)
am_knockd_OBJECTS = src/knockd.$(OBJEXT) src/list.$(OBJEXT)
knockd_OBJECTS = $(am_knockd_OBJECTS)
knockd_LDADD = $(LDADD)
am__dist_sbin_SCRIPTS_DIST = src/knock_helper_ipt.sh
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo " CC " $@;
am__v_CC_1 =
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(knock_SOURCES) $(knockd_SOURCES)
DIST_SOURCES = $(knock_SOURCES) $(knockd_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -144,50 +168,12 @@ am__uninstall_files_from_dir = { \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
SCRIPTS = $(dist_sbin_SCRIPTS)
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__maybe_remake_depfiles = depfiles
am__depfiles_remade = src/$(DEPDIR)/knock.Po src/$(DEPDIR)/knockd.Po \
src/$(DEPDIR)/list.Po
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo " CC " $@;
am__v_CC_1 =
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(knock_SOURCES) $(knockd_SOURCES)
DIST_SOURCES = $(knock_SOURCES) $(knockd_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
man1dir = $(mandir)/man1
NROFF = nroff
MANS = $(man_MANS)
DATA = $(dist_doc_DATA) $(sysconf_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \
config.h.in
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
$(LISP)config.h.in
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
@@ -208,8 +194,6 @@ ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
AM_RECURSIVE_TARGETS = cscope
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in COPYING \
ChangeLog TODO compile depcomp install-sh missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@@ -223,8 +207,6 @@ am__post_remove_distdir = $(am__remove_distdir)
GZIP_ENV = --best
DIST_ARCHIVES = $(distdir).tar.xz
DIST_TARGETS = dist-xz
# Exists only to be overridden by the user if desired.
AM_DISTCHECK_DVI_TARGET = dvi
distuninstallcheck_listfiles = find . -type f -print
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
@@ -239,6 +221,7 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
@@ -246,7 +229,9 @@ DEPDIR = @DEPDIR@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -305,7 +290,6 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@@ -314,16 +298,14 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CPPFLAGS = -D_DEFAULT_SOURCE
AM_CFLAGS = -g -Wall -pedantic -fno-exceptions -D_BSD_SOURCE
AM_CPPFLAGS = -D_BSD_SOURCE
AM_CFLAGS = -g -Wall -pedantic -fno-exceptions
man_MANS = doc/knock.1 $(am__append_1)
@BUILD_KNOCKD_TRUE@dist_sbin_SCRIPTS = src/knock_helper_ipt.sh
@BUILD_KNOCKD_TRUE@sysconf_DATA = knockd.conf
dist_doc_DATA = README.md TODO ChangeLog COPYING
knock_SOURCES = src/knock.c
knockd_SOURCES = src/knockd.c src/list.c src/list.h src/knock_helper_ipt.sh
knockd_SOURCES = src/knockd.c src/list.c src/list.h
EXTRA_DIST = doc/knock.1 doc/knock.1.in doc/knockd.1 doc/knockd.1.in knockd.conf
CLEANFILES = $(man_MANS)
all: config.h
$(MAKE) $(AM_MAKEFLAGS) all-am
@@ -344,14 +326,15 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
echo ' $(SHELL) ./config.status'; \
$(SHELL) ./config.status;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -479,41 +462,6 @@ src/list.$(OBJEXT): src/$(am__dirstamp) src/$(DEPDIR)/$(am__dirstamp)
knockd$(EXEEXT): $(knockd_OBJECTS) $(knockd_DEPENDENCIES) $(EXTRA_knockd_DEPENDENCIES)
@rm -f knockd$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(knockd_OBJECTS) $(knockd_LDADD) $(LIBS)
install-dist_sbinSCRIPTS: $(dist_sbin_SCRIPTS)
@$(NORMAL_INSTALL)
@list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
$(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
done | \
sed -e 'p;s,.*/,,;n' \
-e 'h;s|.*|.|' \
-e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
{ d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
if ($$2 == $$4) { files[d] = files[d] " " $$1; \
if (++n[d] == $(am__install_max)) { \
print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
else { print "f", d "/" $$4, $$1 } } \
END { for (d in files) print "f", d, files[d] }' | \
while read type dir files; do \
if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
test -z "$$files" || { \
echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
$(INSTALL_SCRIPT) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
} \
; done
uninstall-dist_sbinSCRIPTS:
@$(NORMAL_UNINSTALL)
@list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 's,.*/,,;$(transform)'`; \
dir='$(DESTDIR)$(sbindir)'; $(am__uninstall_files_from_dir)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -522,15 +470,9 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/knock.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/knockd.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/list.Po@am__quote@ # am--include-marker
$(am__depfiles_remade):
@$(MKDIR_P) $(@D)
@echo '# dummy' >$@-t && $(am__mv) $@-t $@
am--depfiles: $(am__depfiles_remade)
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/knock.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/knockd.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/list.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -692,10 +634,7 @@ distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
distdir: $(DISTFILES)
$(am__remove_distdir)
test -d "$(distdir)" || mkdir "$(distdir)"
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -735,7 +674,7 @@ distdir-am: $(DISTFILES)
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|| chmod -R a+r "$(distdir)"
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
$(am__post_remove_distdir)
dist-bzip2: distdir
@@ -749,22 +688,18 @@ dist-xz: distdir
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
$(am__post_remove_distdir)
dist-zstd: distdir
tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
$(am__post_remove_distdir)
dist-tarZ: distdir
@echo WARNING: "Support for distribution archives compressed with" \
"legacy program 'compress' is deprecated." >&2
@echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__post_remove_distdir)
dist-shar: distdir
@echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2
@echo WARNING: "Support for distribution archives compressed with" \
"legacy program 'compress' is deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
$(am__post_remove_distdir)
dist-zip: distdir
@@ -782,7 +717,7 @@ dist dist-all:
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lz*) \
@@ -792,27 +727,25 @@ distcheck: dist
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
*.tar.zst*) \
zstd -dc $(distdir).tar.zst | $(am__untar) ;;\
esac
chmod -R a-w $(distdir)
chmod u+w $(distdir)
mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
mkdir $(distdir)/_build $(distdir)/_inst
chmod a-w $(distdir)
test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
&& am__cwd=`pwd` \
&& $(am__cd) $(distdir)/_build/sub \
&& ../../configure \
&& $(am__cd) $(distdir)/_build \
&& ../configure \
$(AM_DISTCHECK_CONFIGURE_FLAGS) \
$(DISTCHECK_CONFIGURE_FLAGS) \
--srcdir=../.. --prefix="$$dc_install_base" \
--srcdir=.. --prefix="$$dc_install_base" \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) check \
&& $(MAKE) $(AM_MAKEFLAGS) install \
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
@@ -865,9 +798,9 @@ distcleancheck: distclean
exit 1; } >&2
check-am: all-am
check: check-am
all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) $(DATA) config.h
all-am: Makefile $(PROGRAMS) $(MANS) $(DATA) config.h
installdirs:
for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(docdir)" "$(DESTDIR)$(sysconfdir)"; do \
for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(docdir)" "$(DESTDIR)$(sysconfdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -892,7 +825,6 @@ install-strip:
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
@@ -910,9 +842,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-sbinPROGRAMS \
distclean: distclean-am
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -f src/$(DEPDIR)/knock.Po
-rm -f src/$(DEPDIR)/knockd.Po
-rm -f src/$(DEPDIR)/list.Po
-rm -rf src/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-hdr distclean-tags
@@ -935,8 +865,8 @@ install-dvi: install-dvi-am
install-dvi-am:
install-exec-am: install-binPROGRAMS install-dist_sbinSCRIPTS \
install-sbinPROGRAMS install-sysconfDATA
install-exec-am: install-binPROGRAMS install-sbinPROGRAMS \
install-sysconfDATA
install-html: install-html-am
@@ -961,9 +891,7 @@ installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -rf $(top_srcdir)/autom4te.cache
-rm -f src/$(DEPDIR)/knock.Po
-rm -f src/$(DEPDIR)/knockd.Po
-rm -f src/$(DEPDIR)/list.Po
-rm -rf src/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -980,23 +908,21 @@ ps: ps-am
ps-am:
uninstall-am: uninstall-binPROGRAMS uninstall-dist_docDATA \
uninstall-dist_sbinSCRIPTS uninstall-man \
uninstall-sbinPROGRAMS uninstall-sysconfDATA
uninstall-man uninstall-sbinPROGRAMS uninstall-sysconfDATA
uninstall-man: uninstall-man1
.MAKE: all install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles am--refresh check \
check-am clean clean-binPROGRAMS clean-cscope clean-generic \
.PHONY: CTAGS GTAGS TAGS all all-am am--refresh check check-am clean \
clean-binPROGRAMS clean-cscope clean-generic \
clean-sbinPROGRAMS cscope cscopelist-am ctags ctags-am dist \
dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
dist-xz dist-zip dist-zstd distcheck distclean \
distclean-compile distclean-generic distclean-hdr \
distclean-tags distcleancheck distdir distuninstallcheck dvi \
dvi-am html html-am info info-am install install-am \
install-binPROGRAMS install-data install-data-am \
install-dist_docDATA install-dist_sbinSCRIPTS install-dvi \
dist-xz dist-zip distcheck distclean distclean-compile \
distclean-generic distclean-hdr distclean-tags distcleancheck \
distdir distuninstallcheck dvi dvi-am html html-am info \
info-am install install-am install-binPROGRAMS install-data \
install-data-am install-dist_docDATA install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-man1 install-pdf install-pdf-am install-ps \
@@ -1005,11 +931,8 @@ uninstall-man: uninstall-man1
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \
uninstall-dist_docDATA uninstall-dist_sbinSCRIPTS \
uninstall-man uninstall-man1 uninstall-sbinPROGRAMS \
uninstall-sysconfDATA
.PRECIOUS: Makefile
uninstall-dist_docDATA uninstall-man uninstall-man1 \
uninstall-sbinPROGRAMS uninstall-sysconfDATA
%.1: %.1.in

6
README.md
View File

@@ -41,10 +41,12 @@ can only be accessed after a successful knock sequence.
### KNOCKING CLIENTS
The accompanying knock client is very basic. If you want to do more advanced
knocks (eg, setting specific tcp flags) then you should take look at more
powerful clients.
knocks (eg, setting specific tcp flags) then you should take look at hping,
sendip or packit.
- [hping](http://freshmeat.net/projects/hping/)
- [sendip](http://freshmeat.net/projects/sendip/)
- [packit](http://freshmeat.net/projects/packit/)
### OTHER IMPLEMENTATIONS

221
aclocal.m4 vendored
View File

@@ -1,6 +1,6 @@
# generated automatically by aclocal 1.16.3 -*- Autoconf -*-
# generated automatically by aclocal 1.14.1 -*- Autoconf -*-
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,13 +14,13 @@
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.71],,
[m4_warning([this file was generated for autoconf 2.71.
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],,
[m4_warning([this file was generated for autoconf 2.69.
You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically 'autoreconf'.])])
# Copyright (C) 2002-2020 Free Software Foundation, Inc.
# Copyright (C) 2002-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -32,10 +32,10 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.])
# generated from the m4 files accompanying Automake X.Y.
# (This private macro should not be called outside this file.)
AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.16'
[am__api_version='1.14'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.16.3], [],
m4_if([$1], [1.14.1], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.16.3])dnl
[AM_AUTOMAKE_VERSION([1.14.1])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -103,14 +103,15 @@ _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# configured tree to be moved without reconfiguration.
AC_DEFUN([AM_AUX_DIR_EXPAND],
[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
# Expand $ac_aux_dir to an absolute path.
am_aux_dir=`cd "$ac_aux_dir" && pwd`
[dnl Rely on autoconf to set up CDPATH properly.
AC_PREREQ([2.50])dnl
# expand $ac_aux_dir to an absolute path
am_aux_dir=`cd $ac_aux_dir && pwd`
])
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
# Copyright (C) 1997-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -141,7 +142,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -332,12 +333,13 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
# Generate code to set up dependency tracking. -*- Autoconf -*-
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# _AM_OUTPUT_DEPENDENCY_COMMANDS
# ------------------------------
AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
@@ -345,43 +347,49 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
# Older Autoconf quotes --file arguments for eval, but not when files
# are listed without --file. Let's play safe and only enable the eval
# if we detect the quoting.
# TODO: see whether this extra hack can be removed once we start
# requiring Autoconf 2.70 or later.
AS_CASE([$CONFIG_FILES],
[*\'*], [eval set x "$CONFIG_FILES"],
[*], [set x $CONFIG_FILES])
case $CONFIG_FILES in
*\'*) eval set x "$CONFIG_FILES" ;;
*) set x $CONFIG_FILES ;;
esac
shift
# Used to flag and report bootstrapping failures.
am_rc=0
for am_mf
for mf
do
# Strip MF so we end up with the name of the file.
am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'`
# Check whether this is an Automake generated Makefile which includes
# dependency-tracking related rules and includes.
# Grep'ing the whole file directly is not great: AIX grep has a line
mf=`echo "$mf" | sed -e 's/:.*$//'`
# Check whether this is an Automake generated Makefile or not.
# We used to match only the files named 'Makefile.in', but
# some people rename them; so instead we look at the file content.
# Grep'ing the first line is not enough: some people post-process
# each Makefile.in and add a new line on top of each file to say so.
# Grep'ing the whole file is not good either: AIX grep has a line
# limit of 2048, but all sed's we know have understand at least 4000.
sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
|| continue
am_dirpart=`AS_DIRNAME(["$am_mf"])`
am_filepart=`AS_BASENAME(["$am_mf"])`
AM_RUN_LOG([cd "$am_dirpart" \
&& sed -e '/# am--include-marker/d' "$am_filepart" \
| $MAKE -f - am--depfiles]) || am_rc=$?
if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
dirpart=`AS_DIRNAME("$mf")`
else
continue
fi
# Extract the definition of DEPDIR, am__include, and am__quote
# from the Makefile without running 'make'.
DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
test -z "$DEPDIR" && continue
am__include=`sed -n 's/^am__include = //p' < "$mf"`
test -z "$am__include" && continue
am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
# Find all dependency output files, they are included files with
# $(DEPDIR) in their names. We invoke sed twice because it is the
# simplest approach to changing $(DEPDIR) to its actual value in the
# expansion.
for file in `sed -n "
s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
# Make sure the directory exists.
test -f "$dirpart/$file" && continue
fdir=`AS_DIRNAME(["$file"])`
AS_MKDIR_P([$dirpart/$fdir])
# echo "creating $dirpart/$file"
echo '# dummy' > "$dirpart/$file"
done
done
if test $am_rc -ne 0; then
AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
for automatic dependency tracking. If GNU make was not used, consider
re-running the configure script with MAKE="gmake" (or whatever is
necessary). You can also try re-running configure with the
'--disable-dependency-tracking' option to at least be able to build
the package (albeit without support for automatic dependency tracking).])
fi
AS_UNSET([am_dirpart])
AS_UNSET([am_filepart])
AS_UNSET([am_mf])
AS_UNSET([am_rc])
rm -f conftest-deps.mk
}
])# _AM_OUTPUT_DEPENDENCY_COMMANDS
@@ -390,17 +398,18 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
# -----------------------------
# This macro should only be invoked once -- use via AC_REQUIRE.
#
# This code is only required when automatic dependency tracking is enabled.
# This creates each '.Po' and '.Plo' makefile fragment that we'll need in
# order to bootstrap the dependency handling code.
# This code is only required when automatic dependency tracking
# is enabled. FIXME. This creates each '.P' file that we will
# need in order to bootstrap the dependency handling code.
AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
[AC_CONFIG_COMMANDS([depfiles],
[test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
[AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])])
[AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
])
# Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -487,11 +496,11 @@ AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
AC_REQUIRE([AC_PROG_MKDIR_P])dnl
# For better backward compatibility. To be removed once Automake 1.9.x
# dies out for good. For more background, see:
# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
# We need awk for the "check" target (and possibly the TAP driver). The
# system "awk" is bad on some platforms.
# We need awk for the "check" target. The system "awk" is bad on
# some platforms.
AC_REQUIRE([AC_PROG_AWK])dnl
AC_REQUIRE([AC_PROG_MAKE_SET])dnl
AC_REQUIRE([AM_SET_LEADING_DOT])dnl
@@ -555,7 +564,7 @@ END
Aborting the configuration process, to ensure you take notice of the issue.
You can download and install GNU coreutils to get an 'rm' implementation
that behaves properly: <https://www.gnu.org/software/coreutils/>.
that behaves properly: <http://www.gnu.org/software/coreutils/>.
If you want to complete the configuration process using your problematic
'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
@@ -564,11 +573,7 @@ to "yes", and re-run configure.
END
AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
fi
fi
dnl The trailing newline in this macro's definition is deliberate, for
dnl backward compatibility and to allow trailing 'dnl'-style comments
dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841.
])
fi])
dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
@@ -597,7 +602,7 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -608,7 +613,7 @@ echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_co
# Define $install_sh.
AC_DEFUN([AM_PROG_INSTALL_SH],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
if test x"${install_sh+set}" != xset; then
if test x"${install_sh}" != xset; then
case $am_aux_dir in
*\ * | *\ *)
install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
@@ -618,7 +623,7 @@ if test x"${install_sh+set}" != xset; then
fi
AC_SUBST([install_sh])])
# Copyright (C) 2003-2020 Free Software Foundation, Inc.
# Copyright (C) 2003-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -639,7 +644,7 @@ AC_SUBST([am__leading_dot])])
# Check to see how 'make' treats includes. -*- Autoconf -*-
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -647,42 +652,49 @@ AC_SUBST([am__leading_dot])])
# AM_MAKE_INCLUDE()
# -----------------
# Check whether make has an 'include' directive that can support all
# the idioms we need for our automatic dependency tracking code.
# Check to see how make treats includes.
AC_DEFUN([AM_MAKE_INCLUDE],
[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive])
cat > confinc.mk << 'END'
[am_make=${MAKE-make}
cat > confinc << 'END'
am__doit:
@echo this is the am__doit target >confinc.out
@echo this is the am__doit target
.PHONY: am__doit
END
# If we don't find an include directive, just comment out the code.
AC_MSG_CHECKING([for style of include used by $am_make])
am__include="#"
am__quote=
# BSD make does it like this.
echo '.include "confinc.mk" # ignored' > confmf.BSD
# Other make implementations (GNU, Solaris 10, AIX) do it like this.
echo 'include confinc.mk # ignored' > confmf.GNU
_am_result=no
for s in GNU BSD; do
AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out])
AS_CASE([$?:`cat confinc.out 2>/dev/null`],
['0:this is the am__doit target'],
[AS_CASE([$s],
[BSD], [am__include='.include' am__quote='"'],
[am__include='include' am__quote=''])])
if test "$am__include" != "#"; then
_am_result="yes ($s style)"
break
fi
done
rm -f confinc.* confmf.*
AC_MSG_RESULT([${_am_result}])
AC_SUBST([am__include])])
AC_SUBST([am__quote])])
_am_result=none
# First try GNU make style include.
echo "include confinc" > confmf
# Ignore all kinds of additional output from 'make'.
case `$am_make -s -f confmf 2> /dev/null` in #(
*the\ am__doit\ target*)
am__include=include
am__quote=
_am_result=GNU
;;
esac
# Now try BSD make style include.
if test "$am__include" = "#"; then
echo '.include "confinc"' > confmf
case `$am_make -s -f confmf 2> /dev/null` in #(
*the\ am__doit\ target*)
am__include=.include
am__quote="\""
_am_result=BSD
;;
esac
fi
AC_SUBST([am__include])
AC_SUBST([am__quote])
AC_MSG_RESULT([$_am_result])
rm -f confinc confmf
])
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
# Copyright (C) 1997-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -703,7 +715,12 @@ AC_DEFUN([AM_MISSING_HAS_RUN],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
AC_REQUIRE_AUX_FILE([missing])dnl
if test x"${MISSING+set}" != xset; then
MISSING="\${SHELL} '$am_aux_dir/missing'"
case $am_aux_dir in
*\ * | *\ *)
MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
*)
MISSING="\${SHELL} $am_aux_dir/missing" ;;
esac
fi
# Use eval to expand $SHELL
if eval "$MISSING --is-lightweight"; then
@@ -716,7 +733,7 @@ fi
# Helper functions for option handling. -*- Autoconf -*-
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -745,7 +762,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -792,7 +809,7 @@ AC_LANG_POP([C])])
# For backward compatibility.
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -811,7 +828,7 @@ AC_DEFUN([AM_RUN_LOG],
# Check to make sure that the build environment is sane. -*- Autoconf -*-
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -892,7 +909,7 @@ AC_CONFIG_COMMANDS_PRE(
rm -f conftest.file
])
# Copyright (C) 2009-2020 Free Software Foundation, Inc.
# Copyright (C) 2009-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -952,7 +969,7 @@ AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
])
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -980,7 +997,7 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
# Copyright (C) 2006-2020 Free Software Foundation, Inc.
# Copyright (C) 2006-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -999,7 +1016,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# Check how to create a tarball. -*- Autoconf -*-
# Copyright (C) 2004-2020 Free Software Foundation, Inc.
# Copyright (C) 2004-2013 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

17
compile
View File

@@ -1,9 +1,9 @@
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
scriptversion=2018-03-07.03; # UTC
scriptversion=2012-10-14.11; # UTC
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@ scriptversion=2018-03-07.03; # UTC
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -53,7 +53,7 @@ func_file_conv ()
MINGW*)
file_conv=mingw
;;
CYGWIN* | MSYS*)
CYGWIN*)
file_conv=cygwin
;;
*)
@@ -67,7 +67,7 @@ func_file_conv ()
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
cygwin/* | msys/*)
cygwin/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
@@ -255,8 +255,7 @@ EOF
echo "compile $scriptversion"
exit $?
;;
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
@@ -340,9 +339,9 @@ exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'before-save-hook 'time-stamp)
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC0"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

98
config.h.in
View File

@@ -6,15 +6,12 @@
/* Define to 1 if you have the `pcap' library (-lpcap). */
#undef HAVE_LIBPCAP
/* Define to 1 if you have the <minix/config.h> header file. */
#undef HAVE_MINIX_CONFIG_H
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdio.h> header file. */
#undef HAVE_STDIO_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
@@ -33,9 +30,6 @@
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Define to 1 if you have the <wchar.h> header file. */
#undef HAVE_WCHAR_H
/* Name of package */
#undef PACKAGE
@@ -57,98 +51,40 @@
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Define to 1 if all of the C90 standard headers exist (not just the ones
required in a freestanding environment). This macro is provided for
backward compatibility; new code need not use it. */
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
# undef _ALL_SOURCE
#endif
/* Enable general extensions on macOS. */
#ifndef _DARWIN_C_SOURCE
# undef _DARWIN_C_SOURCE
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# undef __EXTENSIONS__
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# undef _GNU_SOURCE
#endif
/* Enable X/Open compliant socket functions that do not require linking
with -lxnet on HP-UX 11.11. */
#ifndef _HPUX_ALT_XOPEN_SOCKET_API
# undef _HPUX_ALT_XOPEN_SOCKET_API
#endif
/* Identify the host operating system as Minix.
This macro does not affect the system headers' behavior.
A future release of Autoconf may stop defining this macro. */
#ifndef _MINIX
# undef _MINIX
#endif
/* Enable general extensions on NetBSD.
Enable NetBSD compatibility extensions on Minix. */
#ifndef _NETBSD_SOURCE
# undef _NETBSD_SOURCE
#endif
/* Enable OpenBSD compatibility extensions on NetBSD.
Oddly enough, this does nothing on OpenBSD. */
#ifndef _OPENBSD_SOURCE
# undef _OPENBSD_SOURCE
#endif
/* Define to 1 if needed for POSIX-compatible behavior. */
#ifndef _POSIX_SOURCE
# undef _POSIX_SOURCE
#endif
/* Define to 2 if needed for POSIX-compatible behavior. */
#ifndef _POSIX_1_SOURCE
# undef _POSIX_1_SOURCE
#endif
/* Enable POSIX-compatible threading on Solaris. */
/* Enable threading extensions on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# undef _POSIX_PTHREAD_SEMANTICS
#endif
/* Enable extensions specified by ISO/IEC TS 18661-5:2014. */
#ifndef __STDC_WANT_IEC_60559_ATTRIBS_EXT__
# undef __STDC_WANT_IEC_60559_ATTRIBS_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-1:2014. */
#ifndef __STDC_WANT_IEC_60559_BFP_EXT__
# undef __STDC_WANT_IEC_60559_BFP_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-2:2015. */
#ifndef __STDC_WANT_IEC_60559_DFP_EXT__
# undef __STDC_WANT_IEC_60559_DFP_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-4:2015. */
#ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__
# undef __STDC_WANT_IEC_60559_FUNCS_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */
#ifndef __STDC_WANT_IEC_60559_TYPES_EXT__
# undef __STDC_WANT_IEC_60559_TYPES_EXT__
#endif
/* Enable extensions specified by ISO/IEC TR 24731-2:2010. */
#ifndef __STDC_WANT_LIB_EXT2__
# undef __STDC_WANT_LIB_EXT2__
#endif
/* Enable extensions specified by ISO/IEC 24747:2009. */
#ifndef __STDC_WANT_MATH_SPEC_FUNCS__
# undef __STDC_WANT_MATH_SPEC_FUNCS__
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# undef _TANDEM_SOURCE
#endif
/* Enable X/Open extensions. Define to 500 only if necessary
to make mbstate_t available. */
#ifndef _XOPEN_SOURCE
# undef _XOPEN_SOURCE
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# undef __EXTENSIONS__
#endif
/* Version number of package */
#undef VERSION
/* Define to 1 if on MINIX. */
#undef _MINIX
/* Define to 2 if the system does not provide POSIX.1 features except with
this defined. */
#undef _POSIX_1_SOURCE
/* Define to 1 if you need to in order for `stat' and other things to work. */
#undef _POSIX_SOURCE

3212
configure vendored
View File

File diff suppressed because it is too large Load Diff

2
configure.ac
View File

@@ -1,5 +1,5 @@
AC_PREREQ(2.60)
AC_INIT([knock], [0.8], [https://github.com/jvinet/knock/issues])
AC_INIT([knock], [0.7], [https://github.com/jvinet/knock/issues])
AM_INIT_AUTOMAKE([dist-xz no-dist-gzip foreign subdir-objects])
AC_CONFIG_HEADER([config.h])

43
debian/changelog vendored
View File

@@ -1,37 +1,3 @@
knockd (0.8-2) unstable; urgency=medium
* [688ef43f] systemd: downgrade ProtectSystem to "true" from "full"
(Closes: #927883)
-- Leo Antunes <costela@debian.org> Tue, 02 Nov 2021 23:40:19 +0100
knockd (0.8-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/changelog: Remove trailing whitespaces
* d/control: Remove trailing whitespaces
* d/control: Fix wrong Vcs-*
[ Leo Antunes ]
* [ab774823] debian: update VCS fields
* [6cf96b87] debian: bump to up-to-date formats overall
* [74aada02] New upstream version 0.8
* [75a1e52e] debian: add gbp.conf
* [15d6b105] drop reap_child_procs.patch (merged upstream)
* [3ef12dba] update patches for improved DEP3
* [e87735fc] d.knockd.service: ensure service is enabled (Closes: #868015)
* [07da25fb] d/upstream/metadata: add
* [bfe2e959] d/rules: remove old dh options
* [3009b440] d/control: remove unnecessary deps
* [a626515f] d/rules: fix permissions for /etc/knockd.conf (Closes: #902022)
* [614debf1] d/control: use HTTPS for Vcs-Git URL
* [ca7bf832] d/knockd.service: only start when online
* [7495e2b1] d/patches: fix manpage to match debian config
* [e09f46d2] d/copyright: add missing license block
* [e10d4e01] d/control: switch from d/compat to debhelper-compat dep
-- Leo Antunes <costela@debian.org> Tue, 19 Oct 2021 12:10:26 +0200
knockd (0.7-1) unstable; urgency=medium
* [b2567e28] New upstream version 0.7 (closes: #761853)
@@ -53,9 +19,9 @@ knockd (0.7-1) unstable; urgency=medium
knockd (0.5-3) unstable; urgency=low
* debian/patches/include_limits_h.patch: add explicit include for
* debian/patches/include_limits_h.patch: add explicit include for
limits.h (closes: #518882)
* debian/control:
* debian/control:
- bump policy to 3.8.0 (no changes)
- bump debhelper build-dep to 7
* debian/compat: bump to 7
@@ -81,7 +47,7 @@ knockd (0.5-2) unstable; urgency=low
* debian/init:
- include LSB session
- overhaul and 'LSB-zation'
- fail to start gracefully, enabling upgrades in case of failure
- fail to start gracefully, enabling upgrades in case of failure
(closes: #399662)
-- Leo Costela <costela@debian.org> Sun, 09 Dec 2007 01:54:11 +0100
@@ -160,9 +126,10 @@ knockd (0.2-1) unstable; urgency=low
* Patch incorporated into upstream
-- Leo Costela <costela@debian.org> Thu, 15 Apr 2004 22:52:05 -0300
knockd (0.1-1) unstable; urgency=low
* First Debian package
-- Leo Costela <costela@debian.org> Wed, 14 Apr 2004 22:52:05 -0300

1
debian/compat vendored Normal file
View File

@@ -0,0 +1 @@
7

13
debian/control vendored
View File

@@ -2,19 +2,18 @@ Source: knockd
Section: net
Priority: optional
Maintainer: Leo Antunes <costela@debian.org>
Build-Depends: debhelper-compat (= 13), libpcap0.8-dev
Standards-Version: 4.6.0.1
Build-Depends: debhelper (>= 9.20160709~), autotools-dev, libpcap0.8-dev
Standards-Version: 3.9.8
Homepage: http://www.zeroflux.org/projects/knock
Vcs-Git: https://salsa.debian.org/debian/knockd.git
Vcs-Browser: https://salsa.debian.org/debian/knockd
VCS-Git: git://anonscm.debian.org/collab-maint/knockd.git
Package: knockd
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate, lsb-base (>= 11.0.0)
Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate, lsb-base (>= 3.0-6)
Description: small port-knock daemon
A port-knock server that listens to all traffic on a given network
interface (only Ethernet and PPP are currently supported), looking for
a special "knock" sequences of port-hits. A remote system
interface (only Ethernet and PPP are currently supported), looking for
a special "knock" sequences of port-hits. A remote system
makes these port-hits by sending a TCP (or UDP) packet to a port on the
server. When the server detects a specific sequence of port-hits, it
runs a command defined in its configuration file. This can be used to

36
debian/copyright vendored
View File

@@ -1,32 +1,10 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: knock
Upstream-Contact: Judd Vinet <jvinet@zeroflux.org>
Source: https://github.com/jvinet/knock
Files-Excluded:
.git
This package was originally debianized by Leo Costela <costela@debian.org> on Wed, 14 Apr 2004 22:52:04 +0300.
Files: *
Copyright: 2004-2021 Judd Vinet <jvinet@zeroflux.org>
License: GPL-2
Original source has been downloaded from
http://www.zeroflux.org/knock/
Files: debian/*
Copyright: 2004-2021 Leo Antunes <costela@debian.org>
License: GPL-2
Copyright:
Copyright (C) 2004 Judd Vinet <jvinet@zeroflux.org>
License: GPL-2
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
.
On Debian systems, the complete text of the Apache version 2.0 license
can be found in "/usr/share/common-licenses/Apache-2.0".
A copy of the GNU General Public License, version 2, can be found in
/usr/share/common-licenses/GPL-2.

4
debian/gbp.conf vendored
View File

@@ -1,4 +0,0 @@
[DEFAULT]
debian-branch = master
dist = DEP14
pristine-tar = True

10
debian/knockd.service vendored
View File

@@ -1,7 +1,6 @@
[Unit]
Description=Port-Knock Daemon
After=network-online.target
Wants=network-online.target
After=network.target
Documentation=man:knockd(1)
[Service]
@@ -10,8 +9,5 @@ ExecStart=/usr/sbin/knockd $KNOCKD_OPTS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
SuccessExitStatus=0 2 15
ProtectSystem=true
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_MODULE
[Install]
WantedBy=multi-user.target
ProtectSystem=full
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN

28
debian/patches/0003-fix-manpage-to-match-debian-config.patch vendored
View File

@@ -1,28 +0,0 @@
From: Leo Antunes <costela@debian.org>
Date: Mon, 18 Oct 2021 23:57:32 +0200
Subject: fix manpage to match debian config
---
doc/knockd.1.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/knockd.1.in b/doc/knockd.1.in
index b69ca06..28d43ec 100644
--- a/doc/knockd.1.in
+++ b/doc/knockd.1.in
@@ -63,13 +63,13 @@ firewall and would like to access it discreetly.
sequence = 7000,8000,9000
seq_timeout = 10
tcpflags = syn
- command = /usr/sbin/iptables \-A INPUT \-s %IP% \-\-dport 22 \-j ACCEPT
+ command = /sbin/iptables \-A INPUT \-s %IP% \-\-dport 22 \-j ACCEPT
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 10
tcpflags = syn
- command = /usr/sbin/iptables \-D INPUT \-s %IP% \-\-dport 22 \-j ACCEPT
+ command = /sbin/iptables \-D INPUT \-s %IP% \-\-dport 22 \-j ACCEPT
.fi
.RE

17
debian/patches/default_config.patch vendored
View File

@@ -1,16 +1,6 @@
From: Leo Antunes <costela@debian.org>
Date: Mon, 18 Oct 2021 23:17:54 +0200
Subject: Adapt default config for debian
---
knockd.conf | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/knockd.conf b/knockd.conf
index 7770027..13d4347 100644
--- a/knockd.conf
+++ b/knockd.conf
@@ -1,16 +1,16 @@
--- knockd-0.5/knockd.conf 2004-05-07 00:56:03.000000000 +0200
+++ knockd-0.5.new/knockd.conf 2007-12-09 20:50:39.000000000 +0100
@@ -1,15 +1,15 @@
[options]
- logfile = /var/log/knockd.log
+ UseSyslog
@@ -29,4 +19,3 @@ index 7770027..13d4347 100644
+ command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
[openHTTPS]

16
debian/patches/reap_child_procs.patch vendored Normal file
View File

@@ -0,0 +1,16 @@
Index: repo/src/knockd.c
===================================================================
--- repo.orig/src/knockd.c 2016-09-28 21:42:58.417421069 +0200
+++ repo/src/knockd.c 2016-09-28 21:42:58.413421096 +0200
@@ -366,8 +366,9 @@
void child_exit(int signum)
{
- /* child wants to exit, let em die */
- wait(NULL);
+ int status;
+
+ while ( waitpid( (pid_t)-1, &status, WNOHANG ) > 0 ) continue;
return;
}

2
debian/patches/series vendored
View File

@@ -1,3 +1,3 @@
default_config.patch
reap_child_procs.patch
syslog_facility_daemon.patch
0003-fix-manpage-to-match-debian-config.patch

19
debian/patches/syslog_facility_daemon.patch vendored
View File

@@ -1,17 +1,8 @@
From: Leo Antunes <costela@debian.org>
Date: Mon, 18 Oct 2021 23:17:54 +0200
Subject: change syslog facility to daemon
this is currently hardcoded
---
src/knockd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/knockd.c b/src/knockd.c
index e607b6c..bd991c8 100644
--- a/src/knockd.c
+++ b/src/knockd.c
@@ -229,7 +229,7 @@ int main(int argc, char **argv)
Index: repo/src/knockd.c
===================================================================
--- repo.orig/src/knockd.c 2016-09-28 21:43:16.741293903 +0200
+++ repo/src/knockd.c 2016-09-28 21:43:16.741293903 +0200
@@ -195,7 +195,7 @@
strncpy(o_int, "eth0", sizeof(o_int)); /* no explicit termination needed */
}
if(o_usesyslog) {

11
debian/rules vendored
View File

@@ -6,18 +6,19 @@ DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/buildflags.mk
%:
dh $@
dh $@ --with autotools-dev --with systemd
override_dh_install:
dh_install
# original installation has duplicate docs for knock and knockd
rm -rf debian/knockd/usr/share/doc/knock
# be more restrictive
chmod 0600 debian/knockd/etc/knockd.conf
# the standard config is unsafe
override_dh_installsystemd:
dh_installsystemd --no-enable --no-start
override_dh_systemd_enable:
dh_systemd_enable --no-enable
override_dh_systemd_start:
dh_systemd_start --no-start
override_dh_installinit:
dh_installinit --no-start

5
debian/upstream/metadata vendored
View File

@@ -1,5 +0,0 @@
---
Bug-Database: https://github.com/jvinet/knock/issues
Bug-Submit: https://github.com/jvinet/knock/issues/new
Repository: https://github.com/jvinet/knock.git
Repository-Browse: https://github.com/jvinet/knock

4
debian/watch vendored
View File

@@ -1,3 +1,3 @@
version=4
opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/knock-$1\.tar\.gz/ \
https://github.com/jvinet/knock/tags .*/v?(\d\S+)\.tar\.gz
http://www.zeroflux.org/proj/knock/ files/knock@ANY_VERSION@@ARCHIVE_EXT@ debian uupdate

10
depcomp
View File

@@ -1,9 +1,9 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
scriptversion=2018-03-07.03; # UTC
scriptversion=2013-05-30.07; # UTC
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,7 +16,7 @@ scriptversion=2018-03-07.03; # UTC
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -783,9 +783,9 @@ exit 0
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'before-save-hook 'time-stamp)
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC0"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

12
doc/knock.1.in
View File

@@ -1,4 +1,4 @@
.TH knockd 1 "April 22, 2021" "knockd #VERSION#" ""
.TH knock 1 "June 26, 2005" "knockd #VERSION#" ""
.SH NAME
knock \- port-knock client
.SH SYNOPSIS
@@ -18,15 +18,9 @@ can specify the protocol on a per-port basis. See the example below.
.B "\-d <t>, \-\-delay <t>"
Wait <t> milliseconds between each port hit. This can be used in situations
where a router mistakes your stream of SYN packets as a port scan and blocks
them. If the packet rate is slowed with \-\-delay, then the router should let
them. If the packet rate is slowed with --delay, then the router should let
the packets through.
.TP
.B "\-4, \-\-ipv4 <version>"
Force usage of IPv4.
.TP
.B "\-6, \-\-ipv6 <version>"
Force usage of IPv6.
.TP
.B "\-v, \-\-verbose"
Output verbose status messages.
.TP
@@ -38,7 +32,7 @@ Syntax help.
.SH EXAMPLES
.nf
knock myserver.example.com 123:tcp 456:udp 789:tcp
knock \-u myserver.example.com 8284 4721 18592 42912
knock -u myserver.example.com 8284 4721 18592 42912
.fi
.SH SEE ALSO
\fBknockd\fP is the accompanying port-knock server.

58
doc/knockd.1.in
View File

@@ -1,4 +1,4 @@
.TH knockd 1 "April 22, 2021" "knockd #VERSION#" ""
.TH knockd 1 "June 26, 2005" "knockd #VERSION#" ""
.SH NAME
knockd \- port-knock server
.SH SYNOPSIS
@@ -25,15 +25,12 @@ Specify an alternate location for the config file. Default is
\fI/etc/knockd.conf\fP.
.TP
.B "\-D, \-\-debug"
Output debugging messages.
Ouput debugging messages.
.TP
.B "\-l, \-\-lookup"
Lookup DNS names for log entries. This may be a security risk! See section
\fBSECURITY NOTES\fP.
.TP
.B "\-4, \-\-only-ip-v4"
Ignore packets from IPv6 and handle only IPv4.
.TP
.B "\-v, \-\-verbose"
Output verbose status messages.
.TP
@@ -63,13 +60,13 @@ firewall and would like to access it discreetly.
sequence = 7000,8000,9000
seq_timeout = 10
tcpflags = syn
command = /usr/sbin/iptables \-A INPUT \-s %IP% \-\-dport 22 \-j ACCEPT
command = /usr/sbin/iptables -A INPUT -s %IP% --dport 22 -j ACCEPT
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 10
tcpflags = syn
command = /usr/sbin/iptables \-D INPUT \-s %IP% \-\-dport 22 \-j ACCEPT
command = /usr/sbin/iptables -D INPUT -s %IP% --dport 22 -j ACCEPT
.fi
.RE
@@ -90,9 +87,9 @@ and TCP ports.
sequence = 2222:udp,3333:tcp,4444:udp
seq_timeout = 15
tcpflags = syn,ack
start_command = /usr/sbin/iptables \-A INPUT \-s %IP% \-p tcp \-\-syn \-j ACCEPT
start_command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --syn -j ACCEPT
cmd_timeout = 5
stop_command = /usr/sbin/iptables \-D INPUT \-s %IP% \-p tcp \-\-syn \-j ACCEPT
stop_command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --syn -j ACCEPT
.fi
.RE
@@ -115,30 +112,9 @@ sniffing the network).
one_time_sequences = /etc/knockd/smtp_sequences
seq_timeout = 15
tcpflags = fin,!ack
start_command = /usr/sbin/iptables \-A INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
start_command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 25 -j ACCEPT
cmd_timeout = 5
stop_command = /usr/sbin/iptables \-D INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
.fi
.TP
.SH Example #4:
.RS
Example to support IPv4 and IPv6. You can provide a dedicated command for each
of the two protocols.
.nf
[options]
logfile = /var/log/knockd.log
[opencloseSMTP]
one_time_sequences = /etc/knockd/smtp_sequences
seq_timeout = 15
tcpflags = fin,!ack
start_command = /usr/sbin/iptables \-A INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
start_command_6 = /usr/sbin/ip6tables \-A INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
cmd_timeout = 5
stop_command = /usr/sbin/iptables \-D INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
stop_command_6 = /usr/sbin/ip6tables \-D INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
stop_command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 25 -j ACCEPT
.fi
.RE
@@ -205,18 +181,10 @@ etherwake to send the host a WOL packet.
.TP
.B "Start_Command = <command>"
Specify the command to be executed when a client makes the correct
port-knock with IPv4. All instances of \fB%IP%\fP will be replaced with the
port-knock. All instances of \fB%IP%\fP will be replaced with the
knocker's IP address. The \fBCommand\fP directive is an alias for
\fBStart_Command\fP.
.TP
.B "Start_Command_6 = <command>"
Specify the command to be executed when a client makes the correct
port-knock with IPv6. All instances of \fB%IP%\fP will be replaced with the
knocker's IP address. The \fBCommand_6\fP directive is an alias for
\fBStart_Command_6\fP. If not present it will automatically fallback onto
the same IPV4 \fBStart_Command\fP value. You can use empty value to force
doing nothing.
.TP
.B "Cmd_Timeout = <timeout>"
Time to wait (in seconds) between \fBStart_Command\fP and \fBStop_Command\fP.
This directive is optional, only required if \fBStop_Command\fP is used.
@@ -225,14 +193,6 @@ This directive is optional, only required if \fBStop_Command\fP is used.
Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed
since \fBStart_Command\fP has been executed. All instances of \fB%IP%\fP will
be replaced with the knocker's IP address. This directive is optional.
.TP
.B "Stop_Command_6 = <command>"
Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed
since \fBStart_Command_6\fP has been executed. All instances of \fB%IP%\fP will
be replaced with the knocker's IP address. This directive is optional.
If not present it will automatically fallback onto the same IPV4
\fBStop_Command\fP value. You can use empty value to force
doing nothing.
.SH SECURITY NOTES
Using the \fB-l\fP or \fB--lookup\fP commandline option to resolve DNS names
for log entries may be a security risk! An attacker may find out the first port

414
install-sh
View File

@@ -1,7 +1,7 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2020-11-14.01; # UTC
scriptversion=2011-11-20.07; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
@@ -41,15 +41,19 @@ scriptversion=2020-11-14.01; # UTC
# This script is compatible with the BSD install script, but was written
# from scratch.
tab=' '
nl='
'
IFS=" $tab$nl"
IFS=" "" $nl"
# Set DOITPROG to "echo" to test this script.
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit=${DOITPROG-}
doit_exec=${doit:-exec}
if test -z "$doit"; then
doit_exec=exec
else
doit_exec=$doit
fi
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
@@ -64,16 +68,22 @@ mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip}
posix_glob='?'
initialize_posix_glob='
test "$posix_glob" != "?" || {
if (set -f) 2>/dev/null; then
posix_glob=
else
posix_glob=:
fi
}
'
posix_mkdir=
# Desired mode of installed file.
mode=0755
# Create dirs (including intermediate dirs) using mode 755.
# This is like GNU 'install' as of coreutils 8.32 (2020).
mkdir_umask=22
backupsuffix=
chgrpcmd=
chmodcmd=$chmodprog
chowncmd=
@@ -87,7 +97,7 @@ dir_arg=
dst_arg=
copy_on_change=false
is_target_a_directory=possibly
no_target_directory=
usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
@@ -104,28 +114,18 @@ Options:
--version display version info and exit.
-c (ignored)
-C install only if different (preserve data modification time)
-C install only if different (preserve the last data modification time)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
-p pass -p to $cpprog.
-s $stripprog installed files.
-S SUFFIX attempt to back up existing files, with suffix SUFFIX.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
RMPROG STRIPPROG
By default, rm is invoked with -f; when overridden with RMPROG,
it's up to you to specify -f if you want it.
If -S is not specified, no backups are attempted.
Email bug reports to bug-automake@gnu.org.
Automake home page: https://www.gnu.org/software/automake/
"
while test $# -ne 0; do
@@ -137,62 +137,46 @@ while test $# -ne 0; do
-d) dir_arg=true;;
-g) chgrpcmd="$chgrpprog $2"
shift;;
shift;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
case $mode in
*' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
case $mode in
*' '* | *' '* | *'
'* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
-o) chowncmd="$chownprog $2"
shift;;
-p) cpprog="$cpprog -p";;
shift;;
-s) stripcmd=$stripprog;;
-S) backupsuffix="$2"
shift;;
-t) dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-t)
is_target_a_directory=always
dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-T) is_target_a_directory=never;;
-T) no_target_directory=true;;
--version) echo "$0 $scriptversion"; exit $?;;
--) shift
break;;
--) shift
break;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
*) break;;
esac
shift
done
# We allow the use of options -d and -T together, by making -d
# take the precedence; this is for compatibility with GNU install.
if test -n "$dir_arg"; then
if test -n "$dst_arg"; then
echo "$0: target directory not allowed when installing a directory." >&2
exit 1
fi
fi
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
@@ -223,15 +207,6 @@ if test $# -eq 0; then
exit 0
fi
if test -z "$dir_arg"; then
if test $# -gt 1 || test "$is_target_a_directory" = always; then
if test ! -d "$dst_arg"; then
echo "$0: $dst_arg: Is not a directory." >&2
exit 1
fi
fi
fi
if test -z "$dir_arg"; then
do_exit='(exit $ret); exit $ret'
trap "ret=129; $do_exit" 1
@@ -248,16 +223,16 @@ if test -z "$dir_arg"; then
*[0-7])
if test -z "$stripcmd"; then
u_plus_rw=
u_plus_rw=
else
u_plus_rw='% 200'
u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
u_plus_rw=
u_plus_rw=
else
u_plus_rw=,u+rw
u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
@@ -275,10 +250,6 @@ do
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
# Don't chown directories that already exist.
if test $dstdir_status = 0; then
chowncmd=""
fi
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
@@ -295,148 +266,178 @@ do
fi
dst=$dst_arg
# If destination is a directory, append the input filename.
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
if test -d "$dst"; then
if test "$is_target_a_directory" = never; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
if test -n "$no_target_directory"; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dstbase=`basename "$src"`
case $dst in
*/) dst=$dst$dstbase;;
*) dst=$dst/$dstbase;;
esac
dst=$dstdir/`basename "$src"`
dstdir_status=0
else
dstdir=`dirname "$dst"`
# Prefer dirname, but fall back on a substitute if dirname fails.
dstdir=`
(dirname "$dst") 2>/dev/null ||
expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$dst" : 'X\(//\)[^/]' \| \
X"$dst" : 'X\(//\)$' \| \
X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
echo X"$dst" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'
`
test -d "$dstdir"
dstdir_status=$?
fi
fi
case $dstdir in
*/) dstdirslash=$dstdir;;
*) dstdirslash=$dstdir/;;
esac
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
posix_mkdir=false
# The $RANDOM variable is not portable (e.g., dash). Use it
# here however when possible just to lower collision chance.
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
trap '
ret=$?
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null
exit $ret
' 0
# Because "mkdir -p" follows existing symlinks and we likely work
# directly in world-writeable /tmp, make sure that the '$tmpdir'
# directory is successfully created first before we actually test
# 'mkdir -p'.
if (umask $mkdir_umask &&
$mkdirprog $mkdir_mode "$tmpdir" &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
test_tmpdir="$tmpdir/a"
ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
mkdir_mode=
fi
trap '' 0;;
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
fi
trap '' 0;;
esac;;
esac
if
$posix_mkdir && (
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
# mkdir does not conform to POSIX,
# The umask is ridiculous, or mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
esac
eval "$initialize_posix_glob"
oIFS=$IFS
IFS=/
set -f
$posix_glob set -f
set fnord $dstdir
shift
set +f
$posix_glob set +f
IFS=$oIFS
prefixes=
for d
do
test X"$d" = X && continue
test X"$d" = X && continue
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
done
if test -n "$prefixes"; then
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
fi
fi
fi
@@ -449,25 +450,14 @@ do
else
# Make a couple of temp file names in the proper directory.
dsttmp=${dstdirslash}_inst.$$_
rmtmp=${dstdirslash}_rm.$$_
dsttmp=$dstdir/_inst.$$_
rmtmp=$dstdir/_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask &&
{ test -z "$stripcmd" || {
# Create $dsttmp read-write so that cp doesn't create it read-only,
# which would cause strip to fail.
if test -z "$doit"; then
: >"$dsttmp" # No need to fork-exec 'touch'.
else
$doit touch "$dsttmp"
fi
}
} &&
$doit_exec $cpprog "$src" "$dsttmp") &&
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
@@ -482,24 +472,20 @@ do
# If -C, don't bother to copy if it wouldn't change the file.
if $copy_on_change &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
set -f &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
eval "$initialize_posix_glob" &&
$posix_glob set -f &&
set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 &&
set +f &&
$posix_glob set +f &&
test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then
rm -f "$dsttmp"
else
# If $backupsuffix is set, and the file being installed
# already exists, attempt a backup. Don't worry if it fails,
# e.g., if mv doesn't support -f.
if test -n "$backupsuffix" && test -f "$dst"; then
$doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null
fi
# Rename the file to the real destination.
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
@@ -507,24 +493,24 @@ do
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
{
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
}
fi || exit 1
@@ -533,9 +519,9 @@ do
done
# Local variables:
# eval: (add-hook 'before-save-hook 'time-stamp)
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC0"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

6
knockd.conf
View File

@@ -13,9 +13,3 @@
command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
[openHTTPS]
sequence = 12345,54321,24680,13579
seq_timeout = 5
command = /usr/local/sbin/knock_add -i -c INPUT -p tcp -d 443 -f %IP%
tcpflags = syn

16
missing
View File

@@ -1,9 +1,9 @@
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
scriptversion=2018-03-07.03; # UTC
scriptversion=2013-10-28.13; # UTC
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@ scriptversion=2018-03-07.03; # UTC
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -101,9 +101,9 @@ else
exit $st
fi
perl_URL=https://www.perl.org/
flex_URL=https://github.com/westes/flex
gnu_software_URL=https://www.gnu.org/software
perl_URL=http://www.perl.org/
flex_URL=http://flex.sourceforge.net/
gnu_software_URL=http://www.gnu.org/software
program_details ()
{
@@ -207,9 +207,9 @@ give_advice "$1" | sed -e '1s/^/WARNING: /' \
exit $st
# Local variables:
# eval: (add-hook 'before-save-hook 'time-stamp)
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC0"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

78
src/knock.c
View File

@@ -13,9 +13,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
#include <stdio.h>
@@ -35,15 +36,11 @@
#include <getopt.h>
#include <fcntl.h>
static char version[] = "0.8";
static char version[] = "0.7";
#define PROTO_TCP 1
#define PROTO_UDP 2
#define IP_DEFAULT AF_UNSPEC
#define IP_V4 AF_INET
#define IP_V6 AF_INET6
/* function prototypes */
void vprint(char *fmt, ...);
void ver();
@@ -52,17 +49,13 @@ void usage();
int o_verbose = 0;
int o_udp = 0;
int o_delay = 0;
int o_ip = IP_DEFAULT;
int main(int argc, char** argv)
{
int sd;
struct hostent* host;
struct sockaddr_in addr;
int opt, optidx = 1;
struct addrinfo hints;
struct addrinfo *infoptr;
char ipname[256];
int result;
char *hostname;
static struct option opts[] =
{
{"verbose", no_argument, 0, 'v'},
@@ -70,12 +63,10 @@ int main(int argc, char** argv)
{"delay", required_argument, 0, 'd'},
{"help", no_argument, 0, 'h'},
{"version", no_argument, 0, 'V'},
{"ipv4", no_argument, 0, '4'},
{"ipv6", no_argument, 0, '6'},
{0, 0, 0, 0}
};
while((opt = getopt_long(argc, argv, "vud:hV46", opts, &optidx))) {
while((opt = getopt_long(argc, argv, "vud:hV", opts, &optidx))) {
if(opt < 0) {
break;
}
@@ -85,8 +76,6 @@ int main(int argc, char** argv)
case 'u': o_udp = 1; break;
case 'd': o_delay = (int)atoi(optarg); break;
case 'V': ver();
case '4': o_ip = IP_V4; break;
case '6': o_ip = IP_V6; break;
case 'h': /* fallthrough */
default: usage();
}
@@ -100,19 +89,18 @@ int main(int argc, char** argv)
exit(1);
}
/* prepare hints to select ipv4 or v6 if asked */
memset(&hints, 0, sizeof hints);
hints.ai_family = o_ip;
hostname = argv[optind++];
host = gethostbyname(argv[optind++]);
if(host == NULL) {
fprintf(stderr, "Cannot resolve hostname\n");
exit(1);
}
for(; optind < argc; optind++) {
unsigned short proto = PROTO_TCP;
const char *port;
unsigned short port, proto = PROTO_TCP;
char *ptr, *arg = strdup(argv[optind]);
if((ptr = strchr(arg, ':'))) {
*ptr = '\0';
port = arg;
port = atoi(arg);
arg = ++ptr;
if(!strcmp(arg, "udp")) {
proto = PROTO_UDP;
@@ -120,27 +108,18 @@ int main(int argc, char** argv)
proto = PROTO_TCP;
}
} else {
port = arg;
port = atoi(arg);
}
/* get host and port based on hints */
result = getaddrinfo(hostname, port, &hints, &infoptr);
if(result) {
fprintf(stderr, "Failed to resolve hostname '%s' on port %s\n", hostname, port);
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(result));
exit(1);
}
/* create socket */
if(o_udp || proto == PROTO_UDP) {
sd = socket(infoptr->ai_family, SOCK_DGRAM, 0);
sd = socket(PF_INET, SOCK_DGRAM, 0);
if(sd == -1) {
fprintf(stderr, "Cannot open socket\n");
exit(1);
}
} else {
int flags;
sd = socket(infoptr->ai_family, SOCK_STREAM, 0);
sd = socket(PF_INET, SOCK_STREAM, 0);
if(sd == -1) {
fprintf(stderr, "Cannot open socket\n");
exit(1);
@@ -148,22 +127,19 @@ int main(int argc, char** argv)
flags = fcntl(sd, F_GETFL, 0);
fcntl(sd, F_SETFL, flags | O_NONBLOCK);
}
/* extract ip as string (v4 or v6) */
getnameinfo(infoptr->ai_addr, infoptr->ai_addrlen, ipname, sizeof(ipname), NULL, 0, NI_NUMERICHOST);
/* connect or send UDP packet */
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = *((long*)host->h_addr_list[0]);
addr.sin_port = htons(port);
if(o_udp || proto == PROTO_UDP) {
vprint("hitting udp %s:%s\n", ipname, port);
sendto(sd, "", 1, 0, infoptr->ai_addr, infoptr->ai_addrlen);
vprint("hitting udp %s:%u\n", inet_ntoa(addr.sin_addr), port);
sendto(sd, "", 1, 0, (struct sockaddr*)&addr, sizeof(addr));
} else {
vprint("hitting tcp %s:%s\n", ipname, port);
connect(sd, infoptr->ai_addr, infoptr->ai_addrlen);
vprint("hitting tcp %s:%u\n", inet_ntoa(addr.sin_addr), port);
connect(sd, (struct sockaddr*)&addr, sizeof(struct sockaddr));
}
close(sd);
usleep(1000*o_delay);
freeaddrinfo(infoptr);
}
return(0);
@@ -185,8 +161,6 @@ void usage() {
printf("options:\n");
printf(" -u, --udp make all ports hits use UDP (default is TCP)\n");
printf(" -d, --delay <t> wait <t> milliseconds between port hits\n");
printf(" -4, --ipv4 Force usage of IPv4\n");
printf(" -6, --ipv6 Force usage of IPv6\n");
printf(" -v, --verbose be verbose\n");
printf(" -V, --version display version\n");
printf(" -h, --help this help\n");

189
src/knock_helper_ipt.sh
View File

@@ -1,189 +0,0 @@
#!/bin/sh
# Original version to add non-duplicated rules by Greg Kuchyt (greg.kuchyt@gmail.com)
# Updated to handle deletes and be generic by Paul Rogers (paul.rogers@flumps.org)
SCRIPT_NAME=$(basename $0)
AWK="/bin/awk"
GREP="/bin/grep"
IPTABLES="/sbin/iptables"
SORT="/bin/sort"
COMMENT_APP="Append "
COMMENT_DEL="Delete "
COMMENT_INS="Insert "
COMMENT_DEFAULT="by knockd"
IPT_CHAIN="INPUT"
IPT_METHOD=""
IPT_COMMENT=""
IPT_SRC_IP=""
IPT_DST_PORT=""
IPT_PROTO="tcp"
IPT_RULE_TARGET="ACCEPT"
DRY_RUN=0
SEEN=0
VERBOSE=0
usage() {
echo "Usage: $SCRIPT_NAME -a|-i|-x -f SRC_IP_ADDR -d DST_PORT [-p|-c|-m|-t|-h|-v]"
echo "Options:"
echo "-a|--append Action: append a rule to NetFilter"
echo "-i|--insert Action: insert a rule to NetFiler"
echo "-x|--delete Action: delete a rule from NetFilter"
echo "-f|--srcaddr The source IP address to be used"
echo "-d|--dstport The destination port to be used in the rule"
echo "-p|--proto The protocol that the rule applies to; default: $IPT_PROTO"
echo "-c|--chain The NetFilter chain to apply the change to; default: $IPT_CHAIN"
echo "-m|--comment Overide default comment text: '$COMMENT_DEFAULT'"
echo "-t|--test Test run - don't actually perform an update to NetFilter"
echo "-h|--help Print this informational screen and exit"
echo "-v|--verbose Print verbose information about actions"
}
ARGS=$(getopt -o aixf:d:p:c:m::thv -l "append,insert,delete,srcaddr:,dstport:,proto:,chain:,comment::,test,help,verbose" -n $SCRIPT_NAME -- "$@")
if [ $? -ne 0 ];
then
echo "$SCRIPT_NAME - Error! Invalid arguments"
usage
exit 1
fi
eval set -- "$ARGS"
while true; do
case "$1" in
-a|--append)
IPT_METHOD="-A"
shift;
;;
-x|--delete)
IPT_METHOD="-D"
shift;
;;
-i|--insert)
IPT_METHOD="-I"
shift;
;;
-f|--srcaddr)
IPT_SRC_IP=$2
shift 2;
;;
-d|--dstport)
IPT_DST_PORT=$2
shift 2;
;;
-p|--proto)
IPT_PROTO=$2
shift 2;
;;
-c|--chain)
IPT_CHAIN=$2
shift 2;
;;
-m|--comment)
case "$2" in
"")
IPT_COMMENT=$COMMENT_DEFAULT;
shift 2;;
*)
IPT_COMMENT=$2;
shift 2 ;;
esac
;;
-t|--test)
DRY_RUN=1
shift;
;;
-h|--help)
usage
shift;
exit
;;
-v|--verbose)
VERBOSE=1
shift;
;;
--)
shift;
break;
;;
esac
done
# Begin sanity checks
if [ -z "$IPT_SRC_IP" ]; then
echo "$SCRIPT_NAME - Error! Source IP address required"
usage
exit 1
fi
if [ -z "$IPT_DST_PORT" ]; then
echo "$SCRIPT_NAME - Error! Destination port required"
usage
exit 1
fi
if [ -z "$IPT_METHOD" ]; then
echo "$SCRIPT_NAME - Error! Valid action option not specified"
fi
case "$IPT_METHOD" in
-A)
IPT_COMMENT="$COMMENT_APP $IPT_COMMENT"
;;
-I)
IPT_COMMENT="$COMMENT_INS $IPT_COMMENT"
;;
-D)
IPT_COMMENT="$COMMENT_DEL $IPT_COMMENT"
;;
esac
if [ "$VERBOSE" -eq 1 ]; then
echo "$SCRIPT_NAME - Testing rule"
echo "$SCRIPT_NAME - action: $IPT_METHOD _ src: $IPT_SRC_IP _ dstport: $IPT_DST_PORT _ proto: $IPT_PROTO _ chain: $IPT_CHAIN _ comment: $IPT_COMMENT"
fi
COMMENT=""
if [ -n "$IPT_COMMENT" ]; then
COMMENT="-m comment --comment '$IPT_COMMENT'"
fi
$IPTABLES -L $IPT_CHAIN &> /dev/null
if [ 0 -ne "$?" ]; then
echo "$SCRIPT_NAME - Error: $IPT_CHAIN is not a valid NetFilter chain"
exit
fi
# End sanity checks
# Dupe checking
for IP in `$IPTABLES -n -L $IPT_CHAIN | $GREP $IPT_RULE_TARGET | $AWK '{print $4}' | $SORT -u`;
do
if [ "$VERBOSE" -eq 1 ]; then
echo "$SCRIPT_NAME - $IP"
fi
if [ "$IPT_SRC_IP" == "$IP" ]; then
SEEN=1
fi
done
if [ "$VERBOSE" -eq 1 ]; then
echo "$SCRIPT_NAME - Seen: $SEEN"
fi
if [ "$SEEN" -eq 0 ]; then
if [ "$VERBOSE" -eq 1 ]; then
echo "$SCRIPT_NAME - $IPT_COMMENT"
echo $IPTABLES $IPT_METHOD $IPT_CHAIN -s $IPT_SRC_IP -p $IPT_PROTO --dport $IPT_DST_PORT -j $IPT_RULE_TARGET $COMMENT
fi
if [ "$DRY_RUN" -eq 0 ]; then
eval $IPTABLES $IPT_METHOD $IPT_CHAIN -s $IPT_SRC_IP -p $IPT_PROTO --dport $IPT_DST_PORT -j $IPT_RULE_TARGET $COMMENT
fi
fi

898
src/knockd.c
View File

File diff suppressed because it is too large Load Diff

9
src/list.c
View File

@@ -13,9 +13,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
#include <stdlib.h>
@@ -27,7 +28,7 @@ PMList* list_new()
{
PMList *list = NULL;
list = (PMList*)calloc(1, sizeof(PMList));
list = (PMList*)malloc(sizeof(PMList));
if(list == NULL) {
return(NULL);
}

7
src/list.h
View File

@@ -13,9 +13,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
#ifndef _PAC_LIST_H
#define _PAC_LIST_H