mirrors/knockd
1
0
Fork 0
mirror of https://salsa.debian.org/debian/knockd synced 2026-01-13 14:22:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: mirrors:upstream/0.7
Branches Tags
mirrors:master mirrors:pristine-tar mirrors:upstream
mirrors:debian/0.8-2 mirrors:debian/0.8-1 mirrors:upstream/0.8 mirrors:debian/0.7-1 mirrors:upstream/0.7 mirrors:upstream/0.5 mirrors:debian/0.5-3
...
compare: mirrors:master
Branches Tags
mirrors:master mirrors:pristine-tar mirrors:upstream
mirrors:debian/0.8-2 mirrors:debian/0.8-1 mirrors:upstream/0.8 mirrors:debian/0.7-1 mirrors:upstream/0.7 mirrors:upstream/0.5 mirrors:debian/0.5-3

39 Commits
upstream/0 ... master

Author SHA1 Message Date
Leo Antunes
eede056afa update changelog for 0.8-2 
Gbp-Dch: Ignore
 2021-11-02 23:40:40 +01:00
Leo Antunes
688ef43fba systemd: downgrade ProtectSystem to "true" from "full" 
this should enable interacting with tools such as ufw

Closes: #927883
 2021-11-02 23:35:15 +01:00
Leo Antunes
521ba0fe1b add changelog for 0.8-1 
Gbp-Dch: Ignore
 2021-10-19 12:16:18 +02:00
Leo Antunes
9ae659c94d d/control: switch from d/compat to debhelper-compat dep 2021-10-19 12:15:06 +02:00
Leo Antunes
e09f46d282 d/copyright: add missing license block 2021-10-19 00:02:11 +02:00
Leo Antunes
7495e2b15c d/patches: fix manpage to match debian config 2021-10-18 23:58:06 +02:00
Leo Antunes
ca7bf832d0 d/knockd.service: only start when online 2021-10-18 23:55:28 +02:00
Leo Antunes
614debf189 d/control: use HTTPS for Vcs-Git URL 2021-10-18 23:51:56 +02:00
Leo Antunes
a626515f12 d/rules: fix permissions for /etc/knockd.conf 
Closes: #902022
 2021-10-18 23:50:47 +02:00
Leo Antunes
3009b44006 d/control: remove unnecessary deps 2021-10-18 23:50:28 +02:00
Leo Antunes
bfe2e959c9 d/rules: remove old dh options 2021-10-18 23:44:35 +02:00
Leo Antunes
07da25fbbb d/upstream/metadata: add 2021-10-18 23:36:56 +02:00
Leo Antunes
e87735fcd9 d.knockd.service: ensure service is enabled 
Closes: #868015
 2021-10-18 23:31:28 +02:00
Leo Antunes
3ef12dbadd update patches for improved DEP3 2021-10-18 23:25:43 +02:00
Leo Antunes
15d6b105fc drop reap_child_procs.patch (merged upstream) 2021-10-18 23:15:31 +02:00
Leo Antunes
75a1e52e91 debian: add gbp.conf 2021-10-18 23:04:02 +02:00
Leo Antunes
2243dcaf7b Update upstream source from tag 'upstream/0.8' 
Update to upstream version '0.8'
with Debian dir e7bfd7ea6c
 2021-10-17 11:13:19 +02:00
Leo Antunes
74aada02ef New upstream version 0.8 2021-10-17 11:13:19 +02:00
Leo Antunes
6cf96b87b4 debian: bump to up-to-date formats overall 2021-10-17 11:11:32 +02:00
Leo Antunes
ab774823da debian: update VCS fields 2021-10-17 10:54:31 +02:00
Ondřej Nový
208f130f9c d/control: Fix wrong Vcs-* 2018-10-01 09:49:01 +02:00
Ondřej Nový
37fcd4c14b d/control: Remove trailing whitespaces 2018-10-01 09:49:00 +02:00
Ondřej Nový
f96235603a d/changelog: Remove trailing whitespaces 2018-10-01 09:48:59 +02:00
Leo Antunes
dd2ba213e1 add changelog entry for 0.7-1 
Gbp-Dch: ignore
 2016-10-27 22:51:00 +02:00
Leo Antunes
47e7d5a199 add watch file 2016-10-27 22:51:00 +02:00
Leo Antunes
da6afdd232 debian/control: add VCS URL 2016-10-27 22:51:00 +02:00
Leo Antunes
fcf14cede6 remove knock client docs from installation 
otherwise we end up with multiple documentation copies in the single
binary package
 2016-10-27 22:51:00 +02:00
Leo Antunes
49e3f86395 add hardening flags 2016-10-27 22:50:59 +02:00
Leo Antunes
c808032abf init: add dependency on $remote_fs 2016-10-27 22:50:59 +02:00
Leo Antunes
4033472622 add systemd support (closes: #729663) 2016-10-27 22:50:59 +02:00
Leo Antunes
6cbc047eac switch to source/format 3.0 (quilt) 2016-10-27 22:50:59 +02:00
Leo Antunes
37c3759022 remove debian/docs (README deleted upstream) 
Gbp-Dch: ignore
 2016-10-27 22:50:59 +02:00
Leo Antunes
bc9c096d07 drop patches/manpage_cmd_timeout: fixed upstream 2016-10-27 22:50:59 +02:00
Leo Antunes
f0eed1b587 drop patches/include_limits_h: fixed upstream 2016-10-27 22:50:59 +02:00
Leo Antunes
b966c89c1e migrate to dh >= 9 short notation 2016-10-27 22:50:46 +02:00
Leo Antunes
0b63eacbe6 update homepage url 2016-09-28 19:50:23 +02:00
Leo Antunes
48f78ca518 bump policy to 3.9.8 (no changes) 2016-09-28 19:49:52 +02:00
Leo Antunes
3ad5f21391 Merge tag 'upstream/0.7' 
Upstream version 0.7
 2016-09-28 19:41:01 +02:00
Leo Costela
fdf599501e Import Debian patch 0.5-3 2016-09-28 19:40:56 +02:00
39 changed files with 3743 additions and 2276 deletions
Expand all files Collapse all files

22
.gitignore vendored Normal file
View File

@@ -0,0 +1,22 @@
*.o
*~
.deps
.dirstamp
/Makefile
/Makefile.in
/aclocal.m4
/autom4te.cache/
/compile
/config.h
/config.h.in
/config.log
/config.status
/configure
/depcomp
/doc/*.1
/install-sh
/knock
/knock-*.tar.*
/knockd
/missing
/stamp-h1

16
CONTRIBUTERS Normal file
View File

@@ -0,0 +1,16 @@
Many thanks to everybody who has helped to improve knockd in some way. This is
a fairly old project, and some contributer names have almost surely been lost
along the way. Thanks to the unsung heroes too.
- airwoflgh <paul.rogers@flumps.org>
- catbref <misc-github@talk2dom.com>
- Diego Elio Pettenò <flameeyes@flameeyes.eu>
- Dima Krasner <dima@dimakrasner.com>
- Jonathon Reinhart <jonathon.reinhart@gmail.com>
- Marius Hoch <hoo@online.de>
- Michael Weiss <dev.primeos@gmail.com>
- Oswald Buddenhagen <ossi@kde.org>
- Sébastien Valat <sebastien.valat@gmail.com>
- TDFKAOlli <TDFKAOlli@ish.de>
- Ximin Luo <infinity0@pwned.gg>
- vriera <Vincent.Riera@imgtec.com>

2
COPYING
View File

@@ -2,7 +2,7 @@
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.

30
ChangeLog
View File

@@ -1,5 +1,35 @@
VERSION DESCRIPTION
-----------------------------------------------------------------------------
0.8 - Multiple fixes (#67, #77)
- IPv6 support (Sebastien Valat)
0.7.8 - Fix for Issue #33, #34 and #35 contributed by Alexander
Rumyanstev.
0.7.7 - Fix for Issue #7 & #17 contributed by Michael G<>hler.
All IPs assigned to a single interface are now listened on.
- Fix for compile warning on OSX where daemon() is deprecated.
- Fix for Issue #15 - list.c OpenBSD segfault: change malloc
to calloc.
0.7.6 - Fix for Issue #13 where similar sequences are not detected
correctly.
0.7.5 - Added Greg Kuchyt's knock_add script but updated to be a
generic IPTables helper that also deletes rules
0.7.4 - Patches from Michael G<>hler
- Updated gitignore to include additional autoconf files.
- Updated Makefile to fix deprecated warning on CPPFLAG
-D_BSD_SOURCE.
0.7.3 - Patches from Jonathon Reinhart
- Fixed PCAP filter for PSH flag detection.
- Patches from Christos Triantafyllidis
- Updated FSF address.
0.7.2 - Patches from Paul Rogers
- Applied missing fixes from issue #16 - OpenBSD build
issues, reordering of headers, scoping DLT_LINUX_SLL for
Linux only, for -> while loop in sniff() cleanup.
0.7.1 - Patches from Paul Rogers
- Fixed issue #2 - SIGHUP (reload) now listens for new
sequences in the config file.
- Fixed issue #26 - knockd now fails if a malformed config
file is read during SIGHUP (reload).
0.7 - Patches from Oswald Buddenhagen:
- Document the 'target' configuration directive.
- Merging OS-specific networking code to reduce LOCs and the

9
Makefile.am
View File

@@ -1,12 +1,12 @@
AM_CPPFLAGS=-D_BSD_SOURCE
AM_CFLAGS=-g -Wall -pedantic -fno-exceptions
AM_CPPFLAGS=-D_DEFAULT_SOURCE
AM_CFLAGS=-g -Wall -pedantic -fno-exceptions -D_BSD_SOURCE
bin_PROGRAMS = knock
man_MANS = doc/knock.1
if BUILD_KNOCKD
sbin_PROGRAMS = knockd
dist_sbin_SCRIPTS = src/knock_helper_ipt.sh
man_MANS += doc/knockd.1
sysconf_DATA = knockd.conf
endif
@@ -14,9 +14,10 @@ endif
dist_doc_DATA = README.md TODO ChangeLog COPYING
knock_SOURCES = src/knock.c
knockd_SOURCES = src/knockd.c src/list.c src/list.h
knockd_SOURCES = src/knockd.c src/list.c src/list.h src/knock_helper_ipt.sh
%.1: %.1.in
sed -e "s/#VERSION#/$(VERSION)/" $< > $@
EXTRA_DIST = doc/knock.1 doc/knock.1.in doc/knockd.1 doc/knockd.1.in knockd.conf
CLEANFILES = $(man_MANS)

253
Makefile.in
View File

@@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.14.1 from Makefile.am.
# Makefile.in generated by automake 1.16.3 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# Copyright (C) 1994-2020 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,8 +15,19 @@
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -81,14 +92,13 @@ bin_PROGRAMS = knock$(EXEEXT)
@BUILD_KNOCKD_TRUE@sbin_PROGRAMS = knockd$(EXEEXT)
@BUILD_KNOCKD_TRUE@am__append_1 = doc/knockd.1
subdir = .
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/configure $(am__configure_deps) \
$(srcdir)/config.h.in depcomp $(dist_doc_DATA) COPYING \
ChangeLog TODO compile install-sh missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
$(am__configure_deps) $(am__dist_sbin_SCRIPTS_DIST) \
$(dist_doc_DATA) $(am__DIST_COMMON)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
@@ -96,8 +106,8 @@ CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \
"$(DESTDIR)$(man1dir)" "$(DESTDIR)$(docdir)" \
"$(DESTDIR)$(sysconfdir)"
"$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)" \
"$(DESTDIR)$(docdir)" "$(DESTDIR)$(sysconfdir)"
PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS)
am__dirstamp = $(am__leading_dot)dirstamp
am_knock_OBJECTS = src/knock.$(OBJEXT)
@@ -106,41 +116,7 @@ knock_LDADD = $(LDADD)
am_knockd_OBJECTS = src/knockd.$(OBJEXT) src/list.$(OBJEXT)
knockd_OBJECTS = $(am_knockd_OBJECTS)
knockd_LDADD = $(LDADD)
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo " CC " $@;
am__v_CC_1 =
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(knock_SOURCES) $(knockd_SOURCES)
DIST_SOURCES = $(knock_SOURCES) $(knockd_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__dist_sbin_SCRIPTS_DIST = src/knock_helper_ipt.sh
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -168,12 +144,50 @@ am__uninstall_files_from_dir = { \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
SCRIPTS = $(dist_sbin_SCRIPTS)
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__maybe_remake_depfiles = depfiles
am__depfiles_remade = src/$(DEPDIR)/knock.Po src/$(DEPDIR)/knockd.Po \
src/$(DEPDIR)/list.Po
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo " CC " $@;
am__v_CC_1 =
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(knock_SOURCES) $(knockd_SOURCES)
DIST_SOURCES = $(knock_SOURCES) $(knockd_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
man1dir = $(mandir)/man1
NROFF = nroff
MANS = $(man_MANS)
DATA = $(dist_doc_DATA) $(sysconf_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
$(LISP)config.h.in
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \
config.h.in
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
@@ -194,6 +208,8 @@ ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
AM_RECURSIVE_TARGETS = cscope
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in COPYING \
ChangeLog TODO compile depcomp install-sh missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@@ -207,6 +223,8 @@ am__post_remove_distdir = $(am__remove_distdir)
GZIP_ENV = --best
DIST_ARCHIVES = $(distdir).tar.xz
DIST_TARGETS = dist-xz
# Exists only to be overridden by the user if desired.
AM_DISTCHECK_DVI_TARGET = dvi
distuninstallcheck_listfiles = find . -type f -print
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
@@ -221,7 +239,6 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
@@ -229,9 +246,7 @@ DEPDIR = @DEPDIR@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -290,6 +305,7 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@@ -298,14 +314,16 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CPPFLAGS = -D_BSD_SOURCE
AM_CFLAGS = -g -Wall -pedantic -fno-exceptions
AM_CPPFLAGS = -D_DEFAULT_SOURCE
AM_CFLAGS = -g -Wall -pedantic -fno-exceptions -D_BSD_SOURCE
man_MANS = doc/knock.1 $(am__append_1)
@BUILD_KNOCKD_TRUE@dist_sbin_SCRIPTS = src/knock_helper_ipt.sh
@BUILD_KNOCKD_TRUE@sysconf_DATA = knockd.conf
dist_doc_DATA = README.md TODO ChangeLog COPYING
knock_SOURCES = src/knock.c
knockd_SOURCES = src/knockd.c src/list.c src/list.h
knockd_SOURCES = src/knockd.c src/list.c src/list.h src/knock_helper_ipt.sh
EXTRA_DIST = doc/knock.1 doc/knock.1.in doc/knockd.1 doc/knockd.1.in knockd.conf
CLEANFILES = $(man_MANS)
all: config.h
$(MAKE) $(AM_MAKEFLAGS) all-am
@@ -326,15 +344,14 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
echo ' $(SHELL) ./config.status'; \
$(SHELL) ./config.status;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -462,6 +479,41 @@ src/list.$(OBJEXT): src/$(am__dirstamp) src/$(DEPDIR)/$(am__dirstamp)
knockd$(EXEEXT): $(knockd_OBJECTS) $(knockd_DEPENDENCIES) $(EXTRA_knockd_DEPENDENCIES)
@rm -f knockd$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(knockd_OBJECTS) $(knockd_LDADD) $(LIBS)
install-dist_sbinSCRIPTS: $(dist_sbin_SCRIPTS)
@$(NORMAL_INSTALL)
@list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
$(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
done | \
sed -e 'p;s,.*/,,;n' \
-e 'h;s|.*|.|' \
-e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
{ d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
if ($$2 == $$4) { files[d] = files[d] " " $$1; \
if (++n[d] == $(am__install_max)) { \
print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
else { print "f", d "/" $$4, $$1 } } \
END { for (d in files) print "f", d, files[d] }' | \
while read type dir files; do \
if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
test -z "$$files" || { \
echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
$(INSTALL_SCRIPT) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
} \
; done
uninstall-dist_sbinSCRIPTS:
@$(NORMAL_UNINSTALL)
@list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 's,.*/,,;$(transform)'`; \
dir='$(DESTDIR)$(sbindir)'; $(am__uninstall_files_from_dir)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -470,9 +522,15 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/knock.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/knockd.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/list.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/knock.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/knockd.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/list.Po@am__quote@ # am--include-marker
$(am__depfiles_remade):
@$(MKDIR_P) $(@D)
@echo '# dummy' >$@-t && $(am__mv) $@-t $@
am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -634,7 +692,10 @@ distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
distdir: $(DISTFILES)
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
$(am__remove_distdir)
test -d "$(distdir)" || mkdir "$(distdir)"
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -674,7 +735,7 @@ distdir: $(DISTFILES)
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|| chmod -R a+r "$(distdir)"
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
$(am__post_remove_distdir)
dist-bzip2: distdir
@@ -688,18 +749,22 @@ dist-xz: distdir
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
$(am__post_remove_distdir)
dist-zstd: distdir
tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
$(am__post_remove_distdir)
dist-tarZ: distdir
@echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2
@echo WARNING: "Support for distribution archives compressed with" \
"legacy program 'compress' is deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__post_remove_distdir)
dist-shar: distdir
@echo WARNING: "Support for distribution archives compressed with" \
"legacy program 'compress' is deprecated." >&2
@echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
$(am__post_remove_distdir)
dist-zip: distdir
@@ -717,7 +782,7 @@ dist dist-all:
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lz*) \
@@ -727,25 +792,27 @@ distcheck: dist
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
*.tar.zst*) \
zstd -dc $(distdir).tar.zst | $(am__untar) ;;\
esac
chmod -R a-w $(distdir)
chmod u+w $(distdir)
mkdir $(distdir)/_build $(distdir)/_inst
mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
chmod a-w $(distdir)
test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
&& am__cwd=`pwd` \
&& $(am__cd) $(distdir)/_build \
&& ../configure \
&& $(am__cd) $(distdir)/_build/sub \
&& ../../configure \
$(AM_DISTCHECK_CONFIGURE_FLAGS) \
$(DISTCHECK_CONFIGURE_FLAGS) \
--srcdir=.. --prefix="$$dc_install_base" \
--srcdir=../.. --prefix="$$dc_install_base" \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \
&& $(MAKE) $(AM_MAKEFLAGS) check \
&& $(MAKE) $(AM_MAKEFLAGS) install \
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
@@ -798,9 +865,9 @@ distcleancheck: distclean
exit 1; } >&2
check-am: all-am
check: check-am
all-am: Makefile $(PROGRAMS) $(MANS) $(DATA) config.h
all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) $(DATA) config.h
installdirs:
for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(docdir)" "$(DESTDIR)$(sysconfdir)"; do \
for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(docdir)" "$(DESTDIR)$(sysconfdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -825,6 +892,7 @@ install-strip:
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
@@ -842,7 +910,9 @@ clean-am: clean-binPROGRAMS clean-generic clean-sbinPROGRAMS \
distclean: distclean-am
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -rf src/$(DEPDIR)
-rm -f src/$(DEPDIR)/knock.Po
-rm -f src/$(DEPDIR)/knockd.Po
-rm -f src/$(DEPDIR)/list.Po
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-hdr distclean-tags
@@ -865,8 +935,8 @@ install-dvi: install-dvi-am
install-dvi-am:
install-exec-am: install-binPROGRAMS install-sbinPROGRAMS \
install-sysconfDATA
install-exec-am: install-binPROGRAMS install-dist_sbinSCRIPTS \
install-sbinPROGRAMS install-sysconfDATA
install-html: install-html-am
@@ -891,7 +961,9 @@ installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -rf $(top_srcdir)/autom4te.cache
-rm -rf src/$(DEPDIR)
-rm -f src/$(DEPDIR)/knock.Po
-rm -f src/$(DEPDIR)/knockd.Po
-rm -f src/$(DEPDIR)/list.Po
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -908,21 +980,23 @@ ps: ps-am
ps-am:
uninstall-am: uninstall-binPROGRAMS uninstall-dist_docDATA \
uninstall-man uninstall-sbinPROGRAMS uninstall-sysconfDATA
uninstall-dist_sbinSCRIPTS uninstall-man \
uninstall-sbinPROGRAMS uninstall-sysconfDATA
uninstall-man: uninstall-man1
.MAKE: all install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am am--refresh check check-am clean \
clean-binPROGRAMS clean-cscope clean-generic \
.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles am--refresh check \
check-am clean clean-binPROGRAMS clean-cscope clean-generic \
clean-sbinPROGRAMS cscope cscopelist-am ctags ctags-am dist \
dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
dist-xz dist-zip distcheck distclean distclean-compile \
distclean-generic distclean-hdr distclean-tags distcleancheck \
distdir distuninstallcheck dvi dvi-am html html-am info \
info-am install install-am install-binPROGRAMS install-data \
install-data-am install-dist_docDATA install-dvi \
dist-xz dist-zip dist-zstd distcheck distclean \
distclean-compile distclean-generic distclean-hdr \
distclean-tags distcleancheck distdir distuninstallcheck dvi \
dvi-am html html-am info info-am install install-am \
install-binPROGRAMS install-data install-data-am \
install-dist_docDATA install-dist_sbinSCRIPTS install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-man1 install-pdf install-pdf-am install-ps \
@@ -931,8 +1005,11 @@ uninstall-man: uninstall-man1
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \
uninstall-dist_docDATA uninstall-man uninstall-man1 \
uninstall-sbinPROGRAMS uninstall-sysconfDATA
uninstall-dist_docDATA uninstall-dist_sbinSCRIPTS \
uninstall-man uninstall-man1 uninstall-sbinPROGRAMS \
uninstall-sysconfDATA
.PRECIOUS: Makefile
%.1: %.1.in

6
README.md
View File

@@ -41,12 +41,10 @@ can only be accessed after a successful knock sequence.
### KNOCKING CLIENTS
The accompanying knock client is very basic. If you want to do more advanced
knocks (eg, setting specific tcp flags) then you should take look at hping,
sendip or packit.
knocks (eg, setting specific tcp flags) then you should take look at more
powerful clients.
- [hping](http://freshmeat.net/projects/hping/)
- [sendip](http://freshmeat.net/projects/sendip/)
- [packit](http://freshmeat.net/projects/packit/)
### OTHER IMPLEMENTATIONS

221
aclocal.m4 vendored
View File

@@ -1,6 +1,6 @@
# generated automatically by aclocal 1.14.1 -*- Autoconf -*-
# generated automatically by aclocal 1.16.3 -*- Autoconf -*-
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,13 +14,13 @@
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],,
[m4_warning([this file was generated for autoconf 2.69.
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.71],,
[m4_warning([this file was generated for autoconf 2.71.
You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically 'autoreconf'.])])
# Copyright (C) 2002-2013 Free Software Foundation, Inc.
# Copyright (C) 2002-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -32,10 +32,10 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.])
# generated from the m4 files accompanying Automake X.Y.
# (This private macro should not be called outside this file.)
AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.14'
[am__api_version='1.16'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.14.1], [],
m4_if([$1], [1.16.3], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.14.1])dnl
[AM_AUTOMAKE_VERSION([1.16.3])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -103,15 +103,14 @@ _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# configured tree to be moved without reconfiguration.
AC_DEFUN([AM_AUX_DIR_EXPAND],
[dnl Rely on autoconf to set up CDPATH properly.
AC_PREREQ([2.50])dnl
# expand $ac_aux_dir to an absolute path
am_aux_dir=`cd $ac_aux_dir && pwd`
[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
# Expand $ac_aux_dir to an absolute path.
am_aux_dir=`cd "$ac_aux_dir" && pwd`
])
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2013 Free Software Foundation, Inc.
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -142,7 +141,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -333,13 +332,12 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
# Generate code to set up dependency tracking. -*- Autoconf -*-
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# _AM_OUTPUT_DEPENDENCY_COMMANDS
# ------------------------------
AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
@@ -347,49 +345,43 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
# Older Autoconf quotes --file arguments for eval, but not when files
# are listed without --file. Let's play safe and only enable the eval
# if we detect the quoting.
case $CONFIG_FILES in
*\'*) eval set x "$CONFIG_FILES" ;;
*) set x $CONFIG_FILES ;;
esac
# TODO: see whether this extra hack can be removed once we start
# requiring Autoconf 2.70 or later.
AS_CASE([$CONFIG_FILES],
[*\'*], [eval set x "$CONFIG_FILES"],
[*], [set x $CONFIG_FILES])
shift
for mf
# Used to flag and report bootstrapping failures.
am_rc=0
for am_mf
do
# Strip MF so we end up with the name of the file.
mf=`echo "$mf" | sed -e 's/:.*$//'`
# Check whether this is an Automake generated Makefile or not.
# We used to match only the files named 'Makefile.in', but
# some people rename them; so instead we look at the file content.
# Grep'ing the first line is not enough: some people post-process
# each Makefile.in and add a new line on top of each file to say so.
# Grep'ing the whole file is not good either: AIX grep has a line
am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'`
# Check whether this is an Automake generated Makefile which includes
# dependency-tracking related rules and includes.
# Grep'ing the whole file directly is not great: AIX grep has a line
# limit of 2048, but all sed's we know have understand at least 4000.
if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
dirpart=`AS_DIRNAME("$mf")`
else
continue
fi
# Extract the definition of DEPDIR, am__include, and am__quote
# from the Makefile without running 'make'.
DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
test -z "$DEPDIR" && continue
am__include=`sed -n 's/^am__include = //p' < "$mf"`
test -z "$am__include" && continue
am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
# Find all dependency output files, they are included files with
# $(DEPDIR) in their names. We invoke sed twice because it is the
# simplest approach to changing $(DEPDIR) to its actual value in the
# expansion.
for file in `sed -n "
s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
# Make sure the directory exists.
test -f "$dirpart/$file" && continue
fdir=`AS_DIRNAME(["$file"])`
AS_MKDIR_P([$dirpart/$fdir])
# echo "creating $dirpart/$file"
echo '# dummy' > "$dirpart/$file"
done
sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
|| continue
am_dirpart=`AS_DIRNAME(["$am_mf"])`
am_filepart=`AS_BASENAME(["$am_mf"])`
AM_RUN_LOG([cd "$am_dirpart" \
&& sed -e '/# am--include-marker/d' "$am_filepart" \
| $MAKE -f - am--depfiles]) || am_rc=$?
done
if test $am_rc -ne 0; then
AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
for automatic dependency tracking. If GNU make was not used, consider
re-running the configure script with MAKE="gmake" (or whatever is
necessary). You can also try re-running configure with the
'--disable-dependency-tracking' option to at least be able to build
the package (albeit without support for automatic dependency tracking).])
fi
AS_UNSET([am_dirpart])
AS_UNSET([am_filepart])
AS_UNSET([am_mf])
AS_UNSET([am_rc])
rm -f conftest-deps.mk
}
])# _AM_OUTPUT_DEPENDENCY_COMMANDS
@@ -398,18 +390,17 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
# -----------------------------
# This macro should only be invoked once -- use via AC_REQUIRE.
#
# This code is only required when automatic dependency tracking
# is enabled. FIXME. This creates each '.P' file that we will
# need in order to bootstrap the dependency handling code.
# This code is only required when automatic dependency tracking is enabled.
# This creates each '.Po' and '.Plo' makefile fragment that we'll need in
# order to bootstrap the dependency handling code.
AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
[AC_CONFIG_COMMANDS([depfiles],
[test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
[AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
])
[AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])])
# Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -496,11 +487,11 @@ AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
AC_REQUIRE([AC_PROG_MKDIR_P])dnl
# For better backward compatibility. To be removed once Automake 1.9.x
# dies out for good. For more background, see:
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
# We need awk for the "check" target. The system "awk" is bad on
# some platforms.
# We need awk for the "check" target (and possibly the TAP driver). The
# system "awk" is bad on some platforms.
AC_REQUIRE([AC_PROG_AWK])dnl
AC_REQUIRE([AC_PROG_MAKE_SET])dnl
AC_REQUIRE([AM_SET_LEADING_DOT])dnl
@@ -564,7 +555,7 @@ END
Aborting the configuration process, to ensure you take notice of the issue.
You can download and install GNU coreutils to get an 'rm' implementation
that behaves properly: <http://www.gnu.org/software/coreutils/>.
that behaves properly: <https://www.gnu.org/software/coreutils/>.
If you want to complete the configuration process using your problematic
'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
@@ -573,7 +564,11 @@ to "yes", and re-run configure.
END
AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
fi
fi])
fi
dnl The trailing newline in this macro's definition is deliberate, for
dnl backward compatibility and to allow trailing 'dnl'-style comments
dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841.
])
dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
@@ -602,7 +597,7 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -613,7 +608,7 @@ echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_co
# Define $install_sh.
AC_DEFUN([AM_PROG_INSTALL_SH],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
if test x"${install_sh}" != xset; then
if test x"${install_sh+set}" != xset; then
case $am_aux_dir in
*\ * | *\ *)
install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
@@ -623,7 +618,7 @@ if test x"${install_sh}" != xset; then
fi
AC_SUBST([install_sh])])
# Copyright (C) 2003-2013 Free Software Foundation, Inc.
# Copyright (C) 2003-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -644,7 +639,7 @@ AC_SUBST([am__leading_dot])])
# Check to see how 'make' treats includes. -*- Autoconf -*-
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -652,49 +647,42 @@ AC_SUBST([am__leading_dot])])
# AM_MAKE_INCLUDE()
# -----------------
# Check to see how make treats includes.
# Check whether make has an 'include' directive that can support all
# the idioms we need for our automatic dependency tracking code.
AC_DEFUN([AM_MAKE_INCLUDE],
[am_make=${MAKE-make}
cat > confinc << 'END'
[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive])
cat > confinc.mk << 'END'
am__doit:
@echo this is the am__doit target
@echo this is the am__doit target >confinc.out
.PHONY: am__doit
END
# If we don't find an include directive, just comment out the code.
AC_MSG_CHECKING([for style of include used by $am_make])
am__include="#"
am__quote=
_am_result=none
# First try GNU make style include.
echo "include confinc" > confmf
# Ignore all kinds of additional output from 'make'.
case `$am_make -s -f confmf 2> /dev/null` in #(
*the\ am__doit\ target*)
am__include=include
am__quote=
_am_result=GNU
;;
esac
# Now try BSD make style include.
if test "$am__include" = "#"; then
echo '.include "confinc"' > confmf
case `$am_make -s -f confmf 2> /dev/null` in #(
*the\ am__doit\ target*)
am__include=.include
am__quote="\""
_am_result=BSD
;;
esac
fi
AC_SUBST([am__include])
AC_SUBST([am__quote])
AC_MSG_RESULT([$_am_result])
rm -f confinc confmf
])
# BSD make does it like this.
echo '.include "confinc.mk" # ignored' > confmf.BSD
# Other make implementations (GNU, Solaris 10, AIX) do it like this.
echo 'include confinc.mk # ignored' > confmf.GNU
_am_result=no
for s in GNU BSD; do
AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out])
AS_CASE([$?:`cat confinc.out 2>/dev/null`],
['0:this is the am__doit target'],
[AS_CASE([$s],
[BSD], [am__include='.include' am__quote='"'],
[am__include='include' am__quote=''])])
if test "$am__include" != "#"; then
_am_result="yes ($s style)"
break
fi
done
rm -f confinc.* confmf.*
AC_MSG_RESULT([${_am_result}])
AC_SUBST([am__include])])
AC_SUBST([am__quote])])
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
# Copyright (C) 1997-2013 Free Software Foundation, Inc.
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -715,12 +703,7 @@ AC_DEFUN([AM_MISSING_HAS_RUN],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
AC_REQUIRE_AUX_FILE([missing])dnl
if test x"${MISSING+set}" != xset; then
case $am_aux_dir in
*\ * | *\ *)
MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
*)
MISSING="\${SHELL} $am_aux_dir/missing" ;;
esac
MISSING="\${SHELL} '$am_aux_dir/missing'"
fi
# Use eval to expand $SHELL
if eval "$MISSING --is-lightweight"; then
@@ -733,7 +716,7 @@ fi
# Helper functions for option handling. -*- Autoconf -*-
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -762,7 +745,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -809,7 +792,7 @@ AC_LANG_POP([C])])
# For backward compatibility.
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -828,7 +811,7 @@ AC_DEFUN([AM_RUN_LOG],
# Check to make sure that the build environment is sane. -*- Autoconf -*-
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -909,7 +892,7 @@ AC_CONFIG_COMMANDS_PRE(
rm -f conftest.file
])
# Copyright (C) 2009-2013 Free Software Foundation, Inc.
# Copyright (C) 2009-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -969,7 +952,7 @@ AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
])
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -997,7 +980,7 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
# Copyright (C) 2006-2013 Free Software Foundation, Inc.
# Copyright (C) 2006-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1016,7 +999,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# Check how to create a tarball. -*- Autoconf -*-
# Copyright (C) 2004-2013 Free Software Foundation, Inc.
# Copyright (C) 2004-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

17
compile
View File

@@ -1,9 +1,9 @@
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
scriptversion=2012-10-14.11; # UTC
scriptversion=2018-03-07.03; # UTC
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@ scriptversion=2012-10-14.11; # UTC
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -53,7 +53,7 @@ func_file_conv ()
MINGW*)
file_conv=mingw
;;
CYGWIN*)
CYGWIN* | MSYS*)
file_conv=cygwin
;;
*)
@@ -67,7 +67,7 @@ func_file_conv ()
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
cygwin/*)
cygwin/* | msys/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
@@ -255,7 +255,8 @@ EOF
echo "compile $scriptversion"
exit $?
;;
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
@@ -339,9 +340,9 @@ exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:

112
config.h.in
View File

@@ -6,12 +6,15 @@
/* Define to 1 if you have the `pcap' library (-lpcap). */
#undef HAVE_LIBPCAP
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the <minix/config.h> header file. */
#undef HAVE_MINIX_CONFIG_H
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdio.h> header file. */
#undef HAVE_STDIO_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
@@ -30,6 +33,9 @@
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Define to 1 if you have the <wchar.h> header file. */
#undef HAVE_WCHAR_H
/* Name of package */
#undef PACKAGE
@@ -51,40 +57,98 @@
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Define to 1 if you have the ANSI C header files. */
/* Define to 1 if all of the C90 standard headers exist (not just the ones
required in a freestanding environment). This macro is provided for
backward compatibility; new code need not use it. */
#undef STDC_HEADERS
/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
# undef _ALL_SOURCE
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# undef _GNU_SOURCE
#endif
/* Enable threading extensions on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# undef _POSIX_PTHREAD_SEMANTICS
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# undef _TANDEM_SOURCE
/* Enable general extensions on macOS. */
#ifndef _DARWIN_C_SOURCE
# undef _DARWIN_C_SOURCE
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# undef __EXTENSIONS__
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# undef _GNU_SOURCE
#endif
/* Enable X/Open compliant socket functions that do not require linking
with -lxnet on HP-UX 11.11. */
#ifndef _HPUX_ALT_XOPEN_SOCKET_API
# undef _HPUX_ALT_XOPEN_SOCKET_API
#endif
/* Identify the host operating system as Minix.
This macro does not affect the system headers' behavior.
A future release of Autoconf may stop defining this macro. */
#ifndef _MINIX
# undef _MINIX
#endif
/* Enable general extensions on NetBSD.
Enable NetBSD compatibility extensions on Minix. */
#ifndef _NETBSD_SOURCE
# undef _NETBSD_SOURCE
#endif
/* Enable OpenBSD compatibility extensions on NetBSD.
Oddly enough, this does nothing on OpenBSD. */
#ifndef _OPENBSD_SOURCE
# undef _OPENBSD_SOURCE
#endif
/* Define to 1 if needed for POSIX-compatible behavior. */
#ifndef _POSIX_SOURCE
# undef _POSIX_SOURCE
#endif
/* Define to 2 if needed for POSIX-compatible behavior. */
#ifndef _POSIX_1_SOURCE
# undef _POSIX_1_SOURCE
#endif
/* Enable POSIX-compatible threading on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# undef _POSIX_PTHREAD_SEMANTICS
#endif
/* Enable extensions specified by ISO/IEC TS 18661-5:2014. */
#ifndef __STDC_WANT_IEC_60559_ATTRIBS_EXT__
# undef __STDC_WANT_IEC_60559_ATTRIBS_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-1:2014. */
#ifndef __STDC_WANT_IEC_60559_BFP_EXT__
# undef __STDC_WANT_IEC_60559_BFP_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-2:2015. */
#ifndef __STDC_WANT_IEC_60559_DFP_EXT__
# undef __STDC_WANT_IEC_60559_DFP_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-4:2015. */
#ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__
# undef __STDC_WANT_IEC_60559_FUNCS_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */
#ifndef __STDC_WANT_IEC_60559_TYPES_EXT__
# undef __STDC_WANT_IEC_60559_TYPES_EXT__
#endif
/* Enable extensions specified by ISO/IEC TR 24731-2:2010. */
#ifndef __STDC_WANT_LIB_EXT2__
# undef __STDC_WANT_LIB_EXT2__
#endif
/* Enable extensions specified by ISO/IEC 24747:2009. */
#ifndef __STDC_WANT_MATH_SPEC_FUNCS__
# undef __STDC_WANT_MATH_SPEC_FUNCS__
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# undef _TANDEM_SOURCE
#endif
/* Enable X/Open extensions. Define to 500 only if necessary
to make mbstate_t available. */
#ifndef _XOPEN_SOURCE
# undef _XOPEN_SOURCE
#endif
/* Version number of package */
#undef VERSION
/* Define to 1 if on MINIX. */
#undef _MINIX
/* Define to 2 if the system does not provide POSIX.1 features except with
this defined. */
#undef _POSIX_1_SOURCE
/* Define to 1 if you need to in order for `stat' and other things to work. */
#undef _POSIX_SOURCE

3212
configure vendored
View File

File diff suppressed because it is too large Load Diff

2
configure.ac
View File

@@ -1,5 +1,5 @@
AC_PREREQ(2.60)
AC_INIT([knock], [0.7], [https://github.com/jvinet/knock/issues])
AC_INIT([knock], [0.8], [https://github.com/jvinet/knock/issues])
AM_INIT_AUTOMAKE([dist-xz no-dist-gzip foreign subdir-objects])
AC_CONFIG_HEADER([config.h])

2
debian/README.Debian vendored Normal file
View File

@@ -0,0 +1,2 @@
To enable knockd edit /etc/knockd.conf and /etc/default/knockd first.

168
debian/changelog vendored Normal file
View File

@@ -0,0 +1,168 @@
knockd (0.8-2) unstable; urgency=medium
* [688ef43f] systemd: downgrade ProtectSystem to "true" from "full"
(Closes: #927883)
-- Leo Antunes <costela@debian.org> Tue, 02 Nov 2021 23:40:19 +0100
knockd (0.8-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/changelog: Remove trailing whitespaces
* d/control: Remove trailing whitespaces
* d/control: Fix wrong Vcs-*
[ Leo Antunes ]
* [ab774823] debian: update VCS fields
* [6cf96b87] debian: bump to up-to-date formats overall
* [74aada02] New upstream version 0.8
* [75a1e52e] debian: add gbp.conf
* [15d6b105] drop reap_child_procs.patch (merged upstream)
* [3ef12dba] update patches for improved DEP3
* [e87735fc] d.knockd.service: ensure service is enabled (Closes: #868015)
* [07da25fb] d/upstream/metadata: add
* [bfe2e959] d/rules: remove old dh options
* [3009b440] d/control: remove unnecessary deps
* [a626515f] d/rules: fix permissions for /etc/knockd.conf (Closes: #902022)
* [614debf1] d/control: use HTTPS for Vcs-Git URL
* [ca7bf832] d/knockd.service: only start when online
* [7495e2b1] d/patches: fix manpage to match debian config
* [e09f46d2] d/copyright: add missing license block
* [e10d4e01] d/control: switch from d/compat to debhelper-compat dep
-- Leo Antunes <costela@debian.org> Tue, 19 Oct 2021 12:10:26 +0200
knockd (0.7-1) unstable; urgency=medium
* [b2567e28] New upstream version 0.7 (closes: #761853)
- adds timeout to pcap_open_live (closes: #816388, #308078)
* [48f78ca5] bump policy to 3.9.8 (no changes)
* [0b63eacb] update homepage url
* [86381cd5] migrate to dh short notation
* [4a38db8d] drop patches/include_limits_h: fixed upstream
* [42ec7481] drop patches/manpage_cmd_timeout: fixed upstream
* [733d82a7] switch to source/format 3.0 (quilt)
* [bfc99c1f] add systemd support (closes: #729663)
* [197eb24d] init: add dependency on $remote_fs
* [848daeab] add hardening flags
* [5c686b87] remove knock client docs from installation
* [805dec71] debian/control: add VCS URL
* [14a9bb3f] add watch file
-- Leo Antunes <costela@debian.org> Sat, 08 Oct 2016 16:05:00 +0200
knockd (0.5-3) unstable; urgency=low
* debian/patches/include_limits_h.patch: add explicit include for
limits.h (closes: #518882)
* debian/control:
- bump policy to 3.8.0 (no changes)
- bump debhelper build-dep to 7
* debian/compat: bump to 7
* debian/copyright: add version to common-licences reference
-- Leo Costela <costela@debian.org> Tue, 10 Mar 2009 00:27:42 +0100
knockd (0.5-2) unstable; urgency=low
* acknoledge NMU (thanks Francesco!)
* debian/patches:
- add manpage_cmd_timeout.patch (closes: #418842) (thanks Bernd Zeimetz)
- add syslog_facility_daemon.patch to log to facility DAEMON
- change default_config.patch to use SysLog by default (closes: #299789)
* debian/logrotate: removed (see above)
* debian/control:
- add Homepage field and correct address (closes:#435568)
- update to policy 3.7.3 (no changes)
- bump dependency on debhelper to >=5
- add build-dep on autotools-dev to update config.{sub,guess}
- remove unused misc:Depends
* debian/compat: bump to 5
* debian/init:
- include LSB session
- overhaul and 'LSB-zation'
- fail to start gracefully, enabling upgrades in case of failure
(closes: #399662)
-- Leo Costela <costela@debian.org> Sun, 09 Dec 2007 01:54:11 +0100
knockd (0.5-1.1) unstable; urgency=high
* NMU
* Fixing wrong SIGCHLD reaper with knockd.patch. It causes a lot of zombies around due to use of a simple wait().
This patch should go upstream, too.
(closes: #373009)
-- Francesco Paolo Lovergine <frankie@debian.org> Tue, 7 Nov 2006 21:16:30 +0100
knockd (0.5-1) unstable; urgency=low
* New upstream release
* Fixed typo in changelog
* Included logrotate script (sorry for the stupid delay) (closes: #299789)
* Changed build system to CDBS
* Changed default permissions of config file to 640 root.root
-- Leo Costela <costela@debian.org> Wed, 06 Jul 2005 17:53:24 -0300
knockd (0.4-1) unstable; urgency=low
* New upstream release
-- Leo Costela <costela@debian.org> Tue, 18 Jan 2005 09:19:20 -0300
knockd (0.3.1-1) unstable; urgency=low
* New upstream release
-- Leo Costela <costela@debian.org> Fri, 17 Sep 2004 10:08:42 -0300
knockd (0.3-2) unstable; urgency=low
* debian/control: add a few infos (closes: #271719)
* debian/init, debian/default: made option handling in default file more
generic (closes: #271718)
* debian/rules: corrected unpatch logic (closes: #271720)
* all of the above are thanks: Javier Fernández-Sanguino Peña
<jfs@computer.org>
* corrected the time zone in the changelog
-- Leo Costela <costela@debian.org> Tue, 14 Sep 2004 17:21:35 -0300
knockd (0.3-1) unstable; urgency=low
* New upstream release
* Corrected config and example files to point to /sbin/iptables (closes: #247519)
* Corrected debian/rules to make propper use of CFLAGS (I could have sworn
it was working here)
* Added an INTERFACE directive to /etc/default/knockd (closes: #248022)
* Changed build-dep from libpcap-dev to libpcap0.8-dev to reflect source
changes
-- Leo Costela <costela@debian.org> Fri, 07 May 2004 17:35:46 -0300
knockd (0.2.1-2) unstable; urgency=low
* Corrected init-script logic and removed extra lines
-- Leo Costela <costela@debian.org> Mon, 26 Apr 2004 08:48:06 -0300
knockd (0.2.1-1) unstable; urgency=low
* New uptream version
* First Debian release (closes: #243838)
-- Leo Costela <costela@debian.org> Thu, 15 Apr 2004 22:52:05 -0300
knockd (0.2-1) unstable; urgency=low
* New upstream version
* Patch incorporated into upstream
-- Leo Costela <costela@debian.org> Thu, 15 Apr 2004 22:52:05 -0300
knockd (0.1-1) unstable; urgency=low
* First Debian package
-- Leo Costela <costela@debian.org> Wed, 14 Apr 2004 22:52:05 -0300

21
debian/control vendored Normal file
View File

@@ -0,0 +1,21 @@
Source: knockd
Section: net
Priority: optional
Maintainer: Leo Antunes <costela@debian.org>
Build-Depends: debhelper-compat (= 13), libpcap0.8-dev
Standards-Version: 4.6.0.1
Homepage: http://www.zeroflux.org/projects/knock
Vcs-Git: https://salsa.debian.org/debian/knockd.git
Vcs-Browser: https://salsa.debian.org/debian/knockd
Package: knockd
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate, lsb-base (>= 11.0.0)
Description: small port-knock daemon
A port-knock server that listens to all traffic on a given network
interface (only Ethernet and PPP are currently supported), looking for
a special "knock" sequences of port-hits. A remote system
makes these port-hits by sending a TCP (or UDP) packet to a port on the
server. When the server detects a specific sequence of port-hits, it
runs a command defined in its configuration file. This can be used to
open up holes in a firewall for quick access.

32
debian/copyright vendored Normal file
View File

@@ -0,0 +1,32 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: knock
Upstream-Contact: Judd Vinet <jvinet@zeroflux.org>
Source: https://github.com/jvinet/knock
Files-Excluded:
.git
Files: *
Copyright: 2004-2021 Judd Vinet <jvinet@zeroflux.org>
License: GPL-2
Files: debian/*
Copyright: 2004-2021 Leo Antunes <costela@debian.org>
License: GPL-2
License: GPL-2
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
.
On Debian systems, the complete text of the Apache version 2.0 license
can be found in "/usr/share/common-licenses/Apache-2.0".

8
debian/default vendored Normal file
View File

@@ -0,0 +1,8 @@
# control if we start knockd at init or not
# 1 = start
# anything else = don't start
# PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
START_KNOCKD=0
# command line options
#KNOCKD_OPTS="-i eth1"

4
debian/gbp.conf vendored Normal file
View File

@@ -0,0 +1,4 @@
[DEFAULT]
debian-branch = master
dist = DEP14
pristine-tar = True

71
debian/knockd.init vendored Normal file
View File

@@ -0,0 +1,71 @@
#! /bin/sh
### BEGIN INIT INFO
# Provides: knockd
# Required-Start: $network $syslog $remote_fs
# Required-Stop: $network $syslog $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: port-knock daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/knockd
NAME=knockd
PIDFILE=/var/run/$NAME.pid
DEFAULTS_FILE=/etc/default/knockd
DESC="Port-knock daemon"
OPTIONS=" -d"
umask 0037
test -f $DAEMON || exit 0
set -e
[ -f $DEFAULTS_FILE ] && . $DEFAULTS_FILE
. /lib/lsb/init-functions
[ "$KNOCKD_OPTS" ] && OPTIONS="$OPTIONS $KNOCKD_OPTS"
start_if_configured() {
if [ $START_KNOCKD -ne 1 ]; then
log_warning_msg "$NAME disabled: not starting. To enable it edit $DEFAULTS_FILE"
exit 0
else
log_daemon_msg "Starting $DESC" "$NAME"
if ! START_ERROR=`start-stop-daemon --start --oknodo --quiet --exec $DAEMON -- $OPTIONS 2>&1`; then
# don't fail the upgrade if it fails to start
echo -n " "
log_action_end_msg 1 "$START_ERROR"
exit 0
else
log_end_msg 0
fi
fi
}
case "$1" in
start)
start_if_configured
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
log_end_msg 0
;;
restart|reload|force-reload)
log_daemon_msg "Stopping $DESC" "$NAME"
start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
log_end_msg 0
sleep 1
start_if_configured
;;
*)
log_warning_msg "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0

17
debian/knockd.service vendored Normal file
View File

@@ -0,0 +1,17 @@
[Unit]
Description=Port-Knock Daemon
After=network-online.target
Wants=network-online.target
Documentation=man:knockd(1)
[Service]
EnvironmentFile=-/etc/default/knockd
ExecStart=/usr/sbin/knockd $KNOCKD_OPTS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
SuccessExitStatus=0 2 15
ProtectSystem=true
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_MODULE
[Install]
WantedBy=multi-user.target

28
debian/patches/0003-fix-manpage-to-match-debian-config.patch vendored Normal file
View File

@@ -0,0 +1,28 @@
From: Leo Antunes <costela@debian.org>
Date: Mon, 18 Oct 2021 23:57:32 +0200
Subject: fix manpage to match debian config
---
doc/knockd.1.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/knockd.1.in b/doc/knockd.1.in
index b69ca06..28d43ec 100644
--- a/doc/knockd.1.in
+++ b/doc/knockd.1.in
@@ -63,13 +63,13 @@ firewall and would like to access it discreetly.
sequence = 7000,8000,9000
seq_timeout = 10
tcpflags = syn
- command = /usr/sbin/iptables \-A INPUT \-s %IP% \-\-dport 22 \-j ACCEPT
+ command = /sbin/iptables \-A INPUT \-s %IP% \-\-dport 22 \-j ACCEPT
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 10
tcpflags = syn
- command = /usr/sbin/iptables \-D INPUT \-s %IP% \-\-dport 22 \-j ACCEPT
+ command = /sbin/iptables \-D INPUT \-s %IP% \-\-dport 22 \-j ACCEPT
.fi
.RE

32
debian/patches/default_config.patch vendored Normal file
View File

@@ -0,0 +1,32 @@
From: Leo Antunes <costela@debian.org>
Date: Mon, 18 Oct 2021 23:17:54 +0200
Subject: Adapt default config for debian
---
knockd.conf | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/knockd.conf b/knockd.conf
index 7770027..13d4347 100644
--- a/knockd.conf
+++ b/knockd.conf
@@ -1,16 +1,16 @@
[options]
- logfile = /var/log/knockd.log
+ UseSyslog
[openSSH]
sequence = 7000,8000,9000
seq_timeout = 5
- command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
+ command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 5
- command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
+ command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
[openHTTPS]

3
debian/patches/series vendored Normal file
View File

@@ -0,0 +1,3 @@
default_config.patch
syslog_facility_daemon.patch
0003-fix-manpage-to-match-debian-config.patch

22
debian/patches/syslog_facility_daemon.patch vendored Normal file
View File

@@ -0,0 +1,22 @@
From: Leo Antunes <costela@debian.org>
Date: Mon, 18 Oct 2021 23:17:54 +0200
Subject: change syslog facility to daemon
this is currently hardcoded
---
src/knockd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/knockd.c b/src/knockd.c
index e607b6c..bd991c8 100644
--- a/src/knockd.c
+++ b/src/knockd.c
@@ -229,7 +229,7 @@ int main(int argc, char **argv)
strncpy(o_int, "eth0", sizeof(o_int)); /* no explicit termination needed */
}
if(o_usesyslog) {
- openlog("knockd", 0, LOG_USER);
+ openlog("knockd", 0, LOG_DAEMON);
}
if(strlen(o_logfile)) {
/* open the log file */

23
debian/rules vendored Executable file
View File

@@ -0,0 +1,23 @@
#!/usr/bin/make -f
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed,--no-undefined,--no-add-needed
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/buildflags.mk
%:
dh $@
override_dh_install:
dh_install
# original installation has duplicate docs for knock and knockd
rm -rf debian/knockd/usr/share/doc/knock
# be more restrictive
chmod 0600 debian/knockd/etc/knockd.conf
# the standard config is unsafe
override_dh_installsystemd:
dh_installsystemd --no-enable --no-start
override_dh_installinit:
dh_installinit --no-start

1
debian/source/format vendored Normal file
View File

@@ -0,0 +1 @@
3.0 (quilt)

5
debian/upstream/metadata vendored Normal file
View File

@@ -0,0 +1,5 @@
---
Bug-Database: https://github.com/jvinet/knock/issues
Bug-Submit: https://github.com/jvinet/knock/issues/new
Repository: https://github.com/jvinet/knock.git
Repository-Browse: https://github.com/jvinet/knock

3
debian/watch vendored Normal file
View File

@@ -0,0 +1,3 @@
version=4
opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/knock-$1\.tar\.gz/ \
https://github.com/jvinet/knock/tags .*/v?(\d\S+)\.tar\.gz

10
depcomp
View File

@@ -1,9 +1,9 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
scriptversion=2013-05-30.07; # UTC
scriptversion=2018-03-07.03; # UTC
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,7 +16,7 @@ scriptversion=2013-05-30.07; # UTC
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -783,9 +783,9 @@ exit 0
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:

12
doc/knock.1.in
View File

@@ -1,4 +1,4 @@
.TH knock 1 "June 26, 2005" "knockd #VERSION#" ""
.TH knockd 1 "April 22, 2021" "knockd #VERSION#" ""
.SH NAME
knock \- port-knock client
.SH SYNOPSIS
@@ -18,9 +18,15 @@ can specify the protocol on a per-port basis. See the example below.
.B "\-d <t>, \-\-delay <t>"
Wait <t> milliseconds between each port hit. This can be used in situations
where a router mistakes your stream of SYN packets as a port scan and blocks
them. If the packet rate is slowed with --delay, then the router should let
them. If the packet rate is slowed with \-\-delay, then the router should let
the packets through.
.TP
.B "\-4, \-\-ipv4 <version>"
Force usage of IPv4.
.TP
.B "\-6, \-\-ipv6 <version>"
Force usage of IPv6.
.TP
.B "\-v, \-\-verbose"
Output verbose status messages.
.TP
@@ -32,7 +38,7 @@ Syntax help.
.SH EXAMPLES
.nf
knock myserver.example.com 123:tcp 456:udp 789:tcp
knock -u myserver.example.com 8284 4721 18592 42912
knock \-u myserver.example.com 8284 4721 18592 42912
.fi
.SH SEE ALSO
\fBknockd\fP is the accompanying port-knock server.

58
doc/knockd.1.in
View File

@@ -1,4 +1,4 @@
.TH knockd 1 "June 26, 2005" "knockd #VERSION#" ""
.TH knockd 1 "April 22, 2021" "knockd #VERSION#" ""
.SH NAME
knockd \- port-knock server
.SH SYNOPSIS
@@ -25,12 +25,15 @@ Specify an alternate location for the config file. Default is
\fI/etc/knockd.conf\fP.
.TP
.B "\-D, \-\-debug"
Ouput debugging messages.
Output debugging messages.
.TP
.B "\-l, \-\-lookup"
Lookup DNS names for log entries. This may be a security risk! See section
\fBSECURITY NOTES\fP.
.TP
.B "\-4, \-\-only-ip-v4"
Ignore packets from IPv6 and handle only IPv4.
.TP
.B "\-v, \-\-verbose"
Output verbose status messages.
.TP
@@ -60,13 +63,13 @@ firewall and would like to access it discreetly.
sequence = 7000,8000,9000
seq_timeout = 10
tcpflags = syn
command = /usr/sbin/iptables -A INPUT -s %IP% --dport 22 -j ACCEPT
command = /usr/sbin/iptables \-A INPUT \-s %IP% \-\-dport 22 \-j ACCEPT
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 10
tcpflags = syn
command = /usr/sbin/iptables -D INPUT -s %IP% --dport 22 -j ACCEPT
command = /usr/sbin/iptables \-D INPUT \-s %IP% \-\-dport 22 \-j ACCEPT
.fi
.RE
@@ -87,9 +90,9 @@ and TCP ports.
sequence = 2222:udp,3333:tcp,4444:udp
seq_timeout = 15
tcpflags = syn,ack
start_command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --syn -j ACCEPT
start_command = /usr/sbin/iptables \-A INPUT \-s %IP% \-p tcp \-\-syn \-j ACCEPT
cmd_timeout = 5
stop_command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --syn -j ACCEPT
stop_command = /usr/sbin/iptables \-D INPUT \-s %IP% \-p tcp \-\-syn \-j ACCEPT
.fi
.RE
@@ -112,9 +115,30 @@ sniffing the network).
one_time_sequences = /etc/knockd/smtp_sequences
seq_timeout = 15
tcpflags = fin,!ack
start_command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 25 -j ACCEPT
start_command = /usr/sbin/iptables \-A INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
cmd_timeout = 5
stop_command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 25 -j ACCEPT
stop_command = /usr/sbin/iptables \-D INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
.fi
.TP
.SH Example #4:
.RS
Example to support IPv4 and IPv6. You can provide a dedicated command for each
of the two protocols.
.nf
[options]
logfile = /var/log/knockd.log
[opencloseSMTP]
one_time_sequences = /etc/knockd/smtp_sequences
seq_timeout = 15
tcpflags = fin,!ack
start_command = /usr/sbin/iptables \-A INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
start_command_6 = /usr/sbin/ip6tables \-A INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
cmd_timeout = 5
stop_command = /usr/sbin/iptables \-D INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
stop_command_6 = /usr/sbin/ip6tables \-D INPUT \-s %IP% \-p tcp \-\-dport 25 \-j ACCEPT
.fi
.RE
@@ -181,10 +205,18 @@ etherwake to send the host a WOL packet.
.TP
.B "Start_Command = <command>"
Specify the command to be executed when a client makes the correct
port-knock. All instances of \fB%IP%\fP will be replaced with the
port-knock with IPv4. All instances of \fB%IP%\fP will be replaced with the
knocker's IP address. The \fBCommand\fP directive is an alias for
\fBStart_Command\fP.
.TP
.B "Start_Command_6 = <command>"
Specify the command to be executed when a client makes the correct
port-knock with IPv6. All instances of \fB%IP%\fP will be replaced with the
knocker's IP address. The \fBCommand_6\fP directive is an alias for
\fBStart_Command_6\fP. If not present it will automatically fallback onto
the same IPV4 \fBStart_Command\fP value. You can use empty value to force
doing nothing.
.TP
.B "Cmd_Timeout = <timeout>"
Time to wait (in seconds) between \fBStart_Command\fP and \fBStop_Command\fP.
This directive is optional, only required if \fBStop_Command\fP is used.
@@ -193,6 +225,14 @@ This directive is optional, only required if \fBStop_Command\fP is used.
Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed
since \fBStart_Command\fP has been executed. All instances of \fB%IP%\fP will
be replaced with the knocker's IP address. This directive is optional.
.TP
.B "Stop_Command_6 = <command>"
Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed
since \fBStart_Command_6\fP has been executed. All instances of \fB%IP%\fP will
be replaced with the knocker's IP address. This directive is optional.
If not present it will automatically fallback onto the same IPV4
\fBStop_Command\fP value. You can use empty value to force
doing nothing.
.SH SECURITY NOTES
Using the \fB-l\fP or \fB--lookup\fP commandline option to resolve DNS names
for log entries may be a security risk! An attacker may find out the first port

414
install-sh
View File

@@ -1,7 +1,7 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2011-11-20.07; # UTC
scriptversion=2020-11-14.01; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
@@ -41,19 +41,15 @@ scriptversion=2011-11-20.07; # UTC
# This script is compatible with the BSD install script, but was written
# from scratch.
tab=' '
nl='
'
IFS=" "" $nl"
IFS=" $tab$nl"
# set DOITPROG to echo to test this script
# Set DOITPROG to "echo" to test this script.
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit=${DOITPROG-}
if test -z "$doit"; then
doit_exec=exec
else
doit_exec=$doit
fi
doit_exec=${doit:-exec}
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
@@ -68,22 +64,16 @@ mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip}
posix_glob='?'
initialize_posix_glob='
test "$posix_glob" != "?" || {
if (set -f) 2>/dev/null; then
posix_glob=
else
posix_glob=:
fi
}
'
posix_mkdir=
# Desired mode of installed file.
mode=0755
# Create dirs (including intermediate dirs) using mode 755.
# This is like GNU 'install' as of coreutils 8.32 (2020).
mkdir_umask=22
backupsuffix=
chgrpcmd=
chmodcmd=$chmodprog
chowncmd=
@@ -97,7 +87,7 @@ dir_arg=
dst_arg=
copy_on_change=false
no_target_directory=
is_target_a_directory=possibly
usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
@@ -114,18 +104,28 @@ Options:
--version display version info and exit.
-c (ignored)
-C install only if different (preserve the last data modification time)
-C install only if different (preserve data modification time)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
-p pass -p to $cpprog.
-s $stripprog installed files.
-S SUFFIX attempt to back up existing files, with suffix SUFFIX.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
RMPROG STRIPPROG
By default, rm is invoked with -f; when overridden with RMPROG,
it's up to you to specify -f if you want it.
If -S is not specified, no backups are attempted.
Email bug reports to bug-automake@gnu.org.
Automake home page: https://www.gnu.org/software/automake/
"
while test $# -ne 0; do
@@ -137,46 +137,62 @@ while test $# -ne 0; do
-d) dir_arg=true;;
-g) chgrpcmd="$chgrpprog $2"
shift;;
shift;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
case $mode in
*' '* | *' '* | *'
'* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
case $mode in
*' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
-o) chowncmd="$chownprog $2"
shift;;
shift;;
-p) cpprog="$cpprog -p";;
-s) stripcmd=$stripprog;;
-t) dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-S) backupsuffix="$2"
shift;;
-T) no_target_directory=true;;
-t)
is_target_a_directory=always
dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-T) is_target_a_directory=never;;
--version) echo "$0 $scriptversion"; exit $?;;
--) shift
break;;
--) shift
break;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
*) break;;
esac
shift
done
# We allow the use of options -d and -T together, by making -d
# take the precedence; this is for compatibility with GNU install.
if test -n "$dir_arg"; then
if test -n "$dst_arg"; then
echo "$0: target directory not allowed when installing a directory." >&2
exit 1
fi
fi
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
@@ -207,6 +223,15 @@ if test $# -eq 0; then
exit 0
fi
if test -z "$dir_arg"; then
if test $# -gt 1 || test "$is_target_a_directory" = always; then
if test ! -d "$dst_arg"; then
echo "$0: $dst_arg: Is not a directory." >&2
exit 1
fi
fi
fi
if test -z "$dir_arg"; then
do_exit='(exit $ret); exit $ret'
trap "ret=129; $do_exit" 1
@@ -223,16 +248,16 @@ if test -z "$dir_arg"; then
*[0-7])
if test -z "$stripcmd"; then
u_plus_rw=
u_plus_rw=
else
u_plus_rw='% 200'
u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
u_plus_rw=
u_plus_rw=
else
u_plus_rw=,u+rw
u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
@@ -250,6 +275,10 @@ do
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
# Don't chown directories that already exist.
if test $dstdir_status = 0; then
chowncmd=""
fi
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
@@ -266,178 +295,148 @@ do
fi
dst=$dst_arg
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
# If destination is a directory, append the input filename.
if test -d "$dst"; then
if test -n "$no_target_directory"; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
if test "$is_target_a_directory" = never; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstbase=`basename "$src"`
case $dst in
*/) dst=$dst$dstbase;;
*) dst=$dst/$dstbase;;
esac
dstdir_status=0
else
# Prefer dirname, but fall back on a substitute if dirname fails.
dstdir=`
(dirname "$dst") 2>/dev/null ||
expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$dst" : 'X\(//\)[^/]' \| \
X"$dst" : 'X\(//\)$' \| \
X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
echo X"$dst" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'
`
dstdir=`dirname "$dst"`
test -d "$dstdir"
dstdir_status=$?
fi
fi
case $dstdir in
*/) dstdirslash=$dstdir;;
*) dstdirslash=$dstdir/;;
esac
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
posix_mkdir=false
# The $RANDOM variable is not portable (e.g., dash). Use it
# here however when possible just to lower collision chance.
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
trap '
ret=$?
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null
exit $ret
' 0
# Because "mkdir -p" follows existing symlinks and we likely work
# directly in world-writeable /tmp, make sure that the '$tmpdir'
# directory is successfully created first before we actually test
# 'mkdir -p'.
if (umask $mkdir_umask &&
$mkdirprog $mkdir_mode "$tmpdir" &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
test_tmpdir="$tmpdir/a"
ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
else
mkdir_mode=
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
fi
trap '' 0;;
esac;;
trap '' 0;;
esac
if
$posix_mkdir && (
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
# The umask is ridiculous, or mkdir does not conform to POSIX,
# mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
esac
eval "$initialize_posix_glob"
oIFS=$IFS
IFS=/
$posix_glob set -f
set -f
set fnord $dstdir
shift
$posix_glob set +f
set +f
IFS=$oIFS
prefixes=
for d
do
test X"$d" = X && continue
test X"$d" = X && continue
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
done
if test -n "$prefixes"; then
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
fi
fi
fi
@@ -450,14 +449,25 @@ do
else
# Make a couple of temp file names in the proper directory.
dsttmp=$dstdir/_inst.$$_
rmtmp=$dstdir/_rm.$$_
dsttmp=${dstdirslash}_inst.$$_
rmtmp=${dstdirslash}_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
(umask $cp_umask &&
{ test -z "$stripcmd" || {
# Create $dsttmp read-write so that cp doesn't create it read-only,
# which would cause strip to fail.
if test -z "$doit"; then
: >"$dsttmp" # No need to fork-exec 'touch'.
else
$doit touch "$dsttmp"
fi
}
} &&
$doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
@@ -472,20 +482,24 @@ do
# If -C, don't bother to copy if it wouldn't change the file.
if $copy_on_change &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
eval "$initialize_posix_glob" &&
$posix_glob set -f &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
set -f &&
set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 &&
$posix_glob set +f &&
set +f &&
test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then
rm -f "$dsttmp"
else
# If $backupsuffix is set, and the file being installed
# already exists, attempt a backup. Don't worry if it fails,
# e.g., if mv doesn't support -f.
if test -n "$backupsuffix" && test -f "$dst"; then
$doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null
fi
# Rename the file to the real destination.
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
@@ -493,24 +507,24 @@ do
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
{
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
}
fi || exit 1
@@ -519,9 +533,9 @@ do
done
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:

6
knockd.conf
View File

@@ -13,3 +13,9 @@
command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
[openHTTPS]
sequence = 12345,54321,24680,13579
seq_timeout = 5
command = /usr/local/sbin/knock_add -i -c INPUT -p tcp -d 443 -f %IP%
tcpflags = syn

16
missing
View File

@@ -1,9 +1,9 @@
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
scriptversion=2013-10-28.13; # UTC
scriptversion=2018-03-07.03; # UTC
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@ scriptversion=2013-10-28.13; # UTC
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -101,9 +101,9 @@ else
exit $st
fi
perl_URL=http://www.perl.org/
flex_URL=http://flex.sourceforge.net/
gnu_software_URL=http://www.gnu.org/software
perl_URL=https://www.perl.org/
flex_URL=https://github.com/westes/flex
gnu_software_URL=https://www.gnu.org/software
program_details ()
{
@@ -207,9 +207,9 @@ give_advice "$1" | sed -e '1s/^/WARNING: /' \
exit $st
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:

78
src/knock.c
View File

@@ -13,10 +13,9 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#include <stdio.h>
@@ -36,11 +35,15 @@
#include <getopt.h>
#include <fcntl.h>
static char version[] = "0.7";
static char version[] = "0.8";
#define PROTO_TCP 1
#define PROTO_UDP 2
#define IP_DEFAULT AF_UNSPEC
#define IP_V4 AF_INET
#define IP_V6 AF_INET6
/* function prototypes */
void vprint(char *fmt, ...);
void ver();
@@ -49,13 +52,17 @@ void usage();
int o_verbose = 0;
int o_udp = 0;
int o_delay = 0;
int o_ip = IP_DEFAULT;
int main(int argc, char** argv)
{
int sd;
struct hostent* host;
struct sockaddr_in addr;
int opt, optidx = 1;
struct addrinfo hints;
struct addrinfo *infoptr;
char ipname[256];
int result;
char *hostname;
static struct option opts[] =
{
{"verbose", no_argument, 0, 'v'},
@@ -63,10 +70,12 @@ int main(int argc, char** argv)
{"delay", required_argument, 0, 'd'},
{"help", no_argument, 0, 'h'},
{"version", no_argument, 0, 'V'},
{"ipv4", no_argument, 0, '4'},
{"ipv6", no_argument, 0, '6'},
{0, 0, 0, 0}
};
while((opt = getopt_long(argc, argv, "vud:hV", opts, &optidx))) {
while((opt = getopt_long(argc, argv, "vud:hV46", opts, &optidx))) {
if(opt < 0) {
break;
}
@@ -76,6 +85,8 @@ int main(int argc, char** argv)
case 'u': o_udp = 1; break;
case 'd': o_delay = (int)atoi(optarg); break;
case 'V': ver();
case '4': o_ip = IP_V4; break;
case '6': o_ip = IP_V6; break;
case 'h': /* fallthrough */
default: usage();
}
@@ -89,18 +100,19 @@ int main(int argc, char** argv)
exit(1);
}
host = gethostbyname(argv[optind++]);
if(host == NULL) {
fprintf(stderr, "Cannot resolve hostname\n");
exit(1);
}
/* prepare hints to select ipv4 or v6 if asked */
memset(&hints, 0, sizeof hints);
hints.ai_family = o_ip;
hostname = argv[optind++];
for(; optind < argc; optind++) {
unsigned short port, proto = PROTO_TCP;
unsigned short proto = PROTO_TCP;
const char *port;
char *ptr, *arg = strdup(argv[optind]);
if((ptr = strchr(arg, ':'))) {
*ptr = '\0';
port = atoi(arg);
port = arg;
arg = ++ptr;
if(!strcmp(arg, "udp")) {
proto = PROTO_UDP;
@@ -108,18 +120,27 @@ int main(int argc, char** argv)
proto = PROTO_TCP;
}
} else {
port = atoi(arg);
port = arg;
}
/* get host and port based on hints */
result = getaddrinfo(hostname, port, &hints, &infoptr);
if(result) {
fprintf(stderr, "Failed to resolve hostname '%s' on port %s\n", hostname, port);
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(result));
exit(1);
}
/* create socket */
if(o_udp || proto == PROTO_UDP) {
sd = socket(PF_INET, SOCK_DGRAM, 0);
sd = socket(infoptr->ai_family, SOCK_DGRAM, 0);
if(sd == -1) {
fprintf(stderr, "Cannot open socket\n");
exit(1);
}
} else {
int flags;
sd = socket(PF_INET, SOCK_STREAM, 0);
sd = socket(infoptr->ai_family, SOCK_STREAM, 0);
if(sd == -1) {
fprintf(stderr, "Cannot open socket\n");
exit(1);
@@ -127,19 +148,22 @@ int main(int argc, char** argv)
flags = fcntl(sd, F_GETFL, 0);
fcntl(sd, F_SETFL, flags | O_NONBLOCK);
}
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = *((long*)host->h_addr_list[0]);
addr.sin_port = htons(port);
/* extract ip as string (v4 or v6) */
getnameinfo(infoptr->ai_addr, infoptr->ai_addrlen, ipname, sizeof(ipname), NULL, 0, NI_NUMERICHOST);
/* connect or send UDP packet */
if(o_udp || proto == PROTO_UDP) {
vprint("hitting udp %s:%u\n", inet_ntoa(addr.sin_addr), port);
sendto(sd, "", 1, 0, (struct sockaddr*)&addr, sizeof(addr));
vprint("hitting udp %s:%s\n", ipname, port);
sendto(sd, "", 1, 0, infoptr->ai_addr, infoptr->ai_addrlen);
} else {
vprint("hitting tcp %s:%u\n", inet_ntoa(addr.sin_addr), port);
connect(sd, (struct sockaddr*)&addr, sizeof(struct sockaddr));
vprint("hitting tcp %s:%s\n", ipname, port);
connect(sd, infoptr->ai_addr, infoptr->ai_addrlen);
}
close(sd);
usleep(1000*o_delay);
freeaddrinfo(infoptr);
}
return(0);
@@ -161,6 +185,8 @@ void usage() {
printf("options:\n");
printf(" -u, --udp make all ports hits use UDP (default is TCP)\n");
printf(" -d, --delay <t> wait <t> milliseconds between port hits\n");
printf(" -4, --ipv4 Force usage of IPv4\n");
printf(" -6, --ipv6 Force usage of IPv6\n");
printf(" -v, --verbose be verbose\n");
printf(" -V, --version display version\n");
printf(" -h, --help this help\n");

189
src/knock_helper_ipt.sh Normal file
View File

@@ -0,0 +1,189 @@
#!/bin/sh
# Original version to add non-duplicated rules by Greg Kuchyt (greg.kuchyt@gmail.com)
# Updated to handle deletes and be generic by Paul Rogers (paul.rogers@flumps.org)
SCRIPT_NAME=$(basename $0)
AWK="/bin/awk"
GREP="/bin/grep"
IPTABLES="/sbin/iptables"
SORT="/bin/sort"
COMMENT_APP="Append "
COMMENT_DEL="Delete "
COMMENT_INS="Insert "
COMMENT_DEFAULT="by knockd"
IPT_CHAIN="INPUT"
IPT_METHOD=""
IPT_COMMENT=""
IPT_SRC_IP=""
IPT_DST_PORT=""
IPT_PROTO="tcp"
IPT_RULE_TARGET="ACCEPT"
DRY_RUN=0
SEEN=0
VERBOSE=0
usage() {
echo "Usage: $SCRIPT_NAME -a|-i|-x -f SRC_IP_ADDR -d DST_PORT [-p|-c|-m|-t|-h|-v]"
echo "Options:"
echo "-a|--append Action: append a rule to NetFilter"
echo "-i|--insert Action: insert a rule to NetFiler"
echo "-x|--delete Action: delete a rule from NetFilter"
echo "-f|--srcaddr The source IP address to be used"
echo "-d|--dstport The destination port to be used in the rule"
echo "-p|--proto The protocol that the rule applies to; default: $IPT_PROTO"
echo "-c|--chain The NetFilter chain to apply the change to; default: $IPT_CHAIN"
echo "-m|--comment Overide default comment text: '$COMMENT_DEFAULT'"
echo "-t|--test Test run - don't actually perform an update to NetFilter"
echo "-h|--help Print this informational screen and exit"
echo "-v|--verbose Print verbose information about actions"
}
ARGS=$(getopt -o aixf:d:p:c:m::thv -l "append,insert,delete,srcaddr:,dstport:,proto:,chain:,comment::,test,help,verbose" -n $SCRIPT_NAME -- "$@")
if [ $? -ne 0 ];
then
echo "$SCRIPT_NAME - Error! Invalid arguments"
usage
exit 1
fi
eval set -- "$ARGS"
while true; do
case "$1" in
-a|--append)
IPT_METHOD="-A"
shift;
;;
-x|--delete)
IPT_METHOD="-D"
shift;
;;
-i|--insert)
IPT_METHOD="-I"
shift;
;;
-f|--srcaddr)
IPT_SRC_IP=$2
shift 2;
;;
-d|--dstport)
IPT_DST_PORT=$2
shift 2;
;;
-p|--proto)
IPT_PROTO=$2
shift 2;
;;
-c|--chain)
IPT_CHAIN=$2
shift 2;
;;
-m|--comment)
case "$2" in
"")
IPT_COMMENT=$COMMENT_DEFAULT;
shift 2;;
*)
IPT_COMMENT=$2;
shift 2 ;;
esac
;;
-t|--test)
DRY_RUN=1
shift;
;;
-h|--help)
usage
shift;
exit
;;
-v|--verbose)
VERBOSE=1
shift;
;;
--)
shift;
break;
;;
esac
done
# Begin sanity checks
if [ -z "$IPT_SRC_IP" ]; then
echo "$SCRIPT_NAME - Error! Source IP address required"
usage
exit 1
fi
if [ -z "$IPT_DST_PORT" ]; then
echo "$SCRIPT_NAME - Error! Destination port required"
usage
exit 1
fi
if [ -z "$IPT_METHOD" ]; then
echo "$SCRIPT_NAME - Error! Valid action option not specified"
fi
case "$IPT_METHOD" in
-A)
IPT_COMMENT="$COMMENT_APP $IPT_COMMENT"
;;
-I)
IPT_COMMENT="$COMMENT_INS $IPT_COMMENT"
;;
-D)
IPT_COMMENT="$COMMENT_DEL $IPT_COMMENT"
;;
esac
if [ "$VERBOSE" -eq 1 ]; then
echo "$SCRIPT_NAME - Testing rule"
echo "$SCRIPT_NAME - action: $IPT_METHOD _ src: $IPT_SRC_IP _ dstport: $IPT_DST_PORT _ proto: $IPT_PROTO _ chain: $IPT_CHAIN _ comment: $IPT_COMMENT"
fi
COMMENT=""
if [ -n "$IPT_COMMENT" ]; then
COMMENT="-m comment --comment '$IPT_COMMENT'"
fi
$IPTABLES -L $IPT_CHAIN &> /dev/null
if [ 0 -ne "$?" ]; then
echo "$SCRIPT_NAME - Error: $IPT_CHAIN is not a valid NetFilter chain"
exit
fi
# End sanity checks
# Dupe checking
for IP in `$IPTABLES -n -L $IPT_CHAIN | $GREP $IPT_RULE_TARGET | $AWK '{print $4}' | $SORT -u`;
do
if [ "$VERBOSE" -eq 1 ]; then
echo "$SCRIPT_NAME - $IP"
fi
if [ "$IPT_SRC_IP" == "$IP" ]; then
SEEN=1
fi
done
if [ "$VERBOSE" -eq 1 ]; then
echo "$SCRIPT_NAME - Seen: $SEEN"
fi
if [ "$SEEN" -eq 0 ]; then
if [ "$VERBOSE" -eq 1 ]; then
echo "$SCRIPT_NAME - $IPT_COMMENT"
echo $IPTABLES $IPT_METHOD $IPT_CHAIN -s $IPT_SRC_IP -p $IPT_PROTO --dport $IPT_DST_PORT -j $IPT_RULE_TARGET $COMMENT
fi
if [ "$DRY_RUN" -eq 0 ]; then
eval $IPTABLES $IPT_METHOD $IPT_CHAIN -s $IPT_SRC_IP -p $IPT_PROTO --dport $IPT_DST_PORT -j $IPT_RULE_TARGET $COMMENT
fi
fi

878
src/knockd.c
View File

File diff suppressed because it is too large Load Diff

9
src/list.c
View File

@@ -13,10 +13,9 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#include <stdlib.h>
@@ -28,7 +27,7 @@ PMList* list_new()
{
PMList *list = NULL;
list = (PMList*)malloc(sizeof(PMList));
list = (PMList*)calloc(1, sizeof(PMList));
if(list == NULL) {
return(NULL);
}

7
src/list.h
View File

@@ -13,10 +13,9 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifndef _PAC_LIST_H
#define _PAC_LIST_H