$Id: ChangeLog,v 1.24 2004/01/14 09:06:25 rsh Exp $ 2004-01-13 Roy Hills * Makefile.am: Added new shell-script-based tests check-run1, check-run2, and check-run3. * ike-scan.1: Updated man page OPTIONS section and added FILES section. * Added Russ Allbery's inet_aton replacement function for systems like Solaris which don't have inet_aton in the standard library. Added inet_aton check to configure.ac. * ike-scan.c: Cast char * to unsigned char * before passing to isdigit(). isdigit can have problems with char if char is signed and value >127, esp. when it's implemeted as a macro that indexes into an array as on Solaris 8. * Use hexstring() to print cookie values rather than using htonl() on the two 32-bit pieces. Some systems define htonl() to return unsigned long while others return unsigned int making it impossible to use the same printf format string on all systems. 2004-01-10 Roy Hills * iks-scan.c, isakmp.c: Added regular expression support for Vendor ID pattern matching. Patterns in ike-vendor-ids are now Posix basic regular expressions which are compiled with "regcomp" and matched against the hex representation of the Vendor ID data with "regexec". * configure.ac: Added check for Posix regular expression support. 2003-12-30 Roy Hills * isakmp.c: Added transform attribute generation functions make_attr() and add_attr(). Use these functions in make_trans() to improve readability and allow for future flexibility. * ike-scan.c: Free various bits of malloc'ed storage when they are no longer used. The pointers involved are: vid_data, patcopy, id_data, gss_data, hdr, sa, prop, transforms, ke, nonce, id and vid. These are all used only at initialisation time. We don't save much memory by free'ing these, but it's better to be neat & tidy. * check-sizes.c: New test program which checks the sizes of structures and types. This is referenced by the TESTS target in Makefile.am, so it gets run by "make check". * ike-scan.c: check_struct_sizes() is now obsolete and has been removed. 2003-12-29 Roy Hills * isakmp.c: Fixed bug which caused the data length for ID and VID payloads to be 8 bytes more than it really was (we were not subtracting the length of the header structure). * isakmp.c: Only check the returned VID against a candidate pattern if the VID data length is >= the candidate pattern length. * isakmp.c: Moved notification_msg[] from global to process_notify() function. Use STR_OR_ID macro to display appropriate string from notification_msg[] which avoids a hard-coded constant. Changed format of "Firewall-1" 9101 notify message. 2003-12-24 Roy Hills * ike-scan.c: Modified error message if bind() fails to be more specific depending on the value of errno. * ike-scan.c: Added --quiet option to prevent packet decode and thus shorten the output if required and --multiline option to split the decode over multiple lines (one line per payload). * ike-scan.c: Improved protocol decode. SA and ID payloads are now decoded. For SA, the various transform attributes are shown. * ike-scan.c: Added utility functions printable() and hexstring() to provide escaped-printable and hex representations of data. * isakmp.c: New process_id() function to process ID payload. Improved process_sa() function to decode transforms. Transform decoding is no longer experimental. 2003-12-19 Roy Hills * isakmp.c: Added experimental support for displaying transform attributes. This code is only enabled if the --experimental option is specified. New attribute parseing function process_attr(), new macro STR_OR_ID, and new function numstr() as well as additional code in process_sa() function. 2003-12-11 Roy Hills * ike-scan.c: Added support for Vendor ID fingerprinting using fingerprints loaded from the file "ike-vendor-ids". Added --vidpatterns (-I) option to specify Vendor ID patterns file location if it's not the default. * isakmp.c: Modified process_vid() to check for known Vendor ID and print entry from database if found. 2003-12-10 Roy Hills * ike-scan.c: Allow target hosts to be specified as IPnet/bits or IPstart-IPend as well as the traditional single host or IP address. The new function add_host_pattern() deals with these new formats. Added details to usage() to explain these additional formats. This functionallity was first requested by Chris Gripp in Jan 2003. 2003-11-28 Roy Hills * ike-scan.c: Removed unecessary gethostbyname() call. 2003-11-23 Roy Hills * ike-scan.c: Removed many global variables and made them local to main(). Only 4 global variables left now, all of which have some reason to stay global. 2003-11-22 Roy Hills * isakmp.c: Added support for GSS ID attribute in make_trans() function. 2003-11-21 Roy Hills * isakmp.c: Added support for lifesize (KB) to add_trans() and make_trans() functions. * ike-scan.h: Modified function definitions for add_trans(), make_trans(), and initialise_ike_packet() to take lifesize argument. * ike-scan.c: Added support for --lifesize (-z) option. Default is not to include this attribute. 2003-11-18 Roy Hills * isakmp.c: Wrote ISAKMP packet parsing routines: skip_payload, process_isakmp_hdr, process_sa, process_vid, process_notify. These are used by the new display_packet() routine in ike-scan.c * ike-scan.c: Re-wrote display_packet() function to parse ISAKMP packet in a flexible way using functions in isakmp.c. This allows us to display multiple Vendor ID payloads (previously we could only display the first), and also to detect and print vendor ID payloads anwhere in the packet (previously it had to be immediately after the SA payload, which may not be the case with aggressive mode). 2003-11-14 Roy Hills * ike-scan.c: Fixed bug which could cause select() to be passed a negative timeout when collecting backoff fingerprints. * Released v1.5.1. Tarball size: 122595, Zip size: 632736. tarball md5sum: 6425534104fd9f6f644c6f7286ed40e1 Zip md5sum: 52cf28982532030b2e7faf26dde8fb1d 2003-11-13 Roy Hills * ike-scan.c: Added support for IKE Aggressive Mode. New options: --aggressive, --id, --idtype, --dhgroup. * isakmp.c: Added functions to build id, nonce and ke payloads for Aggressive Mode. * ike-scan.1: Added details of Aggressive Mode options. * Released V1.5. 2003-11-08 Roy Hills * wrappers.c: New file containing system/library call wrappers for those calls which are not expected to fail. Wrappers have the same name as the underlying call but with initial capital letter. This convention is from W. Richard Stevens' Unix Network Programming book. * ike-scan.c: Changed to use wrapper functions for Gettimeofday, Malloc and Realloc. * isakmp.c: Changed to use wrapper function for Malloc. * isakmp.c: Wrote new add_trans() function. This allows a multi- transform payload to be built, it calls make_trans. * ike-scan.c: Use new add_trans() function in intialise_ike_packet() rather than manually building the transform payload using make_trans(). * isakmp.c: Add new add_vid() function. * ike-scan.c: Use new add_vid() function to allow multiple VIDs to be specified. * ike-scan.c: Add new function decode_trans. Use this function to parse the --trans argument which allows the specification of encryption key length. 2003-11-07 Roy Hills * isakmp.c: Wrote ISAKMP payload construction functions. * ike-scan.c: Use functions from isakmp.c to construct ISAKMP payloads rather than manually filling in structures. 2003-10-30 Roy Hills * ike-scan.c: Change loop timing units from ms to us to improve accuracy. This requires a 64-bit integer type. 2003-10-30 Roy Hills * ike-scan.c: Added elapsed time statistics to "Ending:" line. * ike-scan.c: Changed atoi(optarg) to strtoul(optarg, (char **)NULL, 10) for unsigned options to allow full unsigned range. * ike-scan.c: Dynamically adjust select_timeout based on requested interval and cumulative error. * ike-scan.c: Removed --selectwait option as it is now unneccesary. * ike-scan.c: Renamed backoff variable to backoff_factor and changed type from float to double. * ike-scan.c: Timeout hosts immediately if possible when starting the timeout pass. This reduces the scanning time, especially when scanning a large number of hosts. Previously, the scanning time tended to * ; now it tends towards * . * ike-scan.c: Added pass number which is displayed if verbose >= 1. 2003-10-29 Roy Hills * ike-scan.c: Don't call advance_cursor() if we can't send to a host yet because the next host won't be ready either. * ike-scan.c: Start the search for a matching cookie at cursor->prev rather than cursor. 2003-08-05 Roy Hills * Released version v1.4. Tarball size 114410 bytes, Zip size 622630. tarball md5sum: d8755044a041859cde12d111973bb541 zip md5sum: 7871aead615b88e3fd6a516f60ac63d0 2003-07-17 Roy Hills * ike-scan.c: Print any vendor ID payload in hex if it follows an SA payload. * ike-scan.c: allocate vid_data using malloc rather than having a fixed-length array. This allows the supplied vendor id to be of arbitary length. 2003-07-16 Roy Hills * ike-scan.c: Changed --vendor option to use a hex string of arbitary length (up to MAXLINE) rather than an md5 hash of the supplied string. This allows us to specify any vandor ID e.g. the one that SecuRemote uses with main mode. 2003-07-10 Roy Hills * Released version v1.3. Tarball size 113350 bytes. tarball md5sum: 3fc330e97017ac93bd35fd2973d14e58 Note: this is not an official release and no Windows (zip) version was produced. It is for internal use to test the new pattern matching code. However, it is available in the public download directory if anyone wants to use it. 2003-07-10 Roy Hills * ike-backoff-patterns: Added new patterns "watchguard-soho" and "sonicwall-pro". These both use the new "/" notation to represent per-entry fuzz values. * ike-scan.c: Add fact that per-pattern fuzz entries override the values specified with --fuzz to the help output. * Created detached GPG sigs (.asc) for *.tar.gz and *.zip using DSA key ID 567B9F3A Roy Hills . 2003-07-10 Roy Hills * ike-scan.c: Added check_struct_sizes() to check the size of the ISAKMP structure sizes. * ike-scan.h: Added definition of check_struct_sizes(). 2003-07-04 Roy Hills * ike-scan.c: Added support for per-pattern-entry fuzz specification in the patterns file. * ike-scan.h: New structure to support per-pattern-entry fuzz. 2003-06-27 Roy Hills * ike-scan.c: Improved backoff pattern display in dump_backoff(). Use integer arithmetic in add_pattern() to avoid rounding errors. * ike-scan.h: Remove math.h include. Not needed now that we use integer aritmetic in add_pattern(). * configure.ac: Removed check for maths library. Not needed now that we use integer aritmetic in add_pattern(). 2003-06-17 Roy Hills * ike-scan.1: Created man page ike-scan.1. This is required by some Linux distributions e.g. Debian. * Makefile.am: Added support for new man page. * NEWS: Added info for v1.0, v1.1 and v1.2. * Makefile.am: Changed location of "ike-backoff-patterns" from $datadir to $pkgdatadir. 2003-06-11 Roy Hills * Released version v1.2. Tarball size 108137 bytes, Zip size 620292. tarball md5sum: 25777051bb09306cb0b86e0cf1c48caa zip md5sum: 5c02090900dc3fda7fa374fe99f48af5 2003-06-11 Roy Hills * ike-backoff-patterns: Minor comment changes. 2003-05-10 Roy Hills * configure.ac: Added package name and version to AC_INIT. * ike-scan.c: Use PACKAGE_STRING and PACKAGE_BUGREPORT symbols rather than hard-coded strings. 2003-05-09 Roy Hills * configure.ac, acinclude.m4: Wrote macro AC_NTA_NET_SIZE_T to determine the best type to use for the 3rd argument to accept(). This is normally socklen_t, but is sometimes int or size_t. This change allows the program to compile on HP Tru64 Unix. 2003-05-08 Roy Hills * configure.ac: Renamed configure.in to configure.ac to comply with new autoconf naming scheme and ran autoupdate to update from autoconf 2.13 to 2.53. No C code changes. 2003-02-21 Roy Hills * error.c: Changed "syslog(level, buf)" to "syslog(level, "%s", buf)" to fix syslog format string vulnerability. 2003-02-18 Roy Hills * Released version v1.1. Tarball size 91606 bytes, Zip size 578034. tarball md5sum: b87fe14043c43c2897cf309c364574b7 zip md5sum: 59db0f1f170aaf50dfb2c05f4f950d00 * Corrected typo in README-WIN32: know -> known. 2003-02-03 Roy Hills * Makefile.am: Changed DATADIR to IKEDATADIR. * ike-scan.h: Include if compiling under Cygwin. * ike-scan.c: Use ike-scan.exe dir as default patterns file dir if compiling under Cygwin. * ike-scan now compiles under Cygwin and can be used as a Windows EXE if CYGWIN1.DLL is present. 2003-01-30 Roy Hills * Minor changes to --help output to make use of <> brackets consistent. 2003-01-29 Roy Hills * ike-scan.c: Added output of "Ending:" line showing number of hosts scanned and number of responders after scan completes. * ike-scan.c: Only show backoff table if there is at least one handshake responder. * ike-scan.c: Don't bother waiting for extra packets after all host entries have been removed if there are no handshake responders. * ike-scan.c: Show that notify message 9101 is Firewall-1 4.x or NG in output message. * ike-scan.c: Cast value from htonl to uint32_t when used in printf statement to avoid warnings on those platforms which define htonl as returning unsigned long (like FreeBSD). * ike-backoff-patterns: Added OpenBSD-isakmpd, discovered by Thomas Walpuski. 2003-01-27 Roy Hills * Fixed possible buffer overflow in code which joined argv elements into a fixed-length string which is then written to syslog. * Removed RSA 1991 MD5 implementation and replaced with L. Peter Deutsch's MD5 implementation dated 2002. 2003-01-25 Roy Hills * Moved all #includes to ike-scan.h. * ike-scan.c, ike-scan.h: Changed host_entry element "n" from int to unsigned. * ike-scan.c: Changed printf format for unsigned from %d to %u. * ike-scan.c: Added exchange type (Main Mode or Aggressive Mode) to "handshake returned" message. * ike-scan.h: Make all #includes conditional based on configure findings * configure.in: Check for uint_8, uint_16 and u_int32 types using custom macro AC_NTA_CHECK_TYPE (defined in acinclude.m4). If the types are not defined, then #define them to values that will work on most systems. * ike-scan now builds and runs on two new platforms: - Debian Linux 1.3.1 (old libc5 based Linux system with 2.0 kernel) - Cygwin on Windows NT Workstation (only under the cygwin environment; this doesn't produce a standalone windows exe). 2003-01-23 Roy Hills * ike-backoff-patterns: Changed Cisco Concentrator entry to 0,8,8,8 2003-01-20 Roy Hills * Released initial version v1.0. Tarball size 86434 bytes, md5sum: 7299777c7d67d1cea82d9594867b4806