I checked the 6.test output, and the results were similar. I decided to remove libpcap0.7, which also removed libnet-pcap-perl, so I was back to where I started. Many tests now failed.

So, I looked again at that article on Ubuntu Forums which I mentioned before (see below), and I decided to run:

sudo aptitude install libpcap-dev

I then re-ran the fwknop installation script, merging my previous fwknop config, and then I re-ran the fwknop test script. All 152 tests passed!

Please note that this is a system where I have previously run:

sudo aptitude install build-essential linux-headers-`uname -r`

Maybe Michael can confirm that those are needed. I haven't tried to install fwknop on a system without those installed.

I did not download and install Net-Pcap from CPAN, per the above article, because it looked like fwknop already had it.

Thanks guys!

- Scott

----- Original Message ----
From: Michael Rash <mbr@cipherdyne.org>
To: fwknop-discuss@lists.sourceforge.net
Sent: Monday, June 16, 2008 7:01:42 AM
Subject: Re: [Fwknop-discuss] Install on Ubuntu Server

On Jun 15, 2008, scottbmbox-cdo@yahoo.com wrote:

> Franck,
>
> I'll email you a single archive file with the output of:
>
> 55.test
> 56.test
> 57.test
> 129.test
> 130.test
> 131.test
> 133.test
> 134.test
> 135.test
> test.log
> fwknopd.ipterr
> fwknopd.iptout
> knoptm.ipterr
> knoptm.iptout
>
> (130 and 131 had also failed.)
>
> I will also email it to anyone who requests it until I fix this, at which time I'll post my fix(es) to the list.

The failed tests are for the port randomization features which
use a pcap filter as follows (in the fwknop.conf file for each of the
failed tests):

PCAP_FILTER                udp dst portrange 10000-65535;

This type of filter statement is not supported in some older versions of
libpcap, so I suspect that you might just need to upgrade your pcap
library and then those tests should work.

In the test/output/6.test file, the fwknop_test.pl script collects some
system specifics, including information about the installed pcap
library.  Here is an excerpt of that output on my system:

# ldd /usr/sbin/tcpdump
        libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8
(0x00002abbbc8f5000)
        libpcap.so.0.8 => /usr/lib/libpcap.so.0.8 (0x00002abbbcc76000)
        libc.so.6 => /lib/libc.so.6 (0x00002abbbcea3000)
        libdl.so.2 => /lib/libdl.so.2 (0x00002abbbd1fe000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00002abbbd403000)
        /lib64/ld-linux-x86-64.so.2 (0x00002abbbc6d7000)
# ls -l /usr/lib/*pcap*
-rw-r--r-- 1 root root 313128 2007-10-04 23:28 /usr/lib/libpcap.a
lrwxrwxrwx 1 root root    14 2008-01-12 20:52 /usr/lib/libpcap.so ->
libpcap.so.0.8
lrwxrwxrwx 1 root root    16 2008-02-11 06:33 /usr/lib/libpcap.so.0.8
-> libpcap.so.0.9.7
-rw-r--r-- 1 root root 182224 2007-10-04 23:28 /usr/lib/libpcap.so.0.9.7

Franck's suggestion of emailing the anonymized test output is a good
one; it should contain the 6.test output above.

Thanks,

--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F

>
> Thanks,
>
> Scott
>
>
> ----- Original Message ----
> From: Franck Joncourt <franck.mail@dthconnex.com>
> To: fwknop-discuss@lists.sourceforge.net
> Cc: scottbmbox-cdo@yahoo.com
> Sent: Sunday, June 15, 2008 4:39:30 PM
> Subject: Re: [Fwknop-discuss] Install on Ubuntu Server
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> scottbmbox-cdo@yahoo.com wrote:
>
> Hi,
>
> > How To: Install a Port Knocker - FWKNOP - Ubuntu Forums
> > http://ge.ubuntuforums.com/showthread.php?t=812573
>
> [...]
>
> > Many tests failed before I ran that command. I am now down to only four
> > tests failing: 56, 57, 134, and 135.
> >
> > 56:
> > MSG: [*] Dubious sniffed packet format
> > TEST: (Destination port randomness) Verifying SPA format, STATUS: fail
> >
> > 57:
> > MSG: [*] SPA access rules for 127.0.0.2 do not exist.
> > TEST: (Destination port randomness) Rules exist, STATUS: fail
> >
> > 134:
> > MSG: [*] Local access and DNAT access not granted
> > TEST: (Local NAT rand NAT/dst port) Local access rules exist, STATUS: fail
> >
> > 135:
> > MSG: [*] Dubious sniffed packet format
> > TEST: (Local NAT rand NAT/dst port) Verifying packet format, STATUS: fail
> >
> > Can anyone give me some clues on how to fix these?
>
> What about the files in the output directory ? Give us a link or enclose
> them.
>
> 55.test
> 56.test
> 57.test
>
> and
>
> 133.test
> 134.test
> 135.test
>
> maybe *.ipterr and *.iptout.
>
> [quote=README]
> ...you can use the --Prepare-results argument on the
> fwknop_test.pl command line to automatically anonymize the test output
> results.
> [/quote]
>
> I do not know if this is needed in your case :p!
>
> Regards,
>
> - --
> Franck Joncourt
> http://debian.org - http://smhteam.info/wiki/
> Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkhVjBIACgkQxJBTTnXAif6xlQCgkpnAvIdCBsq/OzXKSpjbsSLh
> VccAn13z/IqhbK2ioGd6s6WOEDQpFlM0
> =x2S5
> -----END PGP SIGNATURE-----