All notable changes to the project are documented in this file.
- Extend number of ports possible to use per interface.
v1.5 - 2021-09-09
- Add support for handling IPv4 addresses mapped on IPv6
- Pass through SOCK_STREAM in
recv(),recvfrom()andrecvmsg()
- Restore IP_PKTINFO option on socket after interface inspection
- Fix uninitialized variable
v1.4 - 2021-09-06
- Allow access if
getsockaname()orgetifaddrs()fails - Use
SO_DOMAINsocket option to query forAF_INETandAF_INET6domain sockets. These are the only ones we are concerned with, let everything else pass through
v1.3 - 2021-09-03
- Fixes for wrapping Net-SNMP and other services that use
AF_UNIXIPC
v1.2 - 2021-09-01
- Add support for wrapping
recvmsg()andrecv()syscalls, in addition to the existingrecvfrom()wrapper - Slightly improved test framework, with .log files and overview
- Only check ACL if
accept()doesn't return error
- Fix markdown links in changelog diffs
- Fix uninitialized variable in test server
v1.1 - 2021-08-26
- Add support for UDP services by wrapping
recvfrom() - Add support for IPv6
- Scope ACL environment variable with
ACCEPT_GUARD_prefix to avoid clashing with other uses of ACL on the system. Incompatible change! - Simplify build system slightly
- Add basic test suite to verify accept guard, based on
unshare - Replace unsafe
strncpy()with safer version that NUL terminates. In a world of systemd named interfaces we are always atIFNAMSIZ
- Check return value from
getenv(), may beNULL
v1.0 - 2021-08-20
First public release. Basic accept() wrapper which reads allowed
interface:port tuples from an ACL=iface:port;iface2:port environment
variable.