SBN

Vuurmuur Development Update

Over the holidays I’ve spent some time refreshing the Vuurmuur code. One major thing that is now done is that the 3 different ‘projects’ (libvuurmuur, vuurmuur and vuurmuur-conf) are now merged into a single ‘project’. This means that a single ‘./configure && make && make install’ now installs everything.

When I originally started Vuurmuur I had much bigger dreams for it than eventually materialized. Also, I didn’t understand autotools very well, so it was easier to keep the project split up. At some point there were even 5 projects!

One very convenient consequence is that development can now be done without system wide installation of the libs. This may sound trivial, but it really speeds things up.

I’ve updated the install script and the debian scripts for this new model as well.

QA

A second point is the use of better QA.

  1. Travis-CI integration. This tests gcc/clang builds for compilation warnings and errors, the install script, debian package generation
  2. Scan-build and cppcheck. Vuurmuur is now clean in scan-build 3.9 and cppcheck 1.77.
  3. Coverity Scan. I’ve registered Vuurmuur with Coverity’s Scan program. Initially there were quite a few issues, although most of them minor. I’ve fixed all of them so now Vuurmuur is clean for Coverity as well.
  4. ASAN/UBSAN: I’m running Vuurmuur with address and undefined behavior sanitizers enabled. Fixed a few issues because of that.

Error handling

One major source of issues with the static checkers was the error handling in vuurmuur_conf. This lead to many completely untested code paths, usually for things like memory allocation failure or other ‘internal’ errors. I’ve simplified that handling enormously, by simply adding a class of ‘fatal’ errors that simply exit vuurmuur_conf in such conditions. This has lead to a smaller and cleaner code base.

User visible changes

Most of the changes are internal, but a few things are user visible.

  1. removal of QUEUE support. ip_queue is long dead and has been replaced with NFQUEUE.
  2. proper sorting of connections in Connection Viewer.
  3. default to black background in vuurmuur_conf

I’m hoping to push out a new release soon(ish). Time contraints will continue to be a big issue though. So if anyone wants to help out, please let me know.

*** This is a Security Bloggers Network syndicated blog from Inliniac authored by inliniac. Read the original post at: https://blog.inliniac.net/2017/01/12/vuurmuur-development-update/