Permalink
Commits on Jan 2, 2012
  1. added --stat output to ChangeLog

    mrash committed Jan 2, 2012
  2. removed old ChangeLog files

    mrash committed Jan 2, 2012
  3. bumped version to 2.0

    mrash committed Jan 2, 2012
  4. added FKO_CHECK_COMPILER_ARG_LDFLAGS_ONLY to fix ro-relocations and i…

    mrash committed Jan 2, 2012
    …mmediate binding protection compliation warnings on FreeBSD
  5. bumped version to 2.0

    mrash committed Jan 2, 2012
Commits on Dec 29, 2011
  1. Refactored configure.ac to use a custom macro for compiler flag checks.

    damienstuart committed with Damien S. Stuart Dec 29, 2011
    Set version to 2.0 (non-release candidate).
    Minor typo fixes.
Commits on Dec 13, 2011
Commits on Dec 6, 2011
  1. added local_spa.key file

    mrash committed Dec 6, 2011
  2. added local_spa.key file

    mrash committed Dec 6, 2011
  3. change log doc updates

    mrash committed Dec 6, 2011
Commits on Dec 4, 2011
Commits on Dec 3, 2011
  1. minor compile fixes for FreeBSD

    mrash committed Dec 3, 2011
Commits on Dec 1, 2011
  1. Added FORCE_NAT mode to the access.conf file

    mrash committed Dec 1, 2011
    This commit adds a new configuration variable "FORCE_NAT" to the access.conf
    file:
    
        For any valid SPA packet, force the requested connection to be NAT'd
        through to the specified (usually internal) IP and port value.  This is
        useful if there are multiple internal systems running a service such as
        SSHD, and you want to give transparent access to only one internal system
        for each stanza in the access.conf file.  This way, multiple external
        users can each directly access only one internal system per SPA key.
    
    This commit also implements a few minor code cleanups.
Commits on Nov 29, 2011
  1. Added access stanza expiration feature, multiple access stanza bug fix

    mrash committed Nov 29, 2011
    This commit does two major things:
    
    1) Two new access.conf variables are added "ACCESS_EXPIRE" and
    "ACCESS_EXPIRE_EPOCH" to allow access stanzas to be expired without having
    to modify the access.conf file and restart fwknopd.
    
    2) Allow an access stanza that matches the SPA source address to not
    automatically short circuit other stanzas if there is an error (such as when
    there are multiple encryption keys involved and an incoming SPA packet is
    meant for, say, the second stanza and the first therefore doesn't allow
    proper decryption).
Commits on Nov 23, 2011
  1. added SPA packet aging tests

    mrash committed Nov 23, 2011
  2. bug fix to exclude SPA packets with timestamps in the future that are…

    mrash committed Nov 23, 2011
    … too great (old packets were properly excluded already)
  3. added DNAT mode tests, minor memory leak fix in NAT mode, added fwkno…

    mrash committed Nov 23, 2011
    …pd check for ENABLE_IPT_FORWARDING variable before attempting NAT access
Commits on Nov 19, 2011
Commits on Nov 18, 2011
Commits on Nov 16, 2011
  1. simplified the client/server interaction code, started on IP filterin…

    mrash committed Nov 16, 2011
    …g tests, added spoof username tests