Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Jul 10, 2012
Commits on Jul 9, 2012
  1. bumped version to 2.0.1-pre1

Commits on Jul 8, 2012
  1. Only cache replay digests for SPA packets that decrypt

    This change ensures that we only cache replay digests for those SPA packets
    that actually decrypt.  Not doing this would have allowed an attacker to
    potentially fill up digest cache space with digests for garbage packets.
  2. Bug fix for multi-stanza key use and replay attack detection

    This commit fixes a bug where the same encryption key used for two stanzas in
    the access.conf file would result in access requests that matched the second
    stanza to always be treated as a replay attack.  This has been fixed for
    the fwknop-2.0.1 release, and was reported by Andy Rowland.  Now the fwknopd
    server computes the SHA256 digest of raw incoming payload data before
    decryption, and compares this against all previous hashes.  Previous to this
    commit, fwknopd would add a new hash to the replay digest list right after
    the first access.conf stanza match, so when SPA packet data matched the
    second access.conf stanza a matching replay digest would already be there.
Commits on May 28, 2012
  1. gcc warning fix fox: fko_decode.c:43:17: warning: variable ‘edata_siz…

    …e’ set but not used [-Wunused-but-set-variable]
Commits on Jan 15, 2012
Commits on Jan 2, 2012
  1. removed old ChangeLog files

  2. bumped version to 2.0

  3. added FKO_CHECK_COMPILER_ARG_LDFLAGS_ONLY to fix ro-relocations and i…

    …mmediate binding protection compliation warnings on FreeBSD
  4. bumped version to 2.0

Commits on Dec 29, 2011
  1. @damienstuart

    Refactored to use a custom macro for compiler flag checks.

    damienstuart authored Damien S. Stuart committed
    Set version to 2.0 (non-release candidate).
    Minor typo fixes.
Commits on Dec 13, 2011
Commits on Dec 6, 2011
  1. added local_spa.key file

  2. added local_spa.key file

  3. change log doc updates

Commits on Dec 4, 2011
Commits on Dec 3, 2011
  1. minor compile fixes for FreeBSD

Something went wrong with that request. Please try again.