Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Jul 24, 2012
  1. PCAP_LOOP_SLEEP bug fix to 1/10th of a second

    [server] Updated PCAP_LOOP_SLEEP default to 1/10th of a second (in
    microseconds).  This was supposed to be the default anyway, but C
    Anthony Risinger reported a bug where fwknopd was consuming more
    resources than necessary, and the cause was PCAP_LOOP_SLEEP set by
    default to 1/100th of a second - this has been fixed.
Commits on Jul 23, 2012
  1. [client] Fixed several minor memory leaks caught by valgrind

    This commit fixes memory leaks like the following in the fwknop client:
        in use at exit: 300 bytes in 11 blocks
      total heap usage: 100 allocs, 89 frees, 16,583 bytes allocated
    16 bytes in 1 blocks are indirectly lost in loss record 1 of 11
       at 0x4C2B6CD: malloc (in /usr/lib/valgrind/
       by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
       by 0x5C3D63E: ???
       by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
       by 0x508938E: cuserid (cuserid.c:37)
       by 0x4E3983A: fko_set_username (fko_user.c:65)
       by 0x4E38D5C: fko_new (fko_funcs.c:84)
       by 0x10A824: main (fwknop.c:75)
    16 bytes in 1 blocks are indirectly lost in loss record 2 of 11
       at 0x4C2B6CD: malloc (in /usr/lib/valgrind/
       by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
       by 0x5C3D658: ???
       by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
       by 0x508938E: cuserid (cuserid.c:37)
       by 0x4E3983A: fko_set_username (fko_user.c:65)
       by 0x4E38D5C: fko_new (fko_funcs.c:84)
       by 0x10A824: main (fwknop.c:75)
    16 bytes in 1 blocks are indirectly lost in loss record 3 of 11
       at 0x4C2B6CD: malloc (in /usr/lib/valgrind/
       by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
       by 0x5C3D672: ???
       by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
       by 0x508938E: cuserid (cuserid.c:37)
       by 0x4E3983A: fko_set_username (fko_user.c:65)
       by 0x4E38D5C: fko_new (fko_funcs.c:84)
       by 0x10A824: main (fwknop.c:75)
    16 bytes in 1 blocks are indirectly lost in loss record 4 of 11
       at 0x4C2B6CD: malloc (in /usr/lib/valgrind/
       by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
       by 0x5C3D68C: ???
       by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
       by 0x508938E: cuserid (cuserid.c:37)
       by 0x4E3983A: fko_set_username (fko_user.c:65)
       by 0x4E38D5C: fko_new (fko_funcs.c:84)
       by 0x10A824: main (fwknop.c:75)
Commits on Jul 21, 2012
  1. Better SPA message validation upon SPA decrypt/decode.

    Added SPA message validation calls to fko decoding routines to help
    ensure that SPA messages conform to expected values.
Commits on Jul 18, 2012
  1. Ensure that INPUT rules are added in --nat-local mode

    This change ensures that INPUT rules are added when the fwknop client is used to
    request access to a local service with --nat-local mode.
Commits on Jul 13, 2012
Commits on Jul 10, 2012
  1. added valgrind parsing note

Commits on Jan 2, 2012
  1. removed old ChangeLog files

Commits on Aug 21, 2011
  1. Updated ChangeLog with all changes from 2.0.0-rc3

    Updated ChangeLog with all changes from 2.0.0-rc3
Commits on Aug 19, 2011
  1. Added ChangeLog derived from git commit messages.

    There will be branch and release specific ChangeLog files as well.
  2. Renamed ChangeLog -> ChangeLog.old for new ChangeLog handling

    The ChangeLog will be derived from commit messages.
Commits on Aug 29, 2010
  1. Made autoconf print an error message indicating ipf is not supported …

    Damien Stuart authored
    …if it is specified. Changelog updates.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@287 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Jul 31, 2010
  1. Fixed issue with spaces in in access.conf comma-separated values. Fix…

    Damien Stuart authored
    …ed issue with GPG signature check being forced when GPG_REMOTE_ID is set and GPG_REQUIRE_SIG was "N". Updated dependency in the spec file. Updates to ChangeLog.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@273 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Jul 25, 2010
  1. Added extras directory. Bumped version in autoconf to 1.0.0rc2.

    Damien Stuart authored
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@271 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Feb 9, 2010
  1. Added an initial fwknopd.8 man page (and source asciidoc). Added the …

    Damien Stuart authored
    …--locale and --no-locale command-line option support. The set_config_entry function now allows setting a config entry to NULL to clear and free it.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@209 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Feb 6, 2010
  1. Fixed libfko so gpgme engine is gpg by default. Added functions to li…

    Damien Stuart authored
    …bfko to set/get path to gpgme engine. Fixed some memory leaks. Reworkd the get_user_pw routine. Added code in fwknopd to put back the "hQ" string on the front of incoming GPG-encypted message data. Removed the previously add pretty-print routine to configure. Updated configure to check for path to gpg executable. Updated docs accordingly.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@205 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Jan 31, 2010
  1. Bumped working version to 2.0.0-alpha-pre2 to differentiate from the …

    Damien Stuart authored
    …tagged 2.0.0-alpha-pre1. Updated Changelog.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@204 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Jan 16, 2010
  1. * Added a new command line argument "--last-cmd" to run the fwknop cl…

    with the same command line arguments as the previous time it was
    executed.  The previous arguments are parsed out of the ~/
    file (if it exists).
    * Bug fix to not send any SPA packet out on the wire if a NULL password/key
    is provided to the fwknop client.  This could happen if the user tried to
    abort fwknop execution by sending the process a SIGINT while being
    prompted to enter the password/key for SPA encryption.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@193 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Jan 5, 2010
  1. Updated changelog. Made the match the changes mad…

    Damien Stuart authored
    …e to the fwknopd.8 manpage.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@188 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Jan 3, 2010
  1. Added --packet-limit to fwknopd so that the number of incoming candidate

    SPA packets can be limited from the command line.  When this limit is
    reached (any packet that contains application layer data and passes the
    pcap filter is included in the count) then fwknopd exits.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@179 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Nov 20, 2009
  1. * (Legacy code) Bug fix to allow the --rand-port argument to function…

    … along
    without an inappropriate check for the --Server-port arg.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@165 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Nov 2, 2009
  1. (Legacy code) Applied patch from Jonthan Bennett to support the usage of

    the http_proxy environmental variable for sending SPA packets through an
    HTTP proxy.  The patch also adds support for specifying an HTTP proxy
    user and password via the following syntax:
    '' or
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@164 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Oct 28, 2009
  1. added the latest http proxy fixes to the ChangeLog

    git-svn-id: file:///home/mbr/svn/fwknop/trunk@162 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Aug 2, 2009
  1. Added SHA384 and SHA512 digests. Tweaks for getting rid of windows wa…

    Damien Stuart authored
    …rnings. Use recv instead of read on socket. Bumped version to 0.63 (libfko) and 0.23 (FKO perl module).
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@123 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Jul 26, 2009
  1. Added the --source-ip argument to build SPA packets with (the…

    … fwknopd server can wrap access controls around this)
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@119 510a4753-2344-4c79-9c09-4d669213fbeb
  2. minor doc updates

    git-svn-id: file:///home/mbr/svn/fwknop/trunk@118 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Jul 23, 2009
  1. * Added the --show-last and --no-save command line options to show the

      command line used for the previous fwknop invocation, and to have the
      fwknop client not save its command line arguments.
    * Bug fix to force libfko to recalculate the random data embedded in the
      the SPA packet after a random port is acquired via --rand-port or
      --nat-rand-port.  This is a precaution so that an attacker cannot guess
      some of the internal SPA data based on the destination port number.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@116 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Jul 21, 2009
  1. * Got forward and local NAT modes working with the --nat-access,

      --nat-local, --nat-port, and --nat-randport options.  All NAT modes
      are now passing the fwknop test suite.
    * Added the --server-command option to build an SPA packet with a command
      for the server to execute.
    * Added the --fw-timeout option for client side timeouts to be specified.
    * Added the --time-offset-plus and --time-offset-minus options to allow
      the user to influence the timestamp associated with an SPA packet.
    * Added the --rand-port option so that the SPA packet destination port can
      be randomized.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@115 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Jul 16, 2009
  1. - Added the ability to send SPA packets over valid HTTP requests with

    the fwknop-c client.
    - Added support for transmitting SPA packets over IPv6 via TCP and UDP
    sockets, and also via HTTP.
    - Added GnuPG 'hQ' base64 encoded prefix handling (this prefix is
    stripped out of encrypted SPA packet data).
    - Added hostname resolution support to the fwknop-c client if the SPA
    server is specified as a hostname instead of an IP address.
    - Minor bug fix to allow a GnuPG password to be specified via the
    --get-key functionality.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@112 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Jun 7, 2009
  1. Minor updates to non-code-related files. Changed some copyrights to 2…

    Damien Stuart authored
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@100 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Jan 27, 2009
  1. Documentation updates and minor tweaks. Made it version 1.10.0 consis…

    Damien Stuart authored
    …tent in and fko.h.
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@47 510a4753-2344-4c79-9c09-4d669213fbeb
Commits on Dec 21, 2008
  1. Total re-arrangement for autoconf/automake implementation.

    Damien Stuart authored
    git-svn-id: file:///home/mbr/svn/fwknop/trunk@12 510a4753-2344-4c79-9c09-4d669213fbeb
Something went wrong with that request. Please try again.