Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Nov 13, 2015
Commits on Jul 18, 2015
  1. [server] interface goes down will cause fwknopd to exit

    By default, fwknopd will now exit if the interface that it is
    sniffing goes down (patch contributed by Github user 'sgh7'). If this
    happens, it is expected that the native process monitoring feature in
    things like systemd or upstart will restart fwknopd. However, if fwknopd
    is not being monitored by systemd, upstart, or anything else, this
    behavior can be disabled with the EXIT_AT_INTF_DOWN variable in the
    fwknopd.conf file. If disabled, fwknopd will try to recover when a
    downed interface comes back up.
Commits on Jun 17, 2015
Commits on May 21, 2015
  1. (Jonathan Bennett) added script to create QR codes from…

    … fwknopd access.conf keys
Commits on May 20, 2015
Commits on Apr 19, 2015
  1. minor docs update

Commits on Feb 18, 2015
Commits on Dec 4, 2014
  1. add Grant Pannell

Commits on Sep 28, 2014
  1. Use the fwknop User-Agent for wget SSL external IP resolutions

    Bug fix to ensure that a User-Agent string can be specified when the
    fwknop client uses wget via SSL to resolve the external IP address. This
    closes issue #134 on github reported by Barry Allard. The fwknop now
    uses the wget '-U' option to specify the User-Agent string with a
    default of "Fwknop/<version>". In addition, a new command line argument
    "--use-wget-user-agent" to allow the default wget User-Agent string to
    apply instead.
Commits on Sep 4, 2014
Commits on Aug 22, 2014
  1. ChangeLog update for FCS bug fix

Commits on Jul 19, 2014
  1. [server] Bug fix for PF firewalls without ALTQ support on FreeBSD.

    With this commit PF rules are added correctly regardless of whether ALTQ support
    is available or not. Thanks to Barry Allard for discovering and reporting this
    issue. Closes issue #121 on github.
Commits on Apr 14, 2014
Commits on Mar 4, 2014
  1. Updated authorship and copyright information

    This commit updates all authorship and copyright information to include a
    standard header that references the AUTHORS and CREDITS file. This standard
    header was written by the Debian legal team at the request of Franck Joncourt.
Commits on Jan 11, 2014
  1. merged android4.4_support branch

Commits on Jan 3, 2014
  1. (Marek Wrzosek) Update docs to reflect random 'digits' use instead of…

    … 'bytes'
    Suggested doc update to fwknop man pages to accurately describe the usage
    of digits instead of bytes for SPA random data.  About 53 bits of entropy
    are actually used, although this is in addition to the 64-bit random salt
    in for key derivation used by PBKDF1 in Rjindael CBC mode.
Commits on Dec 23, 2013
  1. added Gerry Reno

Commits on Dec 12, 2013
  1. Added Les Aker to credits file

Commits on Aug 19, 2013
Commits on Aug 11, 2013
Commits on Aug 10, 2013
Commits on Jul 18, 2013
  1. Revert "[libfko] Have 'make install' run ldconfig if basic fwknop/fwk…

    …nopd -h exec fails"
    This reverts commit f55b89c.
    Damien recommended not having 'make install' run ldconfig since it breaks an RPM
    build of fwknop, and most package managers should be doing this step anyway.
Commits on Jul 10, 2013
  1. [client] in '-M legacy' mode truncate the key to 16 bytes

    This change helps to maintain backwards compatibility with older fwknopd daemons
    that cannot handle Rijndael keys greater than 16 bytes.  Blair Zajac suggested
    printing a warning in '-M legacy' mode when keys are attempted > 16 bytes long,
    and this warning is included in this commit.
Commits on Jun 30, 2013
  1. [libfko] Have 'make install' run ldconfig if basic fwknop/fwknopd -h …

    …exec fails
    This commit makes sure that if running 'fwknop -h' or 'fwknopd -h' appears to
    fail then run ldconfig under the 'make install' step.  George Herlin reported
    that on some systems ldconfig was not automatically getting executed via the
    autoconf Makefile config, and since fwknop/fwknopd depend on a shared library
    (libfko), ldconfig needs to be executed by 'make install' if it wasn't already
Commits on Jun 11, 2013
  1. [libfko] handle endian detection on PPC (and other) systems

    Blair Zajac contributed a patch to handle endian detection on PPC systems
    and issue a compile time error if it cannot be determined.  This commit affects
    the BYTEORDER macro.
Commits on Jun 3, 2013
  1. Merge remote-tracking branch 'fjoncourt/master'

    Closes #74 - allows a passphrase to be read from STDIN or from a file descriptor
    via --fd.
Commits on Jun 2, 2013
Commits on Jun 1, 2013
  1. [libfko] HMAC comparison timing bug fix

    Ryman reported a timing attack bug in the HMAC comparison operation (#85) and
    suggested a fix derived from YaSSL:
Commits on May 18, 2013
Commits on May 4, 2013
  1. Merge remote-tracking branch 'ag4ve/master'

    (Shawn Wilson) This adds better source IP logging for fwknopd log messages.
    Closes #70.
Commits on Apr 30, 2013
Commits on Apr 19, 2013
  1. credits and changelog updates

Commits on Feb 23, 2013
Commits on Jan 23, 2013
  1. [libfko] Don't trundate > 16 byte Rijndael keys

    Significant bug fix to honor the full encryption key length for
    user-supplied Rijndael keys > 16 bytes long.  Previous to this bug fix,
    only the first 16 bytes of a key were actually used in the encryption/
    decryption process even if the supplied key was longer.  The result was
    a weakening of expected security for users that had keys > 16 bytes,
    although this is probably not too common.  Note that "passphrase" is
    perhaps technically a better word for "user-supplied key" in this
    context since Rijndael in CBC mode derives a real encryption/decryption
    key from the passphrase through a series of applications of md5 against
    the passphrase and a random salt.  This issue was reported by Michael T.
    Dean.  Closes issue #18 on github.
Something went wrong with that request. Please try again.