Single Packet Authorization and Port Knocking
Fetching latest commit…
Cannot retrieve the latest commit at this time
|COPYING||Total re-arrangement for autoconf/automake implementation.|
|INSTALL||Total re-arrangement for autoconf/automake implementation.|
This is the top-level directory for the C version of fwknop. Additional information and details can be found on the fwknop-c site at http://devmetrix.org/trac/fwknop-c. INTRODUCTION ============ This distribution will be a C-based implementation of Michael Rash's Perl-based "fwknop" programs. For more information on fwknop and what it is all about, go to http://www.cipherdyne.org/fwknop. CURRENT STATE ============= At present, we have an implementation of the Firewall Knock Operator library; `libfko', as well as the fwknop client and server applications. The library provides the API and back-end functionality for managing the Single Packet Authorization (SPA) data that the other fwknop components employ. It also can be used by other programs that need SPA functonality (see the `perl' directory for the FKO perl module as an example). This first version of the C implementation is planned to be compatible with legacy Perl-based fwknop version 1.9.x. However, it was decided to start the version number at 2.0.0 to differentiate it from the current Perl implementation. BUILDING fwknop =============== This distribution uses GNU autoconf for setting up the build. Please see the `INSTALL' file for the general basics on using autoconf. There are some "configure" options that are specific to fwknop. They are (extracted from ./configure --help): --disable-client Do not build the fwknop client component. The default is to build the client. --disable-server Do not build the fwknop server component. The default is to build the server. --with-gpgme support for gpg encryption using libgpgme [default=check] --with-gpgme-prefix=PFX prefix where GPGME is installed (optional) --with-gpg=/path/to/gpg Specify path to the gpg executable that gpgme will use [default=check path] --with-iptables=/path/to/iptables Specify path to the iptables executable [default=check path] --with-ipfw=/path/to/ipfw Specify path to the ipfw executable [default=check path] --with-sh=/path/to/sh Specify path to the sh executable [default=check path] NOTE to those who may be migrating from the Perl version of fwknop ================================================================== For those of you who are currently using the Perl version and plan to migrate to this version, there are some things to be aware of: - Not all of the features and functionality of the Perl-based fwknop were ported to this implementation. We felt it important to keep the C version as lean and lightweight as possible. Most of the omitted feature/functions (like email alerts) can be accomplished through other means (i.e. use an external script to monitor log files and alert based on appropriate log messages). - There are some diffences in the fwknop configuration and access file directives and values. Some of these are fairly subtle. You should pay careful attention to the documentation and comments in those files. NOTE FOR DEVELOPERS =================== If you are pulling this distribution from git, you should run the "autogen.sh" script to generate the autoconf files. If you get errors about missing directories or files, try running "autogen.sh" again. After that you can run the "autoreconf -i" when you want to regenerate the configuration. If, for some reason, autoreconf does not work for you, the "autogen.sh" script should suffice. The fwknop and fwknopd man page nroff sources are included in their respective directorys (client and server). These nroff files are derived from the asciidoc sources in the 'docs' directory. See the README in docs for details.