Skip to content
This repository

Single Packet Authorization and Port Knocking

Fetching latest commit…

Cannot retrieve the latest commit at this time

README
This is the top-level directory for the C version of fwknop.

Additional information and details can be found on the fwknop-c site at
http://devmetrix.org/trac/fwknop-c.


INTRODUCTION
============
This distribution will be a C-based implementation of Michael Rash's
Perl-based "fwknop" programs.  For more information on fwknop and what
it is all about, go to http://www.cipherdyne.org/fwknop.


CURRENT STATE
=============
At present, we have an implementation of the Firewall Knock Operator
library; `libfko', as well as the fwknop client and server applications.
The library provides the API and back-end functionality for managing the
Single Packet Authorization (SPA) data that the other fwknop components
employ.  It also can be used by other programs that need SPA functonality
(see the `perl' directory for the FKO perl module as an example).

This first version of the C implementation is planned to be compatible
with legacy Perl-based fwknop version 1.9.x. However, it was decided to
start the version number at 2.0.0 to differentiate it from the current
Perl implementation.


BUILDING fwknop
===============
This distribution uses GNU autoconf for setting up the build.  Please see
the `INSTALL' file for the general basics on using autoconf.

There are some "configure" options that are specific to fwknop.  They are
(extracted from ./configure --help):

  --disable-client        Do not build the fwknop client component. The
                          default is to build the client.
  --disable-server        Do not build the fwknop server component. The
                          default is to build the server.
  --with-gpgme            support for gpg encryption using libgpgme
                          [default=check]
  --with-gpgme-prefix=PFX prefix where GPGME is installed (optional)
  --with-gpg=/path/to/gpg Specify path to the gpg executable that gpgme will
                          use [default=check path]
  --with-iptables=/path/to/iptables
                          Specify path to the iptables executable
                          [default=check path]
  --with-ipfw=/path/to/ipfw
                          Specify path to the ipfw executable [default=check
                          path]
  --with-sh=/path/to/sh   Specify path to the sh executable [default=check
                          path]


NOTE to those who may be migrating from the Perl version of fwknop
==================================================================
For those of you who are currently using the Perl version and plan to 
migrate to this version, there are some things to be aware of:

    - Not all of the features and functionality of the Perl-based
      fwknop were ported to this implementation.  We felt it important
      to keep the C version as lean and lightweight as possible.  Most
      of the omitted feature/functions (like email alerts) can be
      accomplished through other means (i.e. use an external script
      to monitor log files and alert based on appropriate log messages).

    - There are some diffences in the fwknop configuration and access
      file directives and values.  Some of these are fairly subtle. You
      should pay careful attention to the documentation and comments in
      those files.


NOTE FOR DEVELOPERS
===================
If you are pulling this distribution from git, you should run the
"autogen.sh" script to generate the autoconf files. If you get errors about
missing directories or files, try running "autogen.sh" again.  After that
you can run the "autoreconf -i" when you want to regenerate the configuration.
If, for some reason, autoreconf does not work for you, the "autogen.sh"
script should suffice.

The fwknop and fwknopd man page nroff sources are included in their
respective directorys (client and server).  These nroff files are derived
from the asciidoc sources in the 'docs' directory.  See the README in docs
for details.

Something went wrong with that request. Please try again.