Hi,
fwknop-2.6.6 has been released:
https://www.cipherdyne.org/fwknop/download/
I've tried to capture the new SNAT feature in a blog post regarding SPA and
NAT:
http://www.cipherdyne.org/blog/2015/04/nat-and-single-packet-authorization.html
Here is the complete ChangeLog:
- [server] Add the ability for fwknopd to function as an generic SPA
gateway. This allows scenarios such as the fwknopd system providing
DHCP
addresses to client systems, but those systems would be blocking by
default from accessing the broader Internet until a valid SPA packet
is
sent to the gateway. Two new access.conf variables support this
feature:
DISABLE_DNAT (do not build any DNAT rules for forwarded connections)
and
FORWARD_ALL (allow all traffic to be forwarded instead of specfic
services requested within an SPA packet). So far, this feature is only
supported on systems running iptables or firewalld. The idea was
contributed by "spartan1833" to the fwknop mailing list, and this
became
issue 131 on github.
- [server] Bug fix when compiled with --enable-udp-server to not include
pcap.h, which is likely not installed whenever libpcap is also not
installed. This bug was reported by Alexander Kozhevnikov.
- [android] (Dan Brooks) Contributed a patch for the Android client app
to
add the definition of custom server udp port. This is similiar to the
--server-port argument offered by the main fwknop client.
- [test suite] Handle versions of lcov that don't have the --rc argument
which is normally used to force the creation of branch coverage stats
when code coverage reports are created.
- [build] Add --enable-asan-support to autoconf configure script to
enable
Google's Address Sanitizer (ASan) support. This feature is used during
the testing phase for new fwknop releases. Running fwknop under the
complete test suite (and also under AFL) with ASan support compiled in
did not turn up any new bugs.
- [test suite] (Franck Joncourt) Added libfko unit tests with the CUnit
framework.
- [test suite] Set AFL_HARDEN=1 to AFL fuzzing wrapper scripts. This
enables simple memory bug detection in AFL at the cost of a small
performance hit.
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
