Hello all >It's looking like I'll have all the ui stuff working soon. I haven't looked >closely at the call to libfko yet. Hoping that's not too complex. I'll keep >you all posted.
It was more complex than anticipated. And c pointers still make my head hurt a bit.However, it works! It's a prototype, remember. There are usability problems, there are probably bugs, but the core functionality seems to be working. knocks can be sent using base64 or normal keys, hmac optional. Source IP, Resolve IP, and Allow IP are all supported. The qr code import is there and working. There is much code cleanup to come, as well as usability tweaks and expanded functionality. A couple hints, both the save config and qrcode buttons are in the drop down menu, or on an older device, use the menu button. To send a knock, long tap the nickname on the list of configs and select send knock. One problem I am aware of is when running on a tablet, saving a config doesn't automatically add it to the list of configs. I'll get that fixed soon. Workaround is to save config, and then close the app. Reopen and it will be there. https://github.com/oneru/Fwknop2 is where the source is currently living. I actually would like to keep the android client separate from the main fwknop repo. It makes sense to me to think of them as separate projects. The android client could stay on my github page, or we could move it to Michael's. I don't have a strong preference. I would like to retain commit access to it wherever it goes, though. =) >From what i understand of the play store and f-droid, we can't use either "fwknop" or "fwknop client" as there are already apps with those names. I've just gone with fwknop2, though another name would be fine. AndKnock, andknop, fwand, fwdroid, whatever. I used android Studio, and the gradle build tools. If you want to build the client yourself, you'll need the most recent android sdk and ndk installed, and then run the gradlew script. The other option is to grab it from http://incomsystems.biz/misc/fwknop2-debug.apk. Test it, send me feedback, etc. I've been code sprinting to get this working, and I'll probably lay off for a couple days, but I have more to do and more ideas to work into the client. I've also uncovered a couple unexpected bugs and annoyances in the openwrt implementation. This will all get fixed. I strongly want to implement the juicessh plugin stuff. It will take time, but it'll get there. One last note: the web site that was used for ip address lookup was painfully slow. The new app doesn't do the lookup until a knock is sent that uses "resolve ip", but I was often waiting 60 seconds or longer for that lookup to finish. After looking a bit, I decided to use http://whatismyip.akamai.com. It is *much* quicker to respond. I might add an option to select which site to use in the future. It seems that there should be a better way to get the public IP, but I have yet to work out what that would be. Depending on a 3rd party web site seems less than ideal, but again, I have no alternative yet. ~Jonathan Bennett On Sat, May 30, 2015 at 8:23 PM, Michael Rash <[email protected]> wrote: > > > On Fri, May 29, 2015 at 10:50 PM, Jonathan Bennett <[email protected]> > wrote: >> >> >> >> On Fri, May 29, 2015 at 9:15 PM Michael Rash <[email protected]> >> wrote: >>> >>> On Fri, May 29, 2015 at 4:03 PM, Jonathan Bennett <[email protected]> >>> wrote: >>>> >>>> I am making decent progress on the android implementation of fwknop. I >>>> have rewritten the user interface nearly from scratch. I do have a couple >>>> questions, though. >>> >>> >>> Excellent. >>> >>>> >>>> First, the existing android app is on the marketplace under the company >>>> Maximum Idea. It would seem more appropriate for the app to be distributed >>>> by Cipherdyne. I am certain there is some history there, but we should >>>> consider pulling the old apps and publishing under the Cipherdyne name. >>> >>> >>> Agreed - sounds like you are suggesting an official marketplace account >>> where fwknop apps are distributed, and your rewrite could serve as the basis >>> for the client app. This assumes you are ok with distributing your app via >>> the Cipherdyne account with you as the author, etc. >> >> >> Exactly this. Once I'm mostly satisfied with what I've got, I'll put the >> source on github and get some code review & comments. Once we're satisfied, >> we should publish it officially to the play store. > > > Ok, that sounds like a plan. Although I don't have an Android phone, I have > done a couple of modifications to the Android app using the Android emulator > on Linux. So, I should be able to help test. >>>> >>>> Also, in regards to capturing qr codes. There is an open source project, >>>> https://github.com/zxing/zxing. This is Apache 2 licensed. I can call their >>>> play store app. If it is not installed, the user is sent to the play store >>>> to install it. This is not a terrible solution, but it seems that we could >>>> include their library with our source and capture the qr code without >>>> calling an external app. I prefer making this work for not only the ease of >>>> use, but it also seems it would be more secure to stay within the fwknop >>>> process. Thoughts? >>> >>> >>> Hmm, not sure about this one. There is precedent in fwknop currently for >>> calling external programs from both fwknop and fwknopd, but it is done via >>> execvpe() when available with no environment, and calling external programs >>> generally allows fwknop to minimize library dependencies. fwknop executes >>> wget in -R mode in order to resolve the external IP via SSL/TLS when wget >>> offers this feature, and means that fwknop does not itself have to link >>> against an SSL library. fwknopd executes firewall control binaries directly >>> (iptables, ipfw, etc.) instead of linking against libraries the firewall >>> projects may provide, and also even libpcap is an optional library >>> dependency and can be eliminated at compile time if one is willing to run in >>> --udp-server mode. >> >> >> My thoughts are that an Open Source Java library can be inspected and >> generally trusted, but a precompiled app on the market cannot be audited. >> Probably not a huge issue. > > > Yes, agreed. If this can be done within the realm of Java for the Android > app without requiring the fwknop C code to link against a new library, then > I'm all for it. And, from looking at zxing, this would probably be the most > likely path anyway. You'll likely still want to have your app extend libfko > for SPA packet creation just as the current Android app does, but the zxing > stuff would be independent of this. > >>> >>> >>> But, the above is for the C implementation of fwknop, fwknopd, and >>> libfko. On Android, would the zxing integration be done with their java code >>> into your fwknop client java code? I see they seem to have a C++ component, >>> but I'm assuming you're referring to the Java stuff, correct? >> >> I've not dug into the option there all the way, but I believe they have >> made the central java lib available for inclusion into other projects. >> >>> >>> If so, then integrating their java code into your client code would be a >>> nice win for ease of use for sure. Or are you thinking of integrating the >>> C++ code into libfko, and having a Java extension of this code like the >>> current Android app? >> >> I am planning to stay in the realm of java for the moment. I think it >> makes sense to leave libfko alone. > > > Ok, cool. > >> >> >> For now, I'm leaving it an external program with the intention to go back >> and try to integrate it once other things are working. >>> >>> >>>> >>>> With any luck, I might have a working prototype done this weekend. >>> >>> >>> Very cool. >> >> It's looking like I'll have all the ui stuff working soon. I haven't >> looked closely at the call to libfko yet. Hoping that's not too complex. >> I'll keep you all posted. > > > Sounds great. > > --Mike > > >> >> >> ~Jonathan Bennett >>> >>> >>> Thanks, >>> >>> --Mike >>> >>>> >>>> ~Jonathan Bennett >>>> >>>> >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> Fwknop-discuss mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > > > > > -- > Michael Rash | Founder > http://www.cipherdyne.org/ > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > ------------------------------------------------------------------------------ > > _______________________________________________ > Fwknop-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > ------------------------------------------------------------------------------ _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
