On Tue, Jun 2, 2015 at 8:00 AM Michael Rash <[email protected]> wrote:
> On Mon, Jun 1, 2015 at 10:05 PM, Jonathan Bennett <[email protected]> > wrote: > >> Hello all >> >> >It's looking like I'll have all the ui stuff working soon. I haven't >> looked closely at the call to libfko yet. Hoping that's not too complex. >> I'll keep you all posted. >> >> It was more complex than anticipated. And c pointers still make my >> head hurt a bit.However, it works! >> > >> It's a prototype, remember. There are usability problems, there are >> probably bugs, but the core functionality seems to be working. knocks >> can be sent using base64 or normal keys, hmac optional. Source IP, >> Resolve IP, and Allow IP are all supported. The qr code import is >> there and working. There is much code cleanup to come, as well as >> usability tweaks and expanded functionality. >> > > Excellent. > > >> >> A couple hints, both the save config and qrcode buttons are in the >> drop down menu, or on an older device, use the menu button. To send a >> knock, long tap the nickname on the list of configs and select send >> knock. >> >> One problem I am aware of is when running on a tablet, saving a config >> doesn't automatically add it to the list of configs. I'll get that >> fixed soon. Workaround is to save config, and then close the app. >> Reopen and it will be there. >> >> https://github.com/oneru/Fwknop2 is where the source is currently >> living. I actually would like to keep the android client separate from >> the main fwknop repo. It makes sense to me to think of them as >> separate projects. The android client could stay on my github page, or >> we could move it to Michael's. I don't have a strong preference. I >> would like to retain commit access to it wherever it goes, though. =) >> > > Agreed they are probably better suited as separate projects. For your > build process you can always script around getting the latest libfko > sources, etc. > The gradle build system supports doing this, and it is what I have in mind eventually. I'm thinking that perhaps my trunk will follow bleeding source, and then branch for release, and pull a specific release of libfko. That way, building the released android client won't break if something changes in fwknop trunk. > Since this is your code, perhaps this is best hosted on your github page? > When you are ready to publish a release, I'll start linking to your code > base and help to get the word out about the updated Android client. > That woks. We'll work out pushing to the android play store and F-droid when it's closer to ready. > > >> >> >From what i understand of the play store and f-droid, we can't use >> either "fwknop" or "fwknop client" as there are already apps with >> those names. I've just gone with fwknop2, though another name would be >> fine. AndKnock, andknop, fwand, fwdroid, whatever. >> > > I'm not very good with names - fwknop2 works. :) Or maybe "DroidKnock", or > "DroidFKO"? > SuperDroidKnocker2000? ;) > > >> >> I used android Studio, and the gradle build tools. If you want to >> build the client yourself, you'll need the most recent android sdk and >> ndk installed, and then run the gradlew script. The other option is to >> grab it from http://incomsystems.biz/misc/fwknop2-debug.apk. Test it, >> send me feedback, etc. >> > > I'll get set up and help with testing. > > >> >> I've been code sprinting to get this working, and I'll probably lay >> off for a couple days, but I have more to do and more ideas to work >> into the client. I've also uncovered a couple unexpected bugs and >> annoyances in the openwrt implementation. This will all get fixed. >> >> I strongly want to implement the juicessh plugin stuff. It will take >> time, but it'll get there. >> >> One last note: the web site that was used for ip address lookup was >> painfully slow. The new app doesn't do the lookup until a knock is >> sent that uses "resolve ip", but I was often waiting 60 seconds or >> longer for that lookup to finish. After looking a bit, I decided to >> use http://whatismyip.akamai.com. It is *much* quicker to respond. I >> might add an option to select which site to use in the future. It >> seems that there should be a better way to get the public IP, but I >> have yet to work out what that would be. Depending on a 3rd party web >> site seems less than ideal, but again, I have no alternative yet. >> >> > There have been a ton of people hitting the cipherdyne.org myip script, > so this might explain the slowness. > The old android client actually used http://ifconfig.me/ip. The Cipherdyne page seems to be reasonably speedy. So, another reason to make it a configurable option. > > Thanks, > > --Mike > > > >> ~Jonathan Bennett >> >> On Sat, May 30, 2015 at 8:23 PM, Michael Rash <[email protected]> >> wrote: >> > >> > >> > On Fri, May 29, 2015 at 10:50 PM, Jonathan Bennett < >> [email protected]> >> > wrote: >> >> >> >> >> >> >> >> On Fri, May 29, 2015 at 9:15 PM Michael Rash <[email protected]> >> >> wrote: >> >>> >> >>> On Fri, May 29, 2015 at 4:03 PM, Jonathan Bennett < >> [email protected]> >> >>> wrote: >> >>>> >> >>>> I am making decent progress on the android implementation of fwknop. >> I >> >>>> have rewritten the user interface nearly from scratch. I do have a >> couple >> >>>> questions, though. >> >>> >> >>> >> >>> Excellent. >> >>> >> >>>> >> >>>> First, the existing android app is on the marketplace under the >> company >> >>>> Maximum Idea. It would seem more appropriate for the app to be >> distributed >> >>>> by Cipherdyne. I am certain there is some history there, but we >> should >> >>>> consider pulling the old apps and publishing under the Cipherdyne >> name. >> >>> >> >>> >> >>> Agreed - sounds like you are suggesting an official marketplace >> account >> >>> where fwknop apps are distributed, and your rewrite could serve as >> the basis >> >>> for the client app. This assumes you are ok with distributing your >> app via >> >>> the Cipherdyne account with you as the author, etc. >> >> >> >> >> >> Exactly this. Once I'm mostly satisfied with what I've got, I'll put >> the >> >> source on github and get some code review & comments. Once we're >> satisfied, >> >> we should publish it officially to the play store. >> > >> > >> > Ok, that sounds like a plan. Although I don't have an Android phone, I >> have >> > done a couple of modifications to the Android app using the Android >> emulator >> > on Linux. So, I should be able to help test. >> >>>> >> >>>> Also, in regards to capturing qr codes. There is an open source >> project, >> >>>> https://github.com/zxing/zxing. This is Apache 2 licensed. I can >> call their >> >>>> play store app. If it is not installed, the user is sent to the play >> store >> >>>> to install it. This is not a terrible solution, but it seems that we >> could >> >>>> include their library with our source and capture the qr code without >> >>>> calling an external app. I prefer making this work for not only the >> ease of >> >>>> use, but it also seems it would be more secure to stay within the >> fwknop >> >>>> process. Thoughts? >> >>> >> >>> >> >>> Hmm, not sure about this one. There is precedent in fwknop currently >> for >> >>> calling external programs from both fwknop and fwknopd, but it is >> done via >> >>> execvpe() when available with no environment, and calling external >> programs >> >>> generally allows fwknop to minimize library dependencies. fwknop >> executes >> >>> wget in -R mode in order to resolve the external IP via SSL/TLS when >> wget >> >>> offers this feature, and means that fwknop does not itself have to >> link >> >>> against an SSL library. fwknopd executes firewall control binaries >> directly >> >>> (iptables, ipfw, etc.) instead of linking against libraries the >> firewall >> >>> projects may provide, and also even libpcap is an optional library >> >>> dependency and can be eliminated at compile time if one is willing to >> run in >> >>> --udp-server mode. >> >> >> >> >> >> My thoughts are that an Open Source Java library can be inspected and >> >> generally trusted, but a precompiled app on the market cannot be >> audited. >> >> Probably not a huge issue. >> > >> > >> > Yes, agreed. If this can be done within the realm of Java for the >> Android >> > app without requiring the fwknop C code to link against a new library, >> then >> > I'm all for it. And, from looking at zxing, this would probably be the >> most >> > likely path anyway. You'll likely still want to have your app extend >> libfko >> > for SPA packet creation just as the current Android app does, but the >> zxing >> > stuff would be independent of this. >> > >> >>> >> >>> >> >>> But, the above is for the C implementation of fwknop, fwknopd, and >> >>> libfko. On Android, would the zxing integration be done with their >> java code >> >>> into your fwknop client java code? I see they seem to have a C++ >> component, >> >>> but I'm assuming you're referring to the Java stuff, correct? >> >> >> >> I've not dug into the option there all the way, but I believe they have >> >> made the central java lib available for inclusion into other projects. >> >> >> >>> >> >>> If so, then integrating their java code into your client code would >> be a >> >>> nice win for ease of use for sure. Or are you thinking of integrating >> the >> >>> C++ code into libfko, and having a Java extension of this code like >> the >> >>> current Android app? >> >> >> >> I am planning to stay in the realm of java for the moment. I think it >> >> makes sense to leave libfko alone. >> > >> > >> > Ok, cool. >> > >> >> >> >> >> >> For now, I'm leaving it an external program with the intention to go >> back >> >> and try to integrate it once other things are working. >> >>> >> >>> >> >>>> >> >>>> With any luck, I might have a working prototype done this weekend. >> >>> >> >>> >> >>> Very cool. >> >> >> >> It's looking like I'll have all the ui stuff working soon. I haven't >> >> looked closely at the call to libfko yet. Hoping that's not too >> complex. >> >> I'll keep you all posted. >> > >> > >> > Sounds great. >> > >> > --Mike >> > >> > >> >> >> >> >> >> ~Jonathan Bennett >> >>> >> >>> >> >>> Thanks, >> >>> >> >>> --Mike >> >>> >> >>>> >> >>>> ~Jonathan Bennett >> >>>> >> >>>> >> >>> >> >>> >> ------------------------------------------------------------------------------ >> >>> _______________________________________________ >> >>> Fwknop-discuss mailing list >> >>> [email protected] >> >>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >> > >> > >> > >> > >> > -- >> > Michael Rash | Founder >> > http://www.cipherdyne.org/ >> > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F >> > >> > >> ------------------------------------------------------------------------------ >> > >> > _______________________________________________ >> > Fwknop-discuss mailing list >> > [email protected] >> > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >> > >> > > > > -- > Michael Rash | Founder > http://www.cipherdyne.org/ > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > ------------------------------------------------------------------------------ > _______________________________________________ > Fwknop-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >
------------------------------------------------------------------------------
_______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
