doc update

client/fwknop.8.in

@@ -2,12 +2,12 @@
 .\"     Title: fwknop
 .\"    Author: [see the "AUTHORS" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2016
+.\"      Date: 08/06/2018
 .\"    Manual: Fwknop Client
 .\"    Source: Fwknop Client
 .\"  Language: English
 .\"
-.TH "FWKNOP" "8" "06/08/2016" "Fwknop Client" "Fwknop Client"
+.TH "FWKNOP" "8" "08/06/2018" "Fwknop Client" "Fwknop Client"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -34,7 +34,7 @@ fwknop \- Firewall Knock Operator
 \fBfwknop\fR \fB\-A\fR <\*(Aqproto/ports\*(Aq> \fB\-R\fR|\fB\-a\fR|\fB\-s \-D\fR <\*(Aqhost\*(Aq> [\fIoptions\fR]
 .SH "DESCRIPTION"
 .sp
-\fBfwknop\fR implements an authorization scheme known as Single Packet Authorization (SPA) for strong service concealment\&. SPA requires only a single packet which is encrypted, non\-replayable, and authenticated via an HMAC in order to communicate desired access to a service that is hidden behind a firewall in a default\-drop filtering stance\&. The main application of SPA is to use a firewall to drop all attempts to connect to services such as \fISSH\fR in order to make the exploitation of vulnerabilities (both 0\-day and unpatched code) more difficult\&. Any service that is concealed by SPA naturally cannot be scanned for with \fINmap\fR\&. The fwknop project natively supports four different firewalls: \fIiptables\fR and \fIfirewalld\fR on Linux systems, \fIpf\fR on OpenBSD, and \fIipfw\fR on FreeBSD and Mac OS X\&.
+\fBfwknop\fR implements an authorization scheme known as Single Packet Authorization (SPA) for strong service concealment\&. SPA requires only a single packet which is encrypted, non\-replayable, and authenticated via an HMAC in order to communicate desired access to a service that is hidden behind a firewall in a default\-drop filtering stance\&. The main application of SPA is to use a firewall to drop all attempts to connect to services such as \fISSH\fR in order to make the exploitation of vulnerabilities (both 0\-day and unpatched code) more difficult\&. Any service that is concealed by SPA naturally cannot be scanned for with \fINmap\fR\&. The fwknop project natively supports four different firewalls: \fIiptables\fR, \fIfirewalld\fR, \fIPF\fR, and \fIipfw\fR across Linux, OpenBSD, FreeBSD, and Mac OS X\&. There is also support for custom scripts so that fwknop can be made to support other infrastructure such as \fIipset\fR or \fInftables\fR\&.
 .sp
 SPA is essentially next generation Port Knocking (PK), but solves many of the limitations exhibited by PK while retaining its core benefits\&. PK limitations include a general difficulty in protecting against replay attacks, asymmetric ciphers and HMAC schemes are not usually possible to reliably support, and it is trivially easy to mount a DoS attack against a PK server just by spoofing an additional packet into a PK sequence as it traverses the network (thereby convincing the PK server that the client doesn\(cqt know the proper sequence)\&. All of these limitation are solved by SPA\&. At the same time, SPA hides services behind a default\-drop firewall policy, acquires SPA data passively (usually via libpcap or other means), and implements standard cryptographic operations for SPA packet authentication and encryption/decryption\&.
 .sp
@@ -65,7 +65,7 @@ Each of the above fields are separated by a ":" character due to the variable le
 .sp
 By default, the \fBfwknop\fR client sends authorization packets over UDP port 62201, but this can be altered with the \fB\-\-server\-port\fR argument (this requires \fBfwknopd\fR to be configured to acquire SPA data over the selected port)\&. Also, \fBfwknop\fR can send the SPA packet over a random port via the \fB\-\-rand\-port\fR argument\&. See \fIfwknopd(8)\fR for further details\&. See the \fBEXAMPLES\fR section for example invocations of the \fBfwknop\fR client\&.
 .sp
-The \fBfwknop\fR client is quite portable, and is known to run on various Linux distributions (all major distros and embedded ones such as OpenWRT as well), FreeBSD, OpenBSD, and Cygwin on Windows\&. There is also a library \fBlibfko\fR that both \fBfwknop\fR and \fBfwknopd\fR use for SPA packet encryption/decryption and HMAC authentication operations\&. This library can be used to allow third party applications to use SPA subject to the terms of the GNU General Public License (GPL v2+)\&.
+The \fBfwknop\fR client is quite portable, and is known to run on various Linux distributions (all major distros and embedded ones such as OpenWRT as well), FreeBSD, OpenBSD, Mac OS X, and Cygwin on Windows\&. There is also a library \fBlibfko\fR that both \fBfwknop\fR and \fBfwknopd\fR use for SPA packet encryption/decryption and HMAC authentication operations\&. This library can be used to allow third party applications to use SPA subject to the terms of the GNU General Public License (GPL v2+)\&.
 .SH "REQUIRED ARGUMENTS"
 .sp
 These required arguments can be specified via command\-line or from within the \fI~/\&.fwknoprc\fR file (see \fI\-n, \-\-named\-config\fR option and the FWKNOPRC FILE section below)\&.

server/fwknopd.8.in

@@ -2,12 +2,12 @@
 .\"     Title: fwknopd
 .\"    Author: [see the "AUTHORS" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 09/18/2017
+.\"      Date: 08/06/2018
 .\"    Manual: Fwknop Server
 .\"    Source: Fwknop Server
 .\"  Language: English
 .\"
-.TH "FWKNOPD" "8" "09/18/2017" "Fwknop Server" "Fwknop Server"
+.TH "FWKNOPD" "8" "08/06/2018" "Fwknop Server" "Fwknop Server"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------