DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
fwknop/README

86 lines
3.7 KiB
Plaintext
Raw Blame History

This is the top-level directory for the C version of fwknop.
Additional information and details can be found on the fwknop-c site at
http://devmetrix.org/trac/fwknop-c.
INTRODUCTION
============
This distribution will be a C-based implementation of Michael Rash's
Perl-based "fwknop" programs. For more information on fwknop and what
it is all about, go to http://www.cipherdyne.org/fwknop.
CURRENT STATE
=============
At present, we have an implementation of the Firewall Knock Operator
library; `libfko', as well as the fwknop client and server applications.
The library provides the API and back-end functionality for managing the
Single Packet Authorization (SPA) data that the other fwknop components
employ. It also can be used by other programs that need SPA functonality
(see the `perl' directory for the FKO perl module as an example).
This first version of the C implementation is planned to be compatible
with legacy Perl-based fwknop version 1.9.x. However, it was decided to
start the version number at 2.0.0 to differentiate it from the current
Perl implementation.
BUILDING fwknop
===============
This distribution uses GNU autoconf for setting up the build. Please see
the `INSTALL' file for the general basics on using autoconf.
There are some "configure" options that are specific to fwknop. They are
(extracted from ./configure --help):
--disable-client Do not build the fwknop client component. The
default is to build the client.
--disable-server Do not build the fwknop server component. The
default is to build the server.
--with-gpgme support for gpg encryption using libgpgme
[default=check]
--with-gpgme-prefix=PFX prefix where GPGME is installed (optional)
--with-gpg=/path/to/gpg Specify path to the gpg executable that gpgme will
use [default=check path]
--with-iptables=/path/to/iptables
Specify path to the iptables executable
[default=check path]
--with-ipfw=/path/to/ipfw
Specify path to the ipfw executable [default=check
path]
--with-sh=/path/to/sh Specify path to the sh executable [default=check
path]
NOTE to those who may be migrating from the Perl version of fwknop
==================================================================
For those of you who are currently using the Perl version and plan to
migrate to this version, there are some things to be aware of:
- Not all of the features and functionality of the Perl-based
fwknop were ported to this implementation. We felt it important
to keep the C version as lean and lightweight as possible. Most
of the omitted feature/functions (like email alerts) can be
accomplished through other means (i.e. use an external script
to monitor log files and alert based on appropriate log messages).
- There are some diffences in the fwknop configuration and access
file directives and values. Some of these are fairly subtle. You
should pay careful attention to the documentation and comments in
those files.
NOTE FOR DEVELOPERS
===================
If you are pulling this distribution from Subversion, you will need to
run the "autogen.sh" script in the top of the distribution directory in '
order to generate the autoconf (and other) meta files, and the `configure'
script.
The fwknop and fwknopd man page nroff sources are included in their
respective directorys (client and server). These nroff files are derived
from the asciidoc sources in the 'docs' directory. See the README in docs
for details.
View Git Blame Copy Permalink