fwknop/ChangeLog

2010-01-02  Michael Rash  <mbr@cipherdyne.org>
	* Added a new command line argument "--last-cmd" to run the fwknop client
	  with the same command line arguments as the previous time it was
	  executed.  The previous arguments are parsed out of the ~/.fwknop.run
	  file (if it exists).
	* Bug fix to not send any SPA packet out on the wire if a NULL password/key
	  is provided to the fwknop client.  This could happen if the user tried to
	  abort fwknop execution by sending the process a SIGINT while being
	  prompted to enter the password/key for SPA encryption.

2010-01-03  Damien Stuart <dstuart@dstuart.org>
	* Added access.conf file, parsing, and processing.
	* Added a new acces.conf parameter, RESTRICT_PORTS for specifying 1 or more
	  proto/ports that are explicitly not allowed.
	* Upon startup, fwknopd will now create the path to the configured run direcory
	  and/or the basename of the digest cache file if they do not already exist.

2010-01-02  Michael Rash  <mbr@cipherdyne.org>
	* Added --packet-limit to fwknopd so that the number of incoming candidate
	  SPA packets can be limited from the command line.  When this limit is
	  reached (any packet that contains application layer data and passes the
	  pcap filter is included in the count) then fwknopd exits.

2009-12-28  Damien Stuart <dstuart@dstuart.org>
	* Updated autoconf to look for local external executables like iptables,
	  ipfw, sendmail, mail, and sh in the PATH and set corresponding
	  definitions in config.h (only if the server is being built).
	* Added ability to set the path to the executables listed above via
	  "--with-xx=<path>" arguments to configure.  The arg will force the
	  given value whether it exists or not (though it will issue a warning
	  if the path does not exist).

2009-11-01  Michael Rash  <mbr@cipherdyne.org>
	* (Legacy code) Applied patch from Jonthan Bennett to support the usage of
	  the http_proxy environmental variable for sending SPA packets through an
	  HTTP proxy.  The patch also adds support for specifying an HTTP proxy
	  user and password via the following syntax:
	     'http://username:password@proxy.com:port' or
	     'http://username:password@proxy.com'
	* (Legacy code) Bug fix to allow the --rand-port argument to function along
	  without an inappropriate check for the --Server-port arg.

2009-10-27  Michael Rash  <mbr@cipherdyne.org>
	* Added --http-proxy argument to the fwknop C client so that SPA packets
	  can be sent through HTTP proxies.
	* (Legacy code) Changed HTTP proxy handling to point an SPA packet to
	  an HTTP proxy with -D specifying the end point host and --HTTP-proxy
	  pointing to the proxy host.  This fix was suggested by Jonathan Bennett.

2009-08-02  Damien Stuart <dstuart@dstuart.org>
	* Tweaks to digest code - added SHA384 and SHA512 to supported digests.
	* Updated autoconf files to account or new headers and types recently added.
	* Bumped libfko version to 0.63 and perl FKO module version to 0.23.

2009-07-26  Michael Rash  <mbr@cipherdyne.org>
	* Implemented -s command line argument on the fwknop client command line
	  so that the IP "0.0.0.0" can be sent within an SPA packet.  The fwknopd
	  server can wrap access requirements around this IP.
	* Initial public release of fwknop-c-0.62.

2009-07-23  Michael Rash  <mbr@cipherdyne.org>
	* Added the --show-last and --no-save command line options to show the
	  command line used for the previous fwknop invocation, and to have the
	  fwknop client not save its command line arguments.
	* Bug fix to force libfko to recalculate the random data embedded in the
	  the SPA packet after a random port is acquired via --rand-port or
	  --nat-rand-port.  This is a precaution so that an attacker cannot guess
	  some of the internal SPA data based on the destination port number.

2009-07-21  Michael Rash  <mbr@cipherdyne.org>
	* Got forward and local NAT modes working with the --nat-access,
	  --nat-local, --nat-port, and --nat-randport options.  All NAT modes
	  are now passing the fwknop test suite.
	* Added the --server-command option to build an SPA packet with a command
	  for the server to execute.
	* Added the --fw-timeout option for client side timeouts to be specified.
	* Added the --time-offset-plus and --time-offset-minus options to allow
	  the user to influence the timestamp associated with an SPA packet.
	* Added the --rand-port option so that the SPA packet destination port can
	  be randomized.

2009-07-16  Michael Rash  <mbr@cipherdyne.org>
	* Added the ability to send SPA packets over valid HTTP requests with
	  the fwknop-c client.
	* Added support for transmitting SPA packets over IPv6 via TCP and UDP
	  sockets, and also via HTTP.
	* Added GnuPG 'hQ' base64 encoded prefix handling (this prefix is
	  stripped out of encrypted SPA packet data).
	* Added hostname resolution support to the fwknop-c client if the SPA
	  server is specified as a hostname instead of an IP address.

2008-05-24  Damien Stuart  <dstuart@dstuart.org>
	* Added win32 direcory with Visual Studio 2008 solution and project files
	  for buildin on the Windows platform.

2008-12-21  Damien Stuart  <dstuart@dstuart.org>

	Build 0.0.0 alpha

	* autogen.sh: created.
	* autoconf/automake: Initial configuration created.

 Copyright 2009, Damien Stuart

 This file is free software; as a special exception the author gives
 unlimited permission to copy and/or distribute it, with or without
 modifications, as long as this notice is preserved.

 This file is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.