forked from jvinet/knock
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
79 lines (79 loc) · 4.55 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
VERSION DESCRIPTION
-----------------------------------------------------------------------------
0.7.8 - Fix for Issue #33, #34 and #35 contributed by Alexander
Rumyanstev.
0.7.7 - Fix for Issue #7 & #17 contributed by Michael G�hler.
All IPs assigned to a single interface are now listened on.
- Fix for compile warning on OSX where daemon() is deprecated.
- Fix for Issue #15 - list.c OpenBSD segfault: change malloc
to calloc.
0.7.6 - Fix for Issue #13 where similar sequences are not detected
correctly.
0.7.5 - Added Greg Kuchyt's knock_add script but updated to be a
generic IPTables helper that also deletes rules
0.7.4 - Patches from Michael Göhler
- Updated gitignore to include additional autoconf files.
- Updated Makefile to fix deprecated warning on CPPFLAG
- -D_BSD_SOURCE.
0.7.3 - Patches from Jonathon Reinhart
- Fixed PCAP filter for PSH flag detection.
- Patches from Christos Triantafyllidis
- Updated FSF address.
0.7.2 - Patches from Paul Rogers
- Applied missing fixes from issue #16 - OpenBSD build
issues, reordering of headers, scoping DLT_LINUX_SLL for
Linux only, for -> while loop in sniff() cleanup.
0.7.1 - Patches from Paul Rogers
- Fixed issue #2 - SIGHUP (reload) now listens for new
sequences in the config file.
- Fixed issue #26 - knockd now fails if a malformed config
file is read during SIGHUP (reload).
0.7 - Patches from Oswald Buddenhagen:
- Document the 'target' configuration directive.
- Merging OS-specific networking code to reduce LOCs and the
sea of #ifdefs.
- Added 50ms timeout to pcap_open_live() to reduce CPU usage
on network-heavy hosts. Pcap recommends we not use zero.
0.6 - Patches from Oswald Buddenhagen:
- Cleanup: Don't null-check before free
- Cleanup: Consolidate flag-check logic
- Accept single-knock sequences
- Introduce a 'target' configuration directive, enabling
knockd to react to connect attempts to a target host.
Useful in cases where knockd is on a router and you want
to send a target a wakeup packet.
0.5 - Added ability to change the knocking protocol (TCP/UDP) on a
per-port basis using the knock client (instead of the -u
switch)
- Patches from Philippe Lovis <[email protected]>:
- Fixed memory leaks and potential security vulnerabilities
- Added --lookup option for DNS lookups (default is off)
- Added support for one-time sequences
- Added Interface directive to select the listening interface
- Moved packet filtering to kernel space with BPF filters
- Support for excluding TCP flags with "!"
- Removed the leftover/deprecated layer-2 MAC logic
0.4 - Added support for DLT_RAW (PPPoE) interfaces
- Changed packet inspection to use the interface's IP address
to determine the flow direction, rather than the ethernet
MAC address
- Changed logging date format to ISO (yyyy-mm-dd)
- Added hostnames to logging output
0.3.1 - Fixed a segfault occurring when a hostname cannot be resolved
- Patch from Simon Matter <[email protected]>:
- fixes build errors on Fedora
- Patch from Per Cederberg <[email protected]>:
- fixes TCP SYN timeouts in knock client
0.3 - Added PPP (LINUX_SLL) support
- Patches from Leo Costela:
- added Start_Command, Stop_Command, Cmd_Timeout directives,
allowing a single door to open and then close after a
timeout period
- knockd now re-reads config when a HUP is received
- multiple protocols supported on a per-port basis
0.2.1 - Bugfix for TCP flag discrimination
0.2 - Fixed the zombie process problem
- Added patch from Leo Costela:
- PidFile configuration directive
- support for specific TCP flags
0.1 - Initial release