Michael Rash
Michael Rash
Make sure that compiler dead store optimization doesn't negate the goal of zero_free(). From OpenBSD, the explicit_bzero() function accomplishes this: http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/bzero.3?query=explicit_bzero&arch=i386 Maybe even support for testing this to see if...
Karthik Ganesan suggested to the fwknop mailing list the ability to use the iptables REDIRECT target on the fwknopd server side to implement --nat-local access. This would be a more...
We should follow Franck's lead and add doxygen documentation to fwknop sources.
http://l3net.wordpress.com/projects/firejail/
Add (optional) keybase support for GPG operations for both the fwknop client and server.
fwknop-2.5 now uses PBKDF1 for key derivation. There should be an option to use PBKDF2.
Some openssl installations don't support the hexkey: option, so on such systems it would be handy to have a series of rigorous HAMC tests that use plain keys that don't...
Both the client and the server have their own functions for printing an FKO context. These should be consolidated into a libfko utility function.
Add support for multiple FORCE_NAT requirements per access stanza by using the incoming source to differentiate like so: FORCE_NAT This was suggested by "Poignant Murf" to the fwknop mailing list.
When nftables is released in the mainline kernel psad should support it. iptables support will of course need to be retained, but nftables should be supported as well. This follows...