diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/source/index.rst | 1 | ||||
-rw-r--r-- | doc/source/manual/config.rst | 2 | ||||
-rw-r--r-- | doc/source/releases/v18.rst | 73 |
3 files changed, 76 insertions, 0 deletions
diff --git a/doc/source/index.rst b/doc/source/index.rst index 3a5c0c6..7b369cc 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -18,6 +18,7 @@ Release notes .. toctree:: :maxdepth: 2 + releases/v18 releases/v17 releases/v16 releases/v15 diff --git a/doc/source/manual/config.rst b/doc/source/manual/config.rst index ea42c4e..0abebeb 100644 --- a/doc/source/manual/config.rst +++ b/doc/source/manual/config.rst @@ -131,6 +131,8 @@ Example config: Includes each file in a directory as a peer configuration. These peers are reloaded when fastd receives a SIGHUP signal. +.. _option-interface: + | ``interface "<name>";`` Sets the name of the TUN/TAP interface to use; it will be set by the OS when no name is configured explicitly. diff --git a/doc/source/releases/v18.rst b/doc/source/releases/v18.rst new file mode 100644 index 0000000..7683836 --- /dev/null +++ b/doc/source/releases/v18.rst @@ -0,0 +1,73 @@ +fastd v18 (in development) +========================== + +New features +~~~~~~~~~~~~ + +Multi-interface modes +--------------------- + +A single fastd instance can now manage multiple TUN/TAP interfaces. This allows to +use multiple peers and peer directories in TUN mode, creating one interface for each +peer. *on-up* and *on-down* scripts are run once for each interface. + +By default, all interfaces are created on startup or peer reload; the option +*interface persist* can be used to change this behaviour. + +In addition to the multi-peer TUN mode, it is also possible to make fastd create one +interface per peer in TAP mode now. This is enabled by the setting *mode multitap* +(the option for multi-interface TUN mode is just *mode tun*, as there is no TUN mode +which handles multiple peers on a single interface.) + +Multi-TAP mode is compatible with TAP mode, i.e. the peer may be configured in normal +TAP mode (and may use a fastd version without multi-TAP support. + +If explicit interface names are configured, these names must now be set for each peer, +which may either be done explicitly, or using :ref:`name patterns <option-interface>`. + +Peer-specific interfaces may also be configured with peer-specific MTUs. + +Interface cleanup on FreeBSD/OpenBSD +------------------------------------ + +FreeBSD and OpenBSD do not automatically destroy TUN/TAP interfaces. fastd will +now destroy the interfaces it creates on these systems on exit. + +Improved capability management +------------------------------ + +fastd will now automatically retain all POSIX capabilities it needs, so all options +should now work without full root privileges. + +The option *drop capabilities force* may be used to drop CAP_NET_ADMIN even when +fastd would normally retain it. + +More powerful peer groups +------------------------- + +All *on-\** options may now be overridden per peer group. + +In particular, the *on-verify* option may be moved into a peer group to determine +the peer group of unconfigured peers. This allows to set a peer limit for unconfigured +peers without globally limiting the peer count. + +Bugfixes +~~~~~~~~ + +* When linked with NaCl instead of libsodium, fastd would use SSE for salsa20/salsa2012 on x86 even after + determining that SSE is not availble. This led to crashes or transmission + failures on CPUs like the Geode. +* Fix crash on x86-64 systems when built with certain combinations of GCC version and + stack-protector compiler flags (observed on Fedora) +* fastd did reject configurations which contain neither static peers nor + peer directories, but a *on-verify* option +* The status socket is now removed correctly if fastd exits with an error message +* fastd did exit with regular exit code 0 instead of re-raising the termination signal after cleanup +* Fix in-tree compile on non-Linux systems + +Other changes +~~~~~~~~~~~~~ + +* Some error conditions that can't be recovered from will now cause fastd + to exit instead of just logging an error message. This allows service managers like systemd/procd + to restart fastd, so proper operation can be restored. |