0cd5398354
doc: mention CMAKE_BUILD_TYPE
2015-03-16 17:31:05 +01:00
db19fce8d6
fastd_cpuid: compile on GCC again
2015-03-16 17:27:10 +01:00
bf811828eb
Make cpuid asm more robust
2015-03-16 16:28:23 +01:00
82fe2bc041
Use new json-c include path
2015-03-03 02:41:33 +01:00
Rick Lei
16a18dfb16
update libuecc version in Android build script
...
also:
* compile libsodium using gcc-4.9 with android-16
* strip fastd binary
* properly detect HomeBrew bison for OS X
2015-01-30 13:37:59 +08:00
2a69e5fe2d
Development version
2015-01-29 06:44:03 +01:00
295658a50c
fastd v17
2015-01-29 06:41:45 +01:00
45827d8a18
Remove a few more instances of strcpy
2015-01-28 21:49:12 +01:00
ad29f57f82
fastd_string_stack_dup[n]: use memcpy instead of strcpy when the length of the string is known
...
Is a bit more optimized and avoids a warning on OpenBSD
2015-01-28 21:43:18 +01:00
2248b804b1
Fix build on non-Linux systems
2015-01-28 21:35:54 +01:00
5fe94a49df
doc: clarify bind option behaviour
2015-01-28 18:45:01 +01:00
434bfbc3d1
Release note fix
2015-01-27 00:39:21 +01:00
5f65a56f4a
doc: update handshake protocol documentation
2015-01-26 23:59:38 +01:00
70ac086d24
Add preliminary fastd v17 release notes
2015-01-26 21:59:43 +01:00
99f8cd9cfb
Bump required libuecc version
2015-01-26 19:46:19 +01:00
041090275a
doc: add build documentation
2015-01-26 06:22:33 +01:00
e7be1c8c26
doc: remove now unused pmtu option
2015-01-26 04:03:16 +01:00
712ed55c45
ec25519-fhmqvc: comment update
2015-01-23 03:40:08 +01:00
6473d6608b
ec25519-fhmqvc: add sender's public key to a few debug messages
2015-01-23 01:05:00 +01:00
c5e3e5e3ad
ec25519-fhmqvc: use new hexdump logging feature for unknown keys
2015-01-23 00:17:40 +01:00
0d9b7eeb90
Add hexdump support to fastd logging functions
2015-01-23 00:17:26 +01:00
fce2157168
ec25519-fhmqvc: use reduced-bitlength scalar multiplication
...
The values d and e will only use 128bits, so speed up the scalar multiplication
by using the new reduced-bitlength scalar multiplication functions.
This change requires the current development version of libuecc.
2015-01-22 21:45:41 +01:00
dc48b23092
Downgrade "verification failed" message from verbose to debug2
...
This message will be printed for every packet in severe reordering situtations,
so better not print it by default.
In the future, we'll need a rate limiting mechanism...
2015-01-21 15:29:47 +01:00
a7594a2230
Fix handling of severe packet reordering
...
fastd would incorrectly mark wrong sequence numbers as seen when reordering by
more than 64 sequence numbers had occured.
2015-01-21 15:27:12 +01:00
ceb66fb221
Always disable PMTU discovery
...
fastd currently can't fragment packets anyways, so it doesn't make any sense to
perform PMTU discovery. This makes the config option `pmtu' a no-op.
2015-01-21 05:47:52 +01:00
eece4529cb
handshake: delay method parsing until the sender key has been handled
...
Otherwise fastd won't use the correct peer group's method list for handshakes
incoming on generic sockets.
2015-01-20 23:47:41 +01:00
972dd90499
Another comment fix
2015-01-20 22:55:17 +01:00
b5d83e3988
Implement new hash table to keep track of unknown peers handshakes have been sent to
...
This should significantly reduce the number of handshakes sent after restarting
fastd with many active connections.
2015-01-20 22:51:40 +01:00
9f1a5ab561
Never create sockets for an address family without matching binds
2015-01-17 17:06:51 +01:00
3b63a7218f
Comment typo fixes
2015-01-16 23:54:14 +01:00
6b9c59efc9
Refactor handling of platforms without user/group settings (Android)
2015-01-14 22:29:30 +01:00
ba3afc50b3
Update OpenWrt scripts
2015-01-14 21:58:29 +01:00
0a69b958bd
Update copyright years
2015-01-14 17:33:52 +01:00
6a5fa572cf
android_ctrl_sock: include and whitespace cleanup
2015-01-14 17:29:41 +01:00
Rick Lei
c4378784ae
Add Android 4.1+ support. See doc/README-Android.md for build HOWTO.
...
* Update CMake files to work with android-cmake
* Use unix domain socket for communicating with Android GUI
* May also run standalone but requires rooted Android device
2015-01-14 22:11:43 +08:00
133cee578e
Reset all connections on SIGUSR2
2015-01-14 10:03:03 +01:00
51a1da3272
Allow to configure methods per peer group
2015-01-14 00:59:49 +01:00
7815904f11
doc: add example C code to read status socket
2015-01-13 00:39:10 +01:00
bc28467b00
doc: add information about a new paper on FHMQV
2015-01-12 23:31:08 +01:00
d883d87408
README: add a hint to the Sphinx documentation
2015-01-12 21:30:21 +01:00
c34cf1122f
Make MTU mismatches fatal
...
As fastd calculates its receive buffer sizes based on the MTU, not matching MTUs
is bound to cause issues anyways, so let's fail completely.
2015-01-12 21:23:34 +01:00
f4aa015704
doc: move comments from generated source files to headers
...
Unfortunately, Doxygen stopped interpreting the .c.in files as C source files
a while ago. Move the comments to the header files to avoid the Doxygen
warnings.
2015-01-11 13:46:38 +01:00
306667786e
More doxygen fixes
...
I keep forgetting this...
2015-01-11 13:44:15 +01:00
9e43446003
config: allow ipv4/ipv6 keywords before static addresses
2015-01-11 10:56:11 +01:00
676c75fb18
poll: more include cleanup
2015-01-10 19:25:00 +01:00
cd10d66ac9
poll:remove sys/signal.h include
...
This had been added accidentially.
2015-01-10 12:28:09 +01:00
efcba8afcd
Comment typo fix
2015-01-09 22:19:36 +01:00
7e30551917
ec25519-fhmqvc: don't check group order of peers' public keys
...
Skipping this check will significantly speed up startup with many peers. As we
now do embedded group order verification, an attacker can't gain anything from
small-subgroup attacks, so skipping the check isn't a security issue.
2015-01-09 22:15:07 +01:00
68462604fa
ec25519-fhmqvc: optimize handshake by using embedded group element verification
...
Using the embedded group element verification allows us to get away without
explicit verification, thus needing one scalar multiplication less. This reduces
the number of expensive operations needed for a handshake to three: one Galois
field square root (for key unpacking) and two scalar multiplications.
For this optimization to be secure, private keys must be divisible by 8. This is
the case for all keys generated with all but extremely old versions of fastd
(pre-0.4). If fastd finds that its secret is not divisible by 8, it will refuse
to start now.
2015-01-09 17:31:10 +01:00
7286aff2c3
Move protocol-specific TLV specifications to main handshake record enum
2015-01-09 16:28:54 +01:00
