224ea7b081
Convert type names to _t convention
2012-12-18 21:00:44 +01:00
766a0c145d
Always convert v4-mapped IPv6 addresses to IPv4 addresses
2012-12-13 18:02:39 +01:00
505eb46494
Add helper function to simplify v4-mapped addresses
2012-12-13 17:51:00 +01:00
da4d1d1586
Reduce v4-mapped IPv6 addresses to IPv4 addresses
...
We need this for "any" binds to work correctly again.
2012-12-13 14:13:51 +01:00
b3b4397734
Only try to set MTU when it isn't correct
...
This allows fastd to run completely without root privileges when the TUN/TAP
device is pre-created
2012-12-08 23:52:28 +01:00
6b6099a630
Maximum interface name length is IFNAMSIZ-1, not IFNAMSIZ
...
Linux handles the string just fine without NULL termination, but that doesn't
make it correct...
2012-12-08 23:35:39 +01:00
268aefb54c
Free socket before handshake if no address is set to avoid crash
2012-12-08 17:51:22 +01:00
9a155e4c51
Revert "Fix crash occuring under certain circumstances on resolve failure"
...
This reverts commit 6330d8abe0
2012-12-08 17:46:34 +01:00
6330d8abe0
Fix crash occuring under certain circumstances on resolve failure
...
When a dynamic peer is in handshake state and a previous resolve has returned an
address, the peer must be reset on a resolve failure even when there is no
established session to avoid aborting on the next handshake.
2012-12-08 12:54:41 +01:00
64754a379d
Increment version for new development
2012-12-08 12:54:10 +01:00
656175881b
fastd 6
2012-11-10 18:06:14 +01:00
6ef24092b5
Keep track of configured peer count correctly on dynamic reloads
2012-11-10 15:20:39 +01:00
13c71785b5
Don't allow global config statements in peer groups
2012-11-10 14:55:41 +01:00
68b33305cc
Give the default peer group a name
2012-11-10 14:47:28 +01:00
c0e60d4823
Truncate PID file
2012-11-08 08:47:19 +01:00
93ee0d9cb3
fastd 6-rc1
2012-11-06 20:46:38 +01:00
2bf6746fb7
Get rid of some annoyances with peer limits
...
Remove some debug messages, and don't resolve peers again and again we don't
want to connect to anyways.
2012-11-05 23:46:27 +01:00
f7244b9309
Don't inline send_handshake
2012-11-05 23:37:01 +01:00
65e60edefc
Only delay initial handshakes for groups with constraints
2012-11-05 22:48:34 +01:00
773e84403f
Add randomized initial handshake delays
...
This delay should barely be noticable, and it will make fastd connect to a
random choice of peers when a peer limit is set
2012-11-05 22:35:29 +01:00
8f60a96b84
Implement peer limit constraints
2012-11-05 22:24:42 +01:00
f631c10660
Implement peer groups
2012-11-05 18:26:55 +01:00
0c2f5da165
Fix some more bugs in fastd_peer_claim_address
2012-11-05 10:11:17 +01:00
51aa24d4a2
Reset dynamic peer if there is an established session and resolve fails
...
Fixes an assertion fail when address resolution fails during session refresh.
2012-11-04 17:06:35 +01:00
2791d3bc99
Improve handling of associated sockets in key matching
2012-11-02 09:27:58 +01:00
2f81a97f5c
Directly use peer when receiving on associated sockets
2012-11-02 09:02:35 +01:00
74b73a980b
Keep track of corresonding peers in associated sockets
2012-11-02 08:56:54 +01:00
cb98cbc593
Dynamically create and destroy sockets without fixed binds
2012-11-01 15:11:40 +01:00
86df5dbefe
Move unistd.h include to fastd.h
2012-11-01 15:11:25 +01:00
42e44a0b5c
Handle socket errors
2012-11-01 12:14:32 +01:00
80cbd0c9bd
Refactor bind address configuration
2012-11-01 11:04:39 +01:00
921485a5bc
Allow setting IPv[46] default bind addresses
2012-10-29 23:06:24 +01:00
2f021fd3e1
Allow setting bind interface
2012-10-29 22:48:06 +01:00
2c6a4b5c11
Fix bind error messages
2012-10-29 22:45:08 +01:00
078b835209
Add support for multiple binds
2012-10-29 22:21:47 +01:00
f5462bd63a
config: Simplify default_config()
2012-10-29 12:40:13 +01:00
6626f28fc9
fastd v0.5
2012-09-21 15:53:56 +02:00
2acd81bd7a
Nicely encapsulate different crypto algorithm implementations
2012-09-21 15:10:28 +02:00
65912e3e6f
Imcrement rc version
2012-09-16 07:42:49 +02:00
2506e2c63e
Handle posix_memalign return value
...
This is nothing we could handle correctly (well, in the long run we should print
and error message), but at least this silences a warning with _FORTIFY_SOURCE.
2012-09-16 07:40:05 +02:00
e01b70358e
Increment rc version
2012-09-16 07:28:28 +02:00
ce1b13c5ea
Make implementations used for AES128-CTR and GHASH configurable.
2012-09-16 05:30:24 +02:00
7305c53351
Fix alignment for NaCl's core2 assembler implementation of AES128-CTR
2012-09-16 05:30:10 +02:00
094ecaf3b7
Ignore SIGPIPE
...
We want this because of reasons. Just to be sure.
2012-09-16 00:27:07 +02:00
f33d7756b8
Use inline function for alignment
2012-09-15 19:57:18 +02:00
b2d02587fc
Add support for kernel AES implementations
...
This gives AES128 a slight boost on my system, but it is still slower than
XSalsa20... I should probably write userspace code that can make use of AES-NI
and CLMUL. Or directly jump to the kernel space with the whole forwarding code.
Nevertheless, this might run nicely on Geode CPUs and similar hardware with AES
acceleration, at least if the context switches aren't too expensive...
2012-09-15 08:55:50 +02:00
541ee8295e
Add support for using kernel implementations of GHASH
...
This doesn't really improve performance on my Intel CPU (I guess due to the
context switches), but more tests have to be made, in combination with
offloading the AES to the kernel as well, and on different hardware.
2012-09-15 07:25:56 +02:00
37385fcd83
Rework some parts of the AES128-GCM method
...
These changes improve the performance of the AES128-GCM method by ~10% on my
Intel CPU when compiled with -O2.
Furthermore, the AES and the GHASH parts are separated now, allowing to switch
to other implementations of the algorithms more easily.
2012-09-15 06:01:11 +02:00
430a8557d4
Improve data alignment
...
Ensure that the actual packet data is always aligned to a multiple of 8.
2012-09-15 03:52:08 +02:00
3b67cdb32f
Critical: fix various problems in the AES128-GCM method
...
There were several bugs in the code that were severely lowering the expected
security and completely breaking compatiblity with alternative implementations.
The fixed version is checked against the test vectors specified in [1], and
should thus be correct.
[1] http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
2012-09-14 03:49:27 +02:00
