6ef24092b5
Keep track of configured peer count correctly on dynamic reloads
2012-11-10 15:20:39 +01:00
13c71785b5
Don't allow global config statements in peer groups
2012-11-10 14:55:41 +01:00
68b33305cc
Give the default peer group a name
2012-11-10 14:47:28 +01:00
c0e60d4823
Truncate PID file
2012-11-08 08:47:19 +01:00
93ee0d9cb3
fastd 6-rc1
2012-11-06 20:46:38 +01:00
2bf6746fb7
Get rid of some annoyances with peer limits
...
Remove some debug messages, and don't resolve peers again and again we don't
want to connect to anyways.
2012-11-05 23:46:27 +01:00
f7244b9309
Don't inline send_handshake
2012-11-05 23:37:01 +01:00
65e60edefc
Only delay initial handshakes for groups with constraints
2012-11-05 22:48:34 +01:00
773e84403f
Add randomized initial handshake delays
...
This delay should barely be noticable, and it will make fastd connect to a
random choice of peers when a peer limit is set
2012-11-05 22:35:29 +01:00
8f60a96b84
Implement peer limit constraints
2012-11-05 22:24:42 +01:00
f631c10660
Implement peer groups
2012-11-05 18:26:55 +01:00
0c2f5da165
Fix some more bugs in fastd_peer_claim_address
2012-11-05 10:11:17 +01:00
51aa24d4a2
Reset dynamic peer if there is an established session and resolve fails
...
Fixes an assertion fail when address resolution fails during session refresh.
2012-11-04 17:06:35 +01:00
2791d3bc99
Improve handling of associated sockets in key matching
2012-11-02 09:27:58 +01:00
2f81a97f5c
Directly use peer when receiving on associated sockets
2012-11-02 09:02:35 +01:00
74b73a980b
Keep track of corresonding peers in associated sockets
2012-11-02 08:56:54 +01:00
cb98cbc593
Dynamically create and destroy sockets without fixed binds
2012-11-01 15:11:40 +01:00
86df5dbefe
Move unistd.h include to fastd.h
2012-11-01 15:11:25 +01:00
42e44a0b5c
Handle socket errors
2012-11-01 12:14:32 +01:00
80cbd0c9bd
Refactor bind address configuration
2012-11-01 11:04:39 +01:00
921485a5bc
Allow setting IPv[46] default bind addresses
2012-10-29 23:06:24 +01:00
2f021fd3e1
Allow setting bind interface
2012-10-29 22:48:06 +01:00
2c6a4b5c11
Fix bind error messages
2012-10-29 22:45:08 +01:00
078b835209
Add support for multiple binds
2012-10-29 22:21:47 +01:00
f5462bd63a
config: Simplify default_config()
2012-10-29 12:40:13 +01:00
6626f28fc9
fastd v0.5
2012-09-21 15:53:56 +02:00
2acd81bd7a
Nicely encapsulate different crypto algorithm implementations
2012-09-21 15:10:28 +02:00
65912e3e6f
Imcrement rc version
2012-09-16 07:42:49 +02:00
2506e2c63e
Handle posix_memalign return value
...
This is nothing we could handle correctly (well, in the long run we should print
and error message), but at least this silences a warning with _FORTIFY_SOURCE.
2012-09-16 07:40:05 +02:00
e01b70358e
Increment rc version
2012-09-16 07:28:28 +02:00
ce1b13c5ea
Make implementations used for AES128-CTR and GHASH configurable.
2012-09-16 05:30:24 +02:00
7305c53351
Fix alignment for NaCl's core2 assembler implementation of AES128-CTR
2012-09-16 05:30:10 +02:00
094ecaf3b7
Ignore SIGPIPE
...
We want this because of reasons. Just to be sure.
2012-09-16 00:27:07 +02:00
f33d7756b8
Use inline function for alignment
2012-09-15 19:57:18 +02:00
b2d02587fc
Add support for kernel AES implementations
...
This gives AES128 a slight boost on my system, but it is still slower than
XSalsa20... I should probably write userspace code that can make use of AES-NI
and CLMUL. Or directly jump to the kernel space with the whole forwarding code.
Nevertheless, this might run nicely on Geode CPUs and similar hardware with AES
acceleration, at least if the context switches aren't too expensive...
2012-09-15 08:55:50 +02:00
541ee8295e
Add support for using kernel implementations of GHASH
...
This doesn't really improve performance on my Intel CPU (I guess due to the
context switches), but more tests have to be made, in combination with
offloading the AES to the kernel as well, and on different hardware.
2012-09-15 07:25:56 +02:00
37385fcd83
Rework some parts of the AES128-GCM method
...
These changes improve the performance of the AES128-GCM method by ~10% on my
Intel CPU when compiled with -O2.
Furthermore, the AES and the GHASH parts are separated now, allowing to switch
to other implementations of the algorithms more easily.
2012-09-15 06:01:11 +02:00
430a8557d4
Improve data alignment
...
Ensure that the actual packet data is always aligned to a multiple of 8.
2012-09-15 03:52:08 +02:00
3b67cdb32f
Critical: fix various problems in the AES128-GCM method
...
There were several bugs in the code that were severely lowering the expected
security and completely breaking compatiblity with alternative implementations.
The fixed version is checked against the test vectors specified in [1], and
should thus be correct.
[1] http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
2012-09-14 03:49:27 +02:00
04cd3761f1
Fix typo in --machine-readable help message
2012-07-02 20:06:37 +02:00
10758956f5
Remove unneeded include
2012-07-02 17:41:45 +02:00
19c765db7b
Require whitespace after keywords and strings etc. in config files
2012-07-02 15:43:21 +02:00
1fdfde1951
Version increment
2012-07-01 18:19:47 +02:00
87c28ed8bb
Add missing _GNU_SOURCE definition
2012-07-01 18:19:15 +02:00
1a86ef3c5c
Version increment
2012-07-01 17:04:26 +02:00
a0be6d31b4
Add support for multiple crypto methods without reconfiguration
2012-07-01 17:01:13 +02:00
cb74214fff
Fix invalid print on handshake failure with an unknown code.
2012-07-01 16:18:33 +02:00
c8620dbeef
Remove unneeded size bytes from GCM to suppress warnings
2012-06-27 18:26:21 +02:00
4bda71ac39
Implement GCM with lookup table
2012-06-27 15:01:33 +02:00
8b4da71374
Fix critical memory corruption bug in core
2012-06-27 14:49:02 +02:00
