Commit graph

526 commits

Author SHA1 Message Date
ddd868d44f Optimized GCM implementation 2012-06-27 09:12:29 +02:00
5e451533dd Primitive aes128-gcm implementation 2012-06-27 02:28:49 +02:00
0ec1eb3d4c Release 0.4 2012-06-24 22:33:13 +02:00
c4955de2ec Don't re-resolve dynamic-floating peers on key refresh 2012-06-19 05:28:20 +02:00
caaba5ea19 Version increment 2012-06-15 04:15:16 +02:00
e930fc0f76 Allow setting dynamic peers to flaoting 2012-06-15 04:13:49 +02:00
bffe80f3d2 Avoid using the same handshake key to establish more than one session
This fix prevents a potential attack using intentional packet reordering to
initialize more than one session with using the same handshake keys, leading
to more that one session to be initialized with the same key data altogether,
allowing to decrypt some packets in the worst case.
2012-06-15 03:28:42 +02:00
b0a169a146 Limit handshake frequency where possible 2012-06-07 00:56:47 +02:00
25bf4f4901 Fix memory leak 2012-06-07 00:56:39 +02:00
33ec563983 Limit resolve frequency 2012-06-06 22:38:36 +02:00
7297dd73d5 Improve some log levels 2012-06-06 13:14:54 +02:00
b3d678c5f2 Increase reorder count 2012-06-05 22:32:29 +02:00
bd02e790f9 Increment rc version 2012-06-05 18:17:20 +02:00
0f14f55629 Fix possible duplicate session establishment
This is causing duplicate nonces in the worst case.
2012-06-05 18:10:11 +02:00
227af67a3c printf: add %p pattern 2012-06-05 18:08:26 +02:00
450bbeb8a0 Add support for receiving reordered packets 2012-06-05 00:44:05 +02:00
b6b6e059d7 Increment rc version 2012-06-04 21:08:24 +02:00
163469f1ad Make sure refresh handshakes aren't cleaned 2012-06-04 20:17:08 +02:00
210a447124 Fix key invalidation order on key refresh 2012-06-04 19:55:57 +02:00
f2bb9fd6d4 Add version string to handshake 2012-06-04 17:21:32 +02:00
a157804e7b Decreate keepalive interval 2012-06-04 15:53:41 +02:00
33a2de703d Add pidfile support 2012-06-04 14:54:50 +02:00
813535cfe4 Improve handshake logging 2012-06-04 09:42:23 +02:00
7df8f9002e Fix warning message 2012-06-02 20:20:15 +02:00
60b7732c3e Fix a possible crash involving strange resolve returns
fastd has been seen crashing on some hosts under strange circumstances. As the
bug seems to involve invalid address families, try to assure no unsupported
address families are returned from resolver.
2012-06-01 00:55:27 +02:00
10496d2dc9 Increase rc version 2012-05-24 21:13:02 +02:00
b51dc590a1 Fix segfault on logging during config 2012-05-24 21:12:15 +02:00
e3ba3e8f66 Uninline pr_log 2012-05-18 08:48:24 +02:00
6c6398d355 Increment rc version 2012-05-18 03:10:02 +02:00
4429f145e6 Don't consider enable state on peer config change detection 2012-05-18 03:08:58 +02:00
b34b3e2817 New logging facilities 2012-05-18 03:08:40 +02:00
a2b9f2c732 Add daemon mode 2012-05-17 22:24:31 +02:00
d8a3a034a1 Close inherited file handles 2012-05-17 21:30:10 +02:00
f863ed2c2d Fix handling of unsuccessful resolve 2012-05-17 11:55:22 +02:00
e9536fe57e Free eth_addr list on exit 2012-05-04 03:47:01 +02:00
7c0b4a23b1 Zero out resolve return to silence valgrind warning 2012-05-04 03:44:53 +02:00
6e39dfe325 Use pipe to transmit resolved addresses to main thread 2012-05-03 20:00:20 +02:00
1519fd2734 Fix critical error introduced by copy-and-pasting, another possible NULL dereference 2012-05-03 19:59:03 +02:00
a3459bc678 Critical fix: ignore disabled peers when searching peer key to avoid NULL dereference 2012-05-03 00:01:36 +02:00
2add52c1de Increment rc 2012-04-27 20:01:47 +02:00
e3e5224901 Automatically set interface MTU 2012-04-27 16:17:24 +02:00
22a8e9ccb1 Send handshakes after resolve even when the connection is already established for session refreshs to work 2012-04-25 00:15:17 +02:00
13c13161fe resolve: don't set AI_IDN, it will fail with uClibc 2012-04-23 21:41:29 +02:00
80f8c201e8 Ignore handshakes for 15 seconds after session establishment to avoid excessive and concurrent handshakes 2012-04-22 21:34:35 +02:00
1bbef32baa Add --show-key and --machine-readable options 2012-04-22 13:54:36 +02:00
f21a6e3cec Ignore peers with own key 2012-04-22 00:30:09 +02:00
8c91443808 Don't regenerate session handshake keypair for every handshake so a global state can be used; remove the concept of temporary peers
These changes will fix the possibility of a TCP-SYN-Flood-like DoS attack, at the cost of another
protocol change: as we can't count request IDs when we don't know have temporary peers, request IDs
are removed completely.
2012-04-19 17:42:56 +02:00
c5b12202c8 Simplity option code, improve help page formatting 2012-04-18 04:09:04 +02:00
efe9525ca0 Add --help page 2012-04-17 20:18:24 +02:00
afdf78eeaf Revert using hostname as peer printf string as we'll always have a name when a hostname is given 2012-04-17 17:33:29 +02:00