fastd/fastd
1
0
Fork 0
mirror of https://github.com/neocturne/fastd.git synced 2025-06-02 11:25:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
1164 commits 1 branch 45 tags 2.5 MiB
Commit graph

1164 commits

This branch
This branch
All branches
Author SHA1 Message Date
Matthias Schiffer
9d8e773e0a
Rename method info fields 
* max_overhead -> overhead
* min_encrypt_head_space -> encrypt_headroom
* min_decrypt_head_space -> decrypt_headroom
* min_decrypt_tail_space -> decrypt_tailroom
 2020-06-13 21:37:55 +02:00
Matthias Schiffer
34e23389bc
Remove now unused min_encrypt_tail_space 2020-06-13 21:37:55 +02:00
Matthias Schiffer
64b3c11906
buffer: always pad to multiple of 16 bytes 
This allows us to specify the required tailroom simplier and more
accurately.
 2020-06-13 21:37:55 +02:00
Matthias Schiffer
e0a4b406d9
methods: simplify reorder drop handling 2020-06-13 20:11:22 +02:00
Matthias Schiffer
d6c50a5487
umac: remove length 0 special cases 2020-06-13 20:11:22 +02:00
Matthias Schiffer
9b9ead760f
uhash: add special case for empty input 
uhash needs the input padded to a multiple of 32 bytes, with the special
case that an empty input needs to be padded to 32 as well. Handle this
special case in the uhash code itself, so it doesn't need to be handled
by the callers.
 2020-06-13 20:11:22 +02:00
Matthias Schiffer
8eb768d461
Add uhash unit test 2020-06-13 20:11:22 +02:00
Matthias Schiffer
98fee09de8
Build most code as library to allowing linking against unit tests 2020-06-13 20:11:21 +02:00
Matthias Schiffer
78342a97b1
generic-poly1305: cleanup poly1305 calls 2020-06-13 20:11:15 +02:00
Matthias Schiffer
2e2bc4e5bb
generic-poly1305: zero padding before calling crypt in decrypt 
This fixes an uninitialized memory error reported by valgrind for the
method aes128+ctr. It is unclear why only this method is affected, or why
it is even necessary at all - we only support stream cipher, and
crypto_onetimeauth_poly1305_verify does not care about padding.
 2020-06-13 20:11:12 +02:00
Matthias Schiffer
adda25162f
buffer: switch push and pull meanings 
Make the wording match what the Linux kernel uses.
 2020-06-11 21:42:30 +02:00
Matthias Schiffer
9a4549e6e2
build: fix disabling status socket 2020-06-11 18:56:40 +02:00
Matthias Schiffer
ba9264f009
build: disable -Wformat-truncation and -Wstringop-truncation 2020-06-08 23:35:20 +02:00
Matthias Schiffer
c095ce9b4d
build: switch to Meson build system 2020-06-07 13:16:44 +02:00
Matthias Schiffer
e58b3f89e5
build: remove CMake build system 2020-06-06 18:25:22 +02:00
Matthias Schiffer
3196f0a1f6
build: we require Bison 2.6 now 
Fixes: 19759b2237 ("config: replace deprecated name-prefix Bison option")
 2020-06-04 23:47:28 +02:00
Matthias Schiffer
cc790da7f8
Remove obsolete OpenSSL references 
With the update to OpenSSL 1.1, only the aes128-ctr cipher references
symbols from the library, so we can remove it from the toplevel
target_link_libraries() and build.h.
 2020-05-23 20:49:11 +02:00
Felix Kaechele
ac7929fc63 cipher: fix OpenSSL linking for aes128-ctr 
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
 2020-05-23 12:05:16 -04:00
Matthias Schiffer
ad22fc93f7
Development version 2020-05-22 20:34:37 +02:00
Matthias Schiffer
92bc1c1051
fastd v19 2020-05-22 20:33:25 +02:00
Matthias Schiffer
8720bee25e
doc: releases: v19: mention fast reconnect fix 2020-05-22 20:30:32 +02:00
Matthias Schiffer
cc44b6b702
iface: fix segfault when failing to create an interface on FreeBSD 
The interface name must be set before cleanup may be enabled.
 2020-05-22 19:15:13 +02:00
Matthias Schiffer
5c626c6e16
iface: never attempt to close FD 0 
On some platforms like FreeBSD, open_iface() may fail before setting the
interface FD. Initialize the FD to -1 to avoid closing STDIN in this
case.
 2020-05-22 18:45:43 +02:00
Matthias Schiffer
ca1ea26d2b
receive: simplify local address 
Avoid v4-mapped addresses in script environments and log messages.
 2020-05-22 16:01:18 +02:00
Matthias Schiffer
671862811b
peer: simplify fastd_peer_set_shell_env() 
Reuse code for local and peer addresses.
 2020-05-22 15:27:28 +02:00
Matthias Schiffer
206d1b3760
doc: releases: v19: mention OpenBSD support change 2020-05-09 19:38:26 +02:00
Matthias Schiffer
5ba96dc73b
doc: add preliminary v19 release notes 2020-05-09 19:27:30 +02:00
Matthias Schiffer
3668bb51e3
doc: update copyright information 2020-05-09 18:54:16 +02:00
Matthias Schiffer
c9c33826ee
iface: update OpenBSD support to current API 
TUN/TAP interfaces were separated in 2015 (since OpenBSD 5.9 or 6.0),
requiring adjustments in fastd. This makes fastd incompatible with older
OpenBSD versions (in TAP mode).

Fixes: #2
 2020-05-09 18:50:34 +02:00
Matthias Schiffer
50b97188e9
build: remove Doxygen for now 
With current CMake versions, not finding Doxygen is a hard failure with
the current configuration. Remove Doxygen for now to fix the build.
 2020-05-09 17:48:44 +02:00
Matthias Schiffer
b77a2832d8
verify: fix -Wmaybe-uninitialized warning with LTO 2020-05-09 16:30:10 +02:00
Matthias Schiffer
399aa89fb1
config: remove redundant check 2020-05-09 16:23:57 +02:00
Matthias Schiffer
551fbbd11f
doc: openwrt: remove limitation to a single interface 
Fixes TUN and Multi-TAP modes with multiple peers.

The script is not converted to USE_PROCD, as we still want to have full
control over stdin and daemonization.

Also improve error handling with -o pipefail.

Fixes: #3
 2020-05-09 16:19:16 +02:00
Matthias Schiffer
8fd1a82b7f
build: rename libuecc find script to avoid CMake warning 2020-05-09 15:54:10 +02:00
Matthias Schiffer
19759b2237
config: replace deprecated name-prefix Bison option 2020-05-09 15:51:45 +02:00
Matthias Schiffer
b9e353e72b
doc: remove secure handshake option 2020-05-09 14:27:22 +02:00
Matthias Schiffer
0b8263921f
doc: remove xsalsa20-poly1305 2020-05-09 14:17:52 +02:00
Matthias Schiffer
291f56682a
Update copyright information 2020-05-09 14:14:19 +02:00
Matthias Schiffer
399a55e129
Replace license headers with SPDX identifiers 2020-05-09 14:02:08 +02:00
Matthias Schiffer
15b916921a
Remove support for pre-v11 insecure handshakes 2020-05-09 13:26:37 +02:00
Matthias Schiffer
6bee9e8fea
methods: remove deprecated xsalsa20-poly1305 method 
This was deprecated with fastd v11. Users must switch to
salsa20+poly1305.
 2020-05-09 13:26:37 +02:00
Matthias Schiffer
3854374b53
handshake: revert addition of big-endian handshake format 
Deprecating and eventually removing the current little-endian handshake
format just causes unnecessary churn for users without objective benefit.

The only field that was unconditionally encoded as big-endian before is
"error detail"; as this is also variable-length and was never longer
than 1 byte in practice (and it will not be for a long time), we can also
switch that around to little-endian without any compatiblity issues.
 2020-05-09 11:22:22 +02:00
Matthias Schiffer
bf9a052454
config: allow binding to a fixed random port 
By specifying port 0, fastd will statically bind to a random port
(rather than recreating the socket for each connection attempt).

While we're at it, clean up bind address handling a bit and also pass
"default" bind address via the new flags field.

The docs docs are updated as well (they were incorrect before, a port 0
bind was simply rejected).
 2020-04-03 21:02:30 +02:00
Matthias Schiffer
9f98bce82d
config: make fastd_config_error static 2020-04-03 20:02:05 +02:00
Matthias Schiffer
38b089cfd1
Introduce clang-format support 2020-03-08 18:32:56 +01:00
Matthias Schiffer
8dc1ed3a1e
Retry send without pktinfo on ENETUNREACH as well 
It seems that newer kernels fail with ENETUNREACH instead of EINVAL with
an invalid source address in pktinfo.

This fixes fast reconnect on source address change.
 2019-11-07 18:42:03 +01:00
Wilfried Klaebe
c29b4b0e3c
doc: examples/openwrt: fix init script, wasn't working with two VPNs 
If two VPNs were configured via uci, the init script complained about
the peer group of its peers not matching its net.
 2019-09-04 22:36:31 +02:00
Matthias Schiffer
93c0c4e555
Update README 2019-08-21 14:14:40 +02:00
David Bauer
7d9f90ebe9
resolve: fix segmentation fault with musl >1.1.20 
When compiled with musl >1.1.20, fastd will crash in case it can't
resolve a peers hostname. This is due to a changed implementation of
freeaddrinfo in musl 1.1.21 onwards.

This segfault is fixed by not calling freeaddrinfo in case the supplied
pointer is null.

Signed-off-by: David Bauer <mail@david-bauer.net>
 2019-07-25 20:45:54 +02:00
Matthias Schiffer
5cb3bf654a
status: fix segfault in tun/multitap mode with persist iface no 2018-05-12 17:09:42 +02:00