4b8c4f54bb
cipher: remove aes128-ctr NaCl implementation
...
New versions of libsodium have dropped support for aes128-ctr. AES support
is only available with OpenSSL now.
2017-10-18 20:11:30 +02:00
878e6e10f3
build: remove outdated CMake policy
...
We don't use the module replacements since "Remove gcc-{ar,nm,ranlib} hack"
anymore.
2017-10-18 20:05:09 +02:00
3995adf788
Remove unnecessary OpenSSL initialization and cleanup
...
Some of these functions have been deprecated in OpenSSL 1.1; in any case,
the calls aren't necessary.
2017-05-19 20:07:58 +02:00
8505374ee2
cipher: aes128-ctr: openssl: fix compatiblity with OpenSSL 1.1
2017-05-19 19:36:24 +02:00
0ea846deb6
status: correctly align sockaddr_un buffer
...
While at it, also do some more cleanup.
2017-03-25 22:24:48 +01:00
Yann E. MORIN
a925a4cab1
CMakeList: do not overwrite module path
...
Currently, the CMakeList.txt completely overwrites the CMAKE_MODULE_PATH
variable.
This is problematic when an upper-layer buildsystem wants to set its own
module path to use custom modules.
For example, Buldroot [0] provides a custom platform description [1] to fix
cross-compilation issue. Overwriting the module path means that this
custom platform description is not found [2].
Providing such a custom platform description is what the upstream cmake
devs suggest [3], quoting:
If a toolchain file specifies CMAKE_SYSTEM_NAME such that a custom
`Platform/MySystem.cmake` file is loaded then the latter can set
them [*] as needed for the target platform.
[*] offending settings causing RPATH issues during cross-compilation.
So we need to append our source tree to the module path, not replace it
blindly.
[0] https://buildroot.org/
[1] https://git.buildroot.org/buildroot/tree/support/misc/Buildroot.cmake
[2] http://autobuild.buildroot.net/results/69f/69fb2e3b549a069e2898506db918423e6742c589/build-end.log
[3] http://public.kitware.com/pipermail/cmake/2017-February/065063.html
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
2017-03-02 21:49:35 +01:00
Christof Schulze
441107e416
typo: there is no word >chosed<, should be >chosen<.
2016-11-21 10:22:42 +01:00
2fa2187e68
time, compat: don't redefine clock_gettime on MacOS
...
MacOS X 10.12 has intruduced a clock_gettime function. Use an own function
name instead.
2016-10-10 02:21:35 +02:00
f2087f2da2
fastd: fix documentation of fastd_context_t.now
2016-10-10 02:21:31 +02:00
7fc8897806
Use raise(...) instead of kill(getpid(), ...)
2016-09-15 08:08:12 +02:00
b97122c3f2
handshake: fix fastd_handshake_add_uint logic
...
The function would add multipe records for big values. No actual use of
this function did trigger the incorrect behaviour though.
2016-09-15 08:05:06 +02:00
lemoer
42bc562093
fastd: doc: mtu description - fix wrong packet size for ipv4+null
2016-08-08 12:07:11 +02:00
5a55d117da
peer: fix potential integer overflows in fastd_peer_eth_addr_add
...
Fix potential integer overflows in binary search.
2016-05-03 22:17:24 +02:00
0ac5e3f0be
vector: catch overflows of the alloc counter
...
Better fail than go into an endless loop...
2016-05-03 21:03:13 +02:00
1709b7ddc6
alloc: check multiplications for overflows
2016-05-03 20:57:55 +02:00
db6424e639
Development version
2016-03-28 23:45:45 +02:00
0412bf46cb
fastd v18
2016-03-28 23:43:56 +02:00
e9ccb06be4
doc: update build instructions
2016-03-27 04:34:51 +02:00
56551b42d3
android: update libuecc to v7, libsodium to 1.0.8
...
Also, script fixes and cleanup.
2016-03-27 03:46:01 +02:00
794caa0da0
build: fix build with nonstandard libsodium include path
2016-03-27 03:24:27 +02:00
7e3159dc35
build: fix nacl dependency (without libsodium)
2016-03-26 23:59:02 +01:00
dfc7610527
build: fix removal of previously required dependencies
2016-03-26 23:54:29 +01:00
9b84e5e3b0
poll: fix epoll support
2016-03-26 23:14:14 +01:00
a2c6604e73
iface: improve error handling, especially on non-Linux systems
...
Don't exit when a single interface can't be setup
2016-03-26 22:51:18 +01:00
6a7ff21e68
iface: improve handling of name field
2016-03-26 02:28:32 +01:00
f5820021ef
doc: update build dependencies
2016-03-26 01:36:58 +01:00
8b9465773a
doc: build-fastd-android: fix fastd build dir existence check
...
Just a cosmetic fix.
2016-03-25 03:20:39 +01:00
9b4202dd55
build: always try to find libraries without CMAKE_FIND_ROOT_PATH first
...
Fixes build on Android
2016-03-25 03:17:06 +01:00
1e8fb62a0e
Remove gcc-{ar,nm,ranlib} hack
...
If a GCC version is used which requires the GCC-specific binutils for LTO,
they should rather be provided explicitly.
2016-03-25 02:50:53 +01:00
6bc0ca2f28
doc: add preliminary v18 release notes
2016-03-25 01:36:23 +01:00
9256105618
doc: update with new configuration options
2016-03-20 20:57:03 +01:00
a86d2f5d89
doc: examples/openwrt: update init script and example config with new options
2016-03-20 18:39:04 +01:00
2e9ef2eda9
doc: examples/openwrt/fastd.init: print error message when used without instance arguments
2016-03-20 18:00:28 +01:00
5944dc18a7
doc: examples/openwrt/fastd.init: add help text for custom commands
2016-03-20 17:36:55 +01:00
93a4b231fe
Add missing doxygen comments
2016-03-20 16:58:18 +01:00
39a2215fd3
ec25519_fhmqvc: simplify protocol_handle_recv control flow
2016-03-20 14:26:32 +01:00
cefdc338d8
ec25519_fhmqvc: update to follow new libuecc recommendations
2016-03-19 14:51:30 +01:00
bc6650141c
capabilities: guard packet mark check with USE_PACKET_MARK
...
At the moment, both capabilities and packet marks are supported on Linux
only, so this doesn't really matter except for testing.
2016-02-22 22:57:11 +01:00
d7f23732b6
capabilities: print message about retained capabilities
2016-02-22 22:00:55 +01:00
aac5eefccd
Retain CAP_NET_ADMIN if a packet mark is configured and dynamic binds are required
2016-02-22 21:56:34 +01:00
55aa537fb5
Add "drop privileges force" option which allows to drop CAP_NET_ADMIN even when fastd thinks it might still need it
2016-02-22 21:29:04 +01:00
69c830f363
Improve capability handling, retain required capabilities
2016-02-22 21:03:40 +01:00
995380597a
Update copyright years
2016-02-22 17:14:24 +01:00
766433b850
socket: improve and simplify error handling
...
Rather exit on errors we're unlikely to recover from than retrying
indefinitely.
2016-02-22 17:10:13 +01:00
29894cc8d1
peer: remove dead code in fastd_peer_reset_socket()
2016-02-22 15:48:33 +01:00
96c9ba0f09
types: replace static consts with defines
2016-02-22 15:20:25 +01:00
8255dd8965
Handle optional features (capabilities, status socket) more consistently
2016-02-22 14:54:55 +01:00
38b71290e4
Print UID and GID as unsigned in log message
2016-02-21 20:35:09 +01:00
7306ae9a02
Replace setuid/setgid with setresuid/setresgid (or setreuid/setregid)
...
The semantics of setuid in SUID processes are not entirely clear on all
Unix-like systems. Better use setresuid to drop privileges where available.
2016-02-21 20:13:12 +01:00
0358cbf937
Don't block fatal signals
2015-12-21 14:49:18 +01:00
