fastd/fastd
1
0
Fork 0
mirror of https://github.com/neocturne/fastd.git synced 2025-05-14 04:15:08 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
1247 commits 1 branch 45 tags 2.5 MiB
Commit graph

1247 commits

This branch
This branch
All branches
Author SHA1 Message Date
Felix Kaechele
ac7929fc63 cipher: fix OpenSSL linking for aes128-ctr 
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
 2020-05-23 12:05:16 -04:00
Matthias Schiffer
ad22fc93f7
Development version 2020-05-22 20:34:37 +02:00
Matthias Schiffer
92bc1c1051
fastd v19 2020-05-22 20:33:25 +02:00
Matthias Schiffer
8720bee25e
doc: releases: v19: mention fast reconnect fix 2020-05-22 20:30:32 +02:00
Matthias Schiffer
cc44b6b702
iface: fix segfault when failing to create an interface on FreeBSD 
The interface name must be set before cleanup may be enabled.
 2020-05-22 19:15:13 +02:00
Matthias Schiffer
5c626c6e16
iface: never attempt to close FD 0 
On some platforms like FreeBSD, open_iface() may fail before setting the
interface FD. Initialize the FD to -1 to avoid closing STDIN in this
case.
 2020-05-22 18:45:43 +02:00
Matthias Schiffer
ca1ea26d2b
receive: simplify local address 
Avoid v4-mapped addresses in script environments and log messages.
 2020-05-22 16:01:18 +02:00
Matthias Schiffer
671862811b
peer: simplify fastd_peer_set_shell_env() 
Reuse code for local and peer addresses.
 2020-05-22 15:27:28 +02:00
Matthias Schiffer
206d1b3760
doc: releases: v19: mention OpenBSD support change 2020-05-09 19:38:26 +02:00
Matthias Schiffer
5ba96dc73b
doc: add preliminary v19 release notes 2020-05-09 19:27:30 +02:00
Matthias Schiffer
3668bb51e3
doc: update copyright information 2020-05-09 18:54:16 +02:00
Matthias Schiffer
c9c33826ee
iface: update OpenBSD support to current API 
TUN/TAP interfaces were separated in 2015 (since OpenBSD 5.9 or 6.0),
requiring adjustments in fastd. This makes fastd incompatible with older
OpenBSD versions (in TAP mode).

Fixes: #2
 2020-05-09 18:50:34 +02:00
Matthias Schiffer
50b97188e9
build: remove Doxygen for now 
With current CMake versions, not finding Doxygen is a hard failure with
the current configuration. Remove Doxygen for now to fix the build.
 2020-05-09 17:48:44 +02:00
Matthias Schiffer
b77a2832d8
verify: fix -Wmaybe-uninitialized warning with LTO 2020-05-09 16:30:10 +02:00
Matthias Schiffer
399aa89fb1
config: remove redundant check 2020-05-09 16:23:57 +02:00
Matthias Schiffer
551fbbd11f
doc: openwrt: remove limitation to a single interface 
Fixes TUN and Multi-TAP modes with multiple peers.

The script is not converted to USE_PROCD, as we still want to have full
control over stdin and daemonization.

Also improve error handling with -o pipefail.

Fixes: #3
 2020-05-09 16:19:16 +02:00
Matthias Schiffer
8fd1a82b7f
build: rename libuecc find script to avoid CMake warning 2020-05-09 15:54:10 +02:00
Matthias Schiffer
19759b2237
config: replace deprecated name-prefix Bison option 2020-05-09 15:51:45 +02:00
Matthias Schiffer
b9e353e72b
doc: remove secure handshake option 2020-05-09 14:27:22 +02:00
Matthias Schiffer
0b8263921f
doc: remove xsalsa20-poly1305 2020-05-09 14:17:52 +02:00
Matthias Schiffer
291f56682a
Update copyright information 2020-05-09 14:14:19 +02:00
Matthias Schiffer
399a55e129
Replace license headers with SPDX identifiers 2020-05-09 14:02:08 +02:00
Matthias Schiffer
15b916921a
Remove support for pre-v11 insecure handshakes 2020-05-09 13:26:37 +02:00
Matthias Schiffer
6bee9e8fea
methods: remove deprecated xsalsa20-poly1305 method 
This was deprecated with fastd v11. Users must switch to
salsa20+poly1305.
 2020-05-09 13:26:37 +02:00
Matthias Schiffer
3854374b53
handshake: revert addition of big-endian handshake format 
Deprecating and eventually removing the current little-endian handshake
format just causes unnecessary churn for users without objective benefit.

The only field that was unconditionally encoded as big-endian before is
"error detail"; as this is also variable-length and was never longer
than 1 byte in practice (and it will not be for a long time), we can also
switch that around to little-endian without any compatiblity issues.
 2020-05-09 11:22:22 +02:00
Matthias Schiffer
bf9a052454
config: allow binding to a fixed random port 
By specifying port 0, fastd will statically bind to a random port
(rather than recreating the socket for each connection attempt).

While we're at it, clean up bind address handling a bit and also pass
"default" bind address via the new flags field.

The docs docs are updated as well (they were incorrect before, a port 0
bind was simply rejected).
 2020-04-03 21:02:30 +02:00
Matthias Schiffer
9f98bce82d
config: make fastd_config_error static 2020-04-03 20:02:05 +02:00
Matthias Schiffer
38b089cfd1
Introduce clang-format support 2020-03-08 18:32:56 +01:00
Matthias Schiffer
8dc1ed3a1e
Retry send without pktinfo on ENETUNREACH as well 
It seems that newer kernels fail with ENETUNREACH instead of EINVAL with
an invalid source address in pktinfo.

This fixes fast reconnect on source address change.
 2019-11-07 18:42:03 +01:00
Wilfried Klaebe
c29b4b0e3c
doc: examples/openwrt: fix init script, wasn't working with two VPNs 
If two VPNs were configured via uci, the init script complained about
the peer group of its peers not matching its net.
 2019-09-04 22:36:31 +02:00
Matthias Schiffer
93c0c4e555
Update README 2019-08-21 14:14:40 +02:00
David Bauer
7d9f90ebe9
resolve: fix segmentation fault with musl >1.1.20 
When compiled with musl >1.1.20, fastd will crash in case it can't
resolve a peers hostname. This is due to a changed implementation of
freeaddrinfo in musl 1.1.21 onwards.

This segfault is fixed by not calling freeaddrinfo in case the supplied
pointer is null.

Signed-off-by: David Bauer <mail@david-bauer.net>
 2019-07-25 20:45:54 +02:00
Matthias Schiffer
5cb3bf654a
status: fix segfault in tun/multitap mode with persist iface no 2018-05-12 17:09:42 +02:00
Matthias Schiffer
4b8c4f54bb
cipher: remove aes128-ctr NaCl implementation 
New versions of libsodium have dropped support for aes128-ctr. AES support
is only available with OpenSSL now.
 2017-10-18 20:11:30 +02:00
Matthias Schiffer
878e6e10f3
build: remove outdated CMake policy 
We don't use the module replacements since "Remove gcc-{ar,nm,ranlib} hack"
anymore.
 2017-10-18 20:05:09 +02:00
Matthias Schiffer
3995adf788
Remove unnecessary OpenSSL initialization and cleanup 
Some of these functions have been deprecated in OpenSSL 1.1; in any case,
the calls aren't necessary.
 2017-05-19 20:07:58 +02:00
Matthias Schiffer
8505374ee2
cipher: aes128-ctr: openssl: fix compatiblity with OpenSSL 1.1 2017-05-19 19:36:24 +02:00
Matthias Schiffer
0ea846deb6
status: correctly align sockaddr_un buffer 
While at it, also do some more cleanup.
 2017-03-25 22:24:48 +01:00
Yann E. MORIN
a925a4cab1
CMakeList: do not overwrite module path 
Currently, the CMakeList.txt completely overwrites the CMAKE_MODULE_PATH
variable.

This is problematic when an upper-layer buildsystem wants to set its own
module path to use custom modules.

For example, Buldroot [0] provides a custom platform description [1] to fix
cross-compilation issue. Overwriting the module path means that this
custom platform description is not found [2].

Providing such a custom platform description is what the upstream cmake
devs suggest [3], quoting:

    If a toolchain file specifies CMAKE_SYSTEM_NAME such that a custom
    `Platform/MySystem.cmake` file is loaded then the latter can set
    them [*] as needed for the target platform.

[*] offending settings causing RPATH issues during cross-compilation.

So we need to append our source tree to the module path, not replace it
blindly.

[0] https://buildroot.org/
[1] https://git.buildroot.org/buildroot/tree/support/misc/Buildroot.cmake
[2] http://autobuild.buildroot.net/results/69f/69fb2e3b549a069e2898506db918423e6742c589/build-end.log
[3] http://public.kitware.com/pipermail/cmake/2017-February/065063.html

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
 2017-03-02 21:49:35 +01:00
Christof Schulze
441107e416
typo: there is no word >chosed<, should be >chosen<. 2016-11-21 10:22:42 +01:00
Matthias Schiffer
2fa2187e68
time, compat: don't redefine clock_gettime on MacOS 
MacOS X 10.12 has intruduced a clock_gettime function. Use an own function
name instead.
 2016-10-10 02:21:35 +02:00
Matthias Schiffer
f2087f2da2
fastd: fix documentation of fastd_context_t.now 2016-10-10 02:21:31 +02:00
Matthias Schiffer
7fc8897806
Use raise(...) instead of kill(getpid(), ...) 2016-09-15 08:08:12 +02:00
Matthias Schiffer
b97122c3f2
handshake: fix fastd_handshake_add_uint logic 
The function would add multipe records for big values. No actual use of
this function did trigger the incorrect behaviour though.
 2016-09-15 08:05:06 +02:00
lemoer
42bc562093
fastd: doc: mtu description - fix wrong packet size for ipv4+null 2016-08-08 12:07:11 +02:00
Matthias Schiffer
5a55d117da peer: fix potential integer overflows in fastd_peer_eth_addr_add 
Fix potential integer overflows in binary search.
 2016-05-03 22:17:24 +02:00
Matthias Schiffer
0ac5e3f0be vector: catch overflows of the alloc counter 
Better fail than go into an endless loop...
 2016-05-03 21:03:13 +02:00
Matthias Schiffer
1709b7ddc6 alloc: check multiplications for overflows 2016-05-03 20:57:55 +02:00
Matthias Schiffer
db6424e639 Development version 2016-03-28 23:45:45 +02:00
Matthias Schiffer
0412bf46cb fastd v18 2016-03-28 23:43:56 +02:00