summaryrefslogtreecommitdiffstats
path: root/src/config.c
AgeCommit message (Collapse)Author
2013-06-02Fix spelling of 'tunnelling'Matthias Schiffer
2013-04-25Fix memory leak in config parserMatthias Schiffer
2013-04-20Ignore backup filesMatthias Schiffer
2013-03-21Don't read the default peer group twice on startupMatthias Schiffer
There are no negative consequences when the peers are loaded twice, but we can spare some log spam like this.
2013-03-09Add options to hide IP and MAC addresses from log outputMatthias Schiffer
2013-03-08Really fix adding new peers from a peer dirMatthias Schiffer
2013-03-08Don't forget all peers when no peers are configured in peer dirsMatthias Schiffer
2013-03-08Don't lose all but one peer configured in peer dirs after loadingMatthias Schiffer
This regression was introduced in 4e9b2a8819c7062ad052cd6c549db1d0fbed001d.
2013-03-08Disable peer configs by default, enable on peer creationMatthias Schiffer
This allows to remove some duplicate code, and will simplify the detection and handling of duplicate keys.
2013-03-04Load peer dirs in the last step of the configurationMatthias Schiffer
Loading the peer dirs directly led to peers being discovered in a different order after reconfigure.
2013-03-03Make 'peer limit 0' allow no connectionsMatthias Schiffer
2013-03-03Fix typo in --log-level help textMatthias Schiffer
2013-03-03Remove the word "version" from usage textMatthias Schiffer
It is now included in the version string itself.
2013-02-26Experimental support for accepting connections from unknown peersMatthias Schiffer
2013-02-23Subtract splay time to key refresh intervalMatthias Schiffer
A random splay time of up to 5 minutes will ensure that simultaneous handshakes with many peers are desynchronized as fast as possible.
2013-01-05Adjust copyright yearsMatthias Schiffer
2013-01-04Set supplementary groupsMatthias Schiffer
2012-12-24Add user switching and capability supportMatthias Schiffer
2012-12-18Convert type names to _t conventionMatthias Schiffer
2012-12-13Always convert v4-mapped IPv6 addresses to IPv4 addressesMatthias Schiffer
2012-11-10Don't allow global config statements in peer groupsMatthias Schiffer
2012-11-10Give the default peer group a nameMatthias Schiffer
2012-11-05Implement peer groupsMatthias Schiffer
2012-11-01Dynamically create and destroy sockets without fixed bindsMatthias Schiffer
2012-11-01Refactor bind address configurationMatthias Schiffer
2012-10-29Add support for multiple bindsMatthias Schiffer
2012-10-29config: Simplify default_config()Matthias Schiffer
2012-09-21Nicely encapsulate different crypto algorithm implementationsMatthias Schiffer
2012-09-16Make implementations used for AES128-CTR and GHASH configurable.Matthias Schiffer
2012-07-02Fix typo in --machine-readable help messageMatthias Schiffer
2012-07-01Add support for multiple crypto methods without reconfigurationMatthias Schiffer
2012-06-27Primitive aes128-gcm implementationMatthias Schiffer
2012-06-15Avoid using the same handshake key to establish more than one sessionMatthias Schiffer
This fix prevents a potential attack using intentional packet reordering to initialize more than one session with using the same handshake keys, leading to more that one session to be initialized with the same key data altogether, allowing to decrypt some packets in the worst case.
2012-06-07Limit handshake frequency where possibleMatthias Schiffer
2012-06-06Limit resolve frequencyMatthias Schiffer
2012-06-06Improve some log levelsMatthias Schiffer
2012-06-05Increase reorder countMatthias Schiffer
2012-06-05Add support for receiving reordered packetsMatthias Schiffer
2012-06-04Decreate keepalive intervalMatthias Schiffer
2012-06-04Add pidfile supportMatthias Schiffer
2012-05-18New logging facilitiesMatthias Schiffer
2012-05-17Add daemon modeMatthias Schiffer
2012-04-22Add --show-key and --machine-readable optionsMatthias Schiffer
2012-04-19Don't regenerate session handshake keypair for every handshake so a global ↵Matthias Schiffer
state can be used; remove the concept of temporary peers These changes will fix the possibility of a TCP-SYN-Flood-like DoS attack, at the cost of another protocol change: as we can't count request IDs when we don't know have temporary peers, request IDs are removed completely.
2012-04-18Simplity option code, improve help page formattingMatthias Schiffer
2012-04-17Add --help pageMatthias Schiffer
2012-04-16Cancel start if no peers are configuredMatthias Schiffer
2012-04-16Remove unused variableMatthias Schiffer
2012-04-16Rename peer-to-peer to forward; remove now useless peer command line optionv0.4-rc1Matthias Schiffer
2012-04-16Lots of fixes and improvements on the resolver codeMatthias Schiffer