summaryrefslogtreecommitdiffstats
path: root/src/fastd.c
AgeCommit message (Collapse)Author
2013-04-17Fix handling of the local address in shell commandsMatthias Schiffer
Without this fix, using on-establish/disestablish/verify would cause a strange zero port when a bind with a random port was used, and a segmentation fault with dynamic binds.
2013-03-08Handle duplicate keysMatthias Schiffer
When two peers are configured with the same key, disable both. When a temporary peer's key is configured, delete the temporary key.
2013-03-08Allow disabling previously enabled peersMatthias Schiffer
2013-03-08Disable peer configs by default, enable on peer creationMatthias Schiffer
This allows to remove some duplicate code, and will simplify the detection and handling of duplicate keys.
2013-03-04Load peer dirs in the last step of the configurationMatthias Schiffer
Loading the peer dirs directly led to peers being discovered in a different order after reconfigure.
2013-03-02Don't crash on empty UDP packetsMatthias Schiffer
2013-03-02Print error message on aborts due to buffer push/pull errorsMatthias Schiffer
2013-02-27Allow temporary peers when no other floating or dynamic peers are configuredMatthias Schiffer
2013-02-27Don't set the peer address for temporary peers before the session is ↵Matthias Schiffer
actually established Doing so could lead to duplicate address entries in different peers, causing very strange behaviour. Add additional parameters for the local and the peer address to fastd_shell_exec() to allow the on-verify script to use this information nevertheless.
2013-02-26Experimental support for accepting connections from unknown peersMatthias Schiffer
2013-02-25Get rid of some duplicate code for calling shell commandsMatthias Schiffer
2013-02-23Fail initialization when a default socket can't be boundMatthias Schiffer
2013-02-23Print port for "any" address in bind log messagesMatthias Schiffer
2013-02-23Implement simple peer dump triggered by SIGUSR1Matthias Schiffer
2013-02-23Use fastd_peer_t instead of fastd_peer_config_t in handshake codeMatthias Schiffer
Directly using the peers allows us to get rid of the inefficient get_peer() function and is necessary for adding support for unknown peers.
2013-01-24resolver: write whole hostname instead of a pointer to the resolver pipeMatthias Schiffer
Shouldn't make a difference, but feels cleaner now, and silences a clang-analyzer warning.
2013-01-21Remove unneded calls to method functions in head and tail space calculationMatthias Schiffer
2013-01-21Add error message for OOM on buffer allocMatthias Schiffer
2013-01-05Adjust copyright yearsMatthias Schiffer
2013-01-04Add some debug output to uid/gid switchingMatthias Schiffer
2013-01-04Set supplementary groupsMatthias Schiffer
2012-12-25Remove capability locking featureMatthias Schiffer
This isn't our job, so there is no reason to support this.
2012-12-24Add user switching and capability supportMatthias Schiffer
2012-12-23Set FD_CLOEXEC on all file descriptors, use non-blocking IO for sockets and TUNMatthias Schiffer
2012-12-18Convert type names to _t conventionMatthias Schiffer
2012-12-13Add helper function to simplify v4-mapped addressesMatthias Schiffer
2012-12-13Reduce v4-mapped IPv6 addresses to IPv4 addressesMatthias Schiffer
We need this for "any" binds to work correctly again.
2012-12-08Only try to set MTU when it isn't correctMatthias Schiffer
This allows fastd to run completely without root privileges when the TUN/TAP device is pre-created
2012-12-08Maximum interface name length is IFNAMSIZ-1, not IFNAMSIZMatthias Schiffer
Linux handles the string just fine without NULL termination, but that doesn't make it correct...
2012-11-10Keep track of configured peer count correctly on dynamic reloadsMatthias Schiffer
2012-11-08Truncate PID fileMatthias Schiffer
2012-11-05Get rid of some annoyances with peer limitsMatthias Schiffer
Remove some debug messages, and don't resolve peers again and again we don't want to connect to anyways.
2012-11-05Don't inline send_handshakeMatthias Schiffer
2012-11-05Implement peer limit constraintsMatthias Schiffer
2012-11-05Implement peer groupsMatthias Schiffer
2012-11-02Directly use peer when receiving on associated socketsMatthias Schiffer
2012-11-02Keep track of corresonding peers in associated socketsMatthias Schiffer
2012-11-01Dynamically create and destroy sockets without fixed bindsMatthias Schiffer
2012-11-01Move unistd.h include to fastd.hMatthias Schiffer
2012-11-01Handle socket errorsMatthias Schiffer
2012-11-01Refactor bind address configurationMatthias Schiffer
2012-10-29Fix bind error messagesMatthias Schiffer
2012-10-29Add support for multiple bindsMatthias Schiffer
2012-09-21Nicely encapsulate different crypto algorithm implementationsMatthias Schiffer
2012-09-16Fix alignment for NaCl's core2 assembler implementation of AES128-CTRMatthias Schiffer
2012-09-16Ignore SIGPIPEMatthias Schiffer
We want this because of reasons. Just to be sure.
2012-09-15Use inline function for alignmentMatthias Schiffer
2012-09-15Add support for using kernel implementations of GHASHMatthias Schiffer
This doesn't really improve performance on my Intel CPU (I guess due to the context switches), but more tests have to be made, in combination with offloading the AES to the kernel as well, and on different hardware.
2012-09-15Rework some parts of the AES128-GCM methodMatthias Schiffer
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily.
2012-09-15Improve data alignmentMatthias Schiffer
Ensure that the actual packet data is always aligned to a multiple of 8.