Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-04-17 | Fix handling of the local address in shell commands | Matthias Schiffer | |
Without this fix, using on-establish/disestablish/verify would cause a strange zero port when a bind with a random port was used, and a segmentation fault with dynamic binds. | |||
2013-03-08 | Handle duplicate keys | Matthias Schiffer | |
When two peers are configured with the same key, disable both. When a temporary peer's key is configured, delete the temporary key. | |||
2013-03-08 | Allow disabling previously enabled peers | Matthias Schiffer | |
2013-03-08 | Disable peer configs by default, enable on peer creation | Matthias Schiffer | |
This allows to remove some duplicate code, and will simplify the detection and handling of duplicate keys. | |||
2013-03-04 | Load peer dirs in the last step of the configuration | Matthias Schiffer | |
Loading the peer dirs directly led to peers being discovered in a different order after reconfigure. | |||
2013-03-02 | Don't crash on empty UDP packets | Matthias Schiffer | |
2013-03-02 | Print error message on aborts due to buffer push/pull errors | Matthias Schiffer | |
2013-02-27 | Allow temporary peers when no other floating or dynamic peers are configured | Matthias Schiffer | |
2013-02-27 | Don't set the peer address for temporary peers before the session is ↵ | Matthias Schiffer | |
actually established Doing so could lead to duplicate address entries in different peers, causing very strange behaviour. Add additional parameters for the local and the peer address to fastd_shell_exec() to allow the on-verify script to use this information nevertheless. | |||
2013-02-26 | Experimental support for accepting connections from unknown peers | Matthias Schiffer | |
2013-02-25 | Get rid of some duplicate code for calling shell commands | Matthias Schiffer | |
2013-02-23 | Fail initialization when a default socket can't be bound | Matthias Schiffer | |
2013-02-23 | Print port for "any" address in bind log messages | Matthias Schiffer | |
2013-02-23 | Implement simple peer dump triggered by SIGUSR1 | Matthias Schiffer | |
2013-02-23 | Use fastd_peer_t instead of fastd_peer_config_t in handshake code | Matthias Schiffer | |
Directly using the peers allows us to get rid of the inefficient get_peer() function and is necessary for adding support for unknown peers. | |||
2013-01-24 | resolver: write whole hostname instead of a pointer to the resolver pipe | Matthias Schiffer | |
Shouldn't make a difference, but feels cleaner now, and silences a clang-analyzer warning. | |||
2013-01-21 | Remove unneded calls to method functions in head and tail space calculation | Matthias Schiffer | |
2013-01-21 | Add error message for OOM on buffer alloc | Matthias Schiffer | |
2013-01-05 | Adjust copyright years | Matthias Schiffer | |
2013-01-04 | Add some debug output to uid/gid switching | Matthias Schiffer | |
2013-01-04 | Set supplementary groups | Matthias Schiffer | |
2012-12-25 | Remove capability locking feature | Matthias Schiffer | |
This isn't our job, so there is no reason to support this. | |||
2012-12-24 | Add user switching and capability support | Matthias Schiffer | |
2012-12-23 | Set FD_CLOEXEC on all file descriptors, use non-blocking IO for sockets and TUN | Matthias Schiffer | |
2012-12-18 | Convert type names to _t convention | Matthias Schiffer | |
2012-12-13 | Add helper function to simplify v4-mapped addresses | Matthias Schiffer | |
2012-12-13 | Reduce v4-mapped IPv6 addresses to IPv4 addresses | Matthias Schiffer | |
We need this for "any" binds to work correctly again. | |||
2012-12-08 | Only try to set MTU when it isn't correct | Matthias Schiffer | |
This allows fastd to run completely without root privileges when the TUN/TAP device is pre-created | |||
2012-12-08 | Maximum interface name length is IFNAMSIZ-1, not IFNAMSIZ | Matthias Schiffer | |
Linux handles the string just fine without NULL termination, but that doesn't make it correct... | |||
2012-11-10 | Keep track of configured peer count correctly on dynamic reloads | Matthias Schiffer | |
2012-11-08 | Truncate PID file | Matthias Schiffer | |
2012-11-05 | Get rid of some annoyances with peer limits | Matthias Schiffer | |
Remove some debug messages, and don't resolve peers again and again we don't want to connect to anyways. | |||
2012-11-05 | Don't inline send_handshake | Matthias Schiffer | |
2012-11-05 | Implement peer limit constraints | Matthias Schiffer | |
2012-11-05 | Implement peer groups | Matthias Schiffer | |
2012-11-02 | Directly use peer when receiving on associated sockets | Matthias Schiffer | |
2012-11-02 | Keep track of corresonding peers in associated sockets | Matthias Schiffer | |
2012-11-01 | Dynamically create and destroy sockets without fixed binds | Matthias Schiffer | |
2012-11-01 | Move unistd.h include to fastd.h | Matthias Schiffer | |
2012-11-01 | Handle socket errors | Matthias Schiffer | |
2012-11-01 | Refactor bind address configuration | Matthias Schiffer | |
2012-10-29 | Fix bind error messages | Matthias Schiffer | |
2012-10-29 | Add support for multiple binds | Matthias Schiffer | |
2012-09-21 | Nicely encapsulate different crypto algorithm implementations | Matthias Schiffer | |
2012-09-16 | Fix alignment for NaCl's core2 assembler implementation of AES128-CTR | Matthias Schiffer | |
2012-09-16 | Ignore SIGPIPE | Matthias Schiffer | |
We want this because of reasons. Just to be sure. | |||
2012-09-15 | Use inline function for alignment | Matthias Schiffer | |
2012-09-15 | Add support for using kernel implementations of GHASH | Matthias Schiffer | |
This doesn't really improve performance on my Intel CPU (I guess due to the context switches), but more tests have to be made, in combination with offloading the AES to the kernel as well, and on different hardware. | |||
2012-09-15 | Rework some parts of the AES128-GCM method | Matthias Schiffer | |
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily. | |||
2012-09-15 | Improve data alignment | Matthias Schiffer | |
Ensure that the actual packet data is always aligned to a multiple of 8. |