summaryrefslogtreecommitdiffstats
path: root/src/fastd.h
AgeCommit message (Collapse)Author
2013-03-08Handle duplicate keysMatthias Schiffer
When two peers are configured with the same key, disable both. When a temporary peer's key is configured, delete the temporary key.
2013-03-04Load peer dirs in the last step of the configurationMatthias Schiffer
Loading the peer dirs directly led to peers being discovered in a different order after reconfigure.
2013-03-03Make 'peer limit 0' allow no connectionsMatthias Schiffer
2013-03-02Print error message on aborts due to buffer push/pull errorsMatthias Schiffer
2013-03-01Identify peers be key in log output when no name is availableMatthias Schiffer
2013-02-27Don't set the peer address for temporary peers before the session is ↵Matthias Schiffer
actually established Doing so could lead to duplicate address entries in different peers, causing very strange behaviour. Add additional parameters for the local and the peer address to fastd_shell_exec() to allow the on-verify script to use this information nevertheless.
2013-02-26Experimental support for accepting connections from unknown peersMatthias Schiffer
2013-02-25Add public keys to shell environmentMatthias Schiffer
2013-02-25Get rid of some duplicate code for calling shell commandsMatthias Schiffer
2013-02-23Subtract splay time to key refresh intervalMatthias Schiffer
A random splay time of up to 5 minutes will ensure that simultaneous handshakes with many peers are desynchronized as fast as possible.
2013-02-23Use fastd_peer_t instead of fastd_peer_config_t in handshake codeMatthias Schiffer
Directly using the peers allows us to get rid of the inefficient get_peer() function and is necessary for adding support for unknown peers.
2013-01-24resolver: write whole hostname instead of a pointer to the resolver pipeMatthias Schiffer
Shouldn't make a difference, but feels cleaner now, and silences a clang-analyzer warning.
2013-01-21Add error message for OOM on buffer allocMatthias Schiffer
2013-01-15Move version number to build systemMatthias Schiffer
2013-01-12Post-release version bumpMatthias Schiffer
2013-01-10fastd 7v7Matthias Schiffer
2013-01-05Adjust copyright yearsMatthias Schiffer
2013-01-04Set supplementary groupsMatthias Schiffer
2012-12-25Remove capability locking featureMatthias Schiffer
This isn't our job, so there is no reason to support this.
2012-12-24Add user switching and capability supportMatthias Schiffer
2012-12-23Set FD_CLOEXEC on all file descriptors, use non-blocking IO for sockets and TUNMatthias Schiffer
2012-12-18Convert type names to _t conventionMatthias Schiffer
2012-12-08Increment version for new developmentMatthias Schiffer
2012-11-10fastd 6v6Matthias Schiffer
2012-11-06fastd 6-rc1v6-rc1Matthias Schiffer
2012-11-05Implement peer groupsMatthias Schiffer
2012-11-02Directly use peer when receiving on associated socketsMatthias Schiffer
2012-11-02Keep track of corresonding peers in associated socketsMatthias Schiffer
2012-11-01Dynamically create and destroy sockets without fixed bindsMatthias Schiffer
2012-11-01Move unistd.h include to fastd.hMatthias Schiffer
2012-11-01Refactor bind address configurationMatthias Schiffer
2012-10-29Add support for multiple bindsMatthias Schiffer
2012-09-21fastd v0.5v0.5Matthias Schiffer
2012-09-21Nicely encapsulate different crypto algorithm implementationsMatthias Schiffer
2012-09-16Imcrement rc versionv0.5-rc4Matthias Schiffer
2012-09-16Handle posix_memalign return valueMatthias Schiffer
This is nothing we could handle correctly (well, in the long run we should print and error message), but at least this silences a warning with _FORTIFY_SOURCE.
2012-09-16Increment rc versionv0.5-rc3Matthias Schiffer
2012-09-16Make implementations used for AES128-CTR and GHASH configurable.Matthias Schiffer
2012-09-16Fix alignment for NaCl's core2 assembler implementation of AES128-CTRMatthias Schiffer
2012-09-15Use inline function for alignmentMatthias Schiffer
2012-09-15Add support for kernel AES implementationsMatthias Schiffer
This gives AES128 a slight boost on my system, but it is still slower than XSalsa20... I should probably write userspace code that can make use of AES-NI and CLMUL. Or directly jump to the kernel space with the whole forwarding code. Nevertheless, this might run nicely on Geode CPUs and similar hardware with AES acceleration, at least if the context switches aren't too expensive...
2012-09-15Add support for using kernel implementations of GHASHMatthias Schiffer
This doesn't really improve performance on my Intel CPU (I guess due to the context switches), but more tests have to be made, in combination with offloading the AES to the kernel as well, and on different hardware.
2012-09-15Rework some parts of the AES128-GCM methodMatthias Schiffer
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily.
2012-09-15Improve data alignmentMatthias Schiffer
Ensure that the actual packet data is always aligned to a multiple of 8.
2012-07-01Version incrementv0.5-rc2Matthias Schiffer
2012-07-01Version incrementv0.5-rc1Matthias Schiffer
2012-07-01Add support for multiple crypto methods without reconfigurationMatthias Schiffer
2012-06-24Release 0.4v0.4Matthias Schiffer
2012-06-15Version incrementv0.4-rc13Matthias Schiffer
2012-06-15Avoid using the same handshake key to establish more than one sessionMatthias Schiffer
This fix prevents a potential attack using intentional packet reordering to initialize more than one session with using the same handshake keys, leading to more that one session to be initialized with the same key data altogether, allowing to decrypt some packets in the worst case.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 23:07:02 +0200