Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-03-03 | Make 'peer limit 0' allow no connections | Matthias Schiffer | |
2013-03-02 | Print error message on aborts due to buffer push/pull errors | Matthias Schiffer | |
2013-03-01 | Identify peers be key in log output when no name is available | Matthias Schiffer | |
2013-02-27 | Don't set the peer address for temporary peers before the session is ↵ | Matthias Schiffer | |
actually established Doing so could lead to duplicate address entries in different peers, causing very strange behaviour. Add additional parameters for the local and the peer address to fastd_shell_exec() to allow the on-verify script to use this information nevertheless. | |||
2013-02-26 | Experimental support for accepting connections from unknown peers | Matthias Schiffer | |
2013-02-25 | Add public keys to shell environment | Matthias Schiffer | |
2013-02-25 | Get rid of some duplicate code for calling shell commands | Matthias Schiffer | |
2013-02-23 | Subtract splay time to key refresh interval | Matthias Schiffer | |
A random splay time of up to 5 minutes will ensure that simultaneous handshakes with many peers are desynchronized as fast as possible. | |||
2013-02-23 | Use fastd_peer_t instead of fastd_peer_config_t in handshake code | Matthias Schiffer | |
Directly using the peers allows us to get rid of the inefficient get_peer() function and is necessary for adding support for unknown peers. | |||
2013-01-24 | resolver: write whole hostname instead of a pointer to the resolver pipe | Matthias Schiffer | |
Shouldn't make a difference, but feels cleaner now, and silences a clang-analyzer warning. | |||
2013-01-21 | Add error message for OOM on buffer alloc | Matthias Schiffer | |
2013-01-15 | Move version number to build system | Matthias Schiffer | |
2013-01-12 | Post-release version bump | Matthias Schiffer | |
2013-01-10 | fastd 7v7 | Matthias Schiffer | |
2013-01-05 | Adjust copyright years | Matthias Schiffer | |
2013-01-04 | Set supplementary groups | Matthias Schiffer | |
2012-12-25 | Remove capability locking feature | Matthias Schiffer | |
This isn't our job, so there is no reason to support this. | |||
2012-12-24 | Add user switching and capability support | Matthias Schiffer | |
2012-12-23 | Set FD_CLOEXEC on all file descriptors, use non-blocking IO for sockets and TUN | Matthias Schiffer | |
2012-12-18 | Convert type names to _t convention | Matthias Schiffer | |
2012-12-08 | Increment version for new development | Matthias Schiffer | |
2012-11-10 | fastd 6v6 | Matthias Schiffer | |
2012-11-06 | fastd 6-rc1v6-rc1 | Matthias Schiffer | |
2012-11-05 | Implement peer groups | Matthias Schiffer | |
2012-11-02 | Directly use peer when receiving on associated sockets | Matthias Schiffer | |
2012-11-02 | Keep track of corresonding peers in associated sockets | Matthias Schiffer | |
2012-11-01 | Dynamically create and destroy sockets without fixed binds | Matthias Schiffer | |
2012-11-01 | Move unistd.h include to fastd.h | Matthias Schiffer | |
2012-11-01 | Refactor bind address configuration | Matthias Schiffer | |
2012-10-29 | Add support for multiple binds | Matthias Schiffer | |
2012-09-21 | fastd v0.5v0.5 | Matthias Schiffer | |
2012-09-21 | Nicely encapsulate different crypto algorithm implementations | Matthias Schiffer | |
2012-09-16 | Imcrement rc versionv0.5-rc4 | Matthias Schiffer | |
2012-09-16 | Handle posix_memalign return value | Matthias Schiffer | |
This is nothing we could handle correctly (well, in the long run we should print and error message), but at least this silences a warning with _FORTIFY_SOURCE. | |||
2012-09-16 | Increment rc versionv0.5-rc3 | Matthias Schiffer | |
2012-09-16 | Make implementations used for AES128-CTR and GHASH configurable. | Matthias Schiffer | |
2012-09-16 | Fix alignment for NaCl's core2 assembler implementation of AES128-CTR | Matthias Schiffer | |
2012-09-15 | Use inline function for alignment | Matthias Schiffer | |
2012-09-15 | Add support for kernel AES implementations | Matthias Schiffer | |
This gives AES128 a slight boost on my system, but it is still slower than XSalsa20... I should probably write userspace code that can make use of AES-NI and CLMUL. Or directly jump to the kernel space with the whole forwarding code. Nevertheless, this might run nicely on Geode CPUs and similar hardware with AES acceleration, at least if the context switches aren't too expensive... | |||
2012-09-15 | Add support for using kernel implementations of GHASH | Matthias Schiffer | |
This doesn't really improve performance on my Intel CPU (I guess due to the context switches), but more tests have to be made, in combination with offloading the AES to the kernel as well, and on different hardware. | |||
2012-09-15 | Rework some parts of the AES128-GCM method | Matthias Schiffer | |
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily. | |||
2012-09-15 | Improve data alignment | Matthias Schiffer | |
Ensure that the actual packet data is always aligned to a multiple of 8. | |||
2012-07-01 | Version incrementv0.5-rc2 | Matthias Schiffer | |
2012-07-01 | Version incrementv0.5-rc1 | Matthias Schiffer | |
2012-07-01 | Add support for multiple crypto methods without reconfiguration | Matthias Schiffer | |
2012-06-24 | Release 0.4v0.4 | Matthias Schiffer | |
2012-06-15 | Version incrementv0.4-rc13 | Matthias Schiffer | |
2012-06-15 | Avoid using the same handshake key to establish more than one session | Matthias Schiffer | |
This fix prevents a potential attack using intentional packet reordering to initialize more than one session with using the same handshake keys, leading to more that one session to be initialized with the same key data altogether, allowing to decrypt some packets in the worst case. | |||
2012-06-07 | Limit handshake frequency where possible | Matthias Schiffer | |
2012-06-06 | Limit resolve frequency | Matthias Schiffer | |