Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-01-16 | Comment typo fixes | Matthias Schiffer | |
2015-01-14 | Refactor handling of platforms without user/group settings (Android) | Matthias Schiffer | |
2015-01-14 | Update copyright years | Matthias Schiffer | |
2015-01-14 | android_ctrl_sock: include and whitespace cleanup | Matthias Schiffer | |
2015-01-14 | Add Android 4.1+ support. See doc/README-Android.md for build HOWTO. | Rick Lei | |
* Update CMake files to work with android-cmake * Use unix domain socket for communicating with Android GUI * May also run standalone but requires rooted Android device | |||
2015-01-14 | Reset all connections on SIGUSR2 | Matthias Schiffer | |
2015-01-14 | Allow to configure methods per peer group | Matthias Schiffer | |
2015-01-12 | Make MTU mismatches fatal | Matthias Schiffer | |
As fastd calculates its receive buffer sizes based on the MTU, not matching MTUs is bound to cause issues anyways, so let's fail completely. | |||
2015-01-11 | doc: move comments from generated source files to headers | Matthias Schiffer | |
Unfortunately, Doxygen stopped interpreting the .c.in files as C source files a while ago. Move the comments to the header files to avoid the Doxygen warnings. | |||
2015-01-11 | More doxygen fixes | Matthias Schiffer | |
I keep forgetting this... | |||
2015-01-11 | config: allow ipv4/ipv6 keywords before static addresses | Matthias Schiffer | |
2015-01-10 | poll: more include cleanup | Matthias Schiffer | |
2015-01-10 | poll:remove sys/signal.h include | Matthias Schiffer | |
This had been added accidentially. | |||
2015-01-09 | Comment typo fix | Matthias Schiffer | |
2015-01-09 | ec25519-fhmqvc: don't check group order of peers' public keys | Matthias Schiffer | |
Skipping this check will significantly speed up startup with many peers. As we now do embedded group order verification, an attacker can't gain anything from small-subgroup attacks, so skipping the check isn't a security issue. | |||
2015-01-09 | ec25519-fhmqvc: optimize handshake by using embedded group element verification | Matthias Schiffer | |
Using the embedded group element verification allows us to get away without explicit verification, thus needing one scalar multiplication less. This reduces the number of expensive operations needed for a handshake to three: one Galois field square root (for key unpacking) and two scalar multiplications. For this optimization to be secure, private keys must be divisible by 8. This is the case for all keys generated with all but extremely old versions of fastd (pre-0.4). If fastd finds that its secret is not divisible by 8, it will refuse to start now. | |||
2015-01-09 | Move protocol-specific TLV specifications to main handshake record enum | Matthias Schiffer | |
2015-01-09 | poll: define SYS_epoll_pwait if it isn't available | Matthias Schiffer | |
2015-01-09 | ec25519-fhmqvc: unpack peers' keys only once | Matthias Schiffer | |
2015-01-09 | poll: directly call epoll_pwait syscall instead of using the libc wrapper | Matthias Schiffer | |
There are systems without the wrapper (e.g. older Android versions), and the wrapper is broken in some versions of uClibc. | |||
2015-01-09 | More comment fixes | Matthias Schiffer | |
2015-01-09 | Add support for a new big-endian handshake format | Matthias Schiffer | |
Because of strange dicisions in the past, fastd currently uses little endian type and length values in its handshake. As the common network byte order is big endian, changing the handshake format would be preferable. This commit adds support for a new big-endian handshake. For now, fastd will continue to send little-endian handshakes so ensure backwarts compatiblity, but if it receives a big-endian handshake, it will respond with a big-endian one. | |||
2015-01-08 | ecc25519-fhmqvc: add doxygen comments to the key check functions | Matthias Schiffer | |
2015-01-06 | status socket: better error messages on bind errors | Matthias Schiffer | |
2015-01-06 | ec25519-fhmqvc: additional key checks | Matthias Schiffer | |
Until now, it wasn't checked if a public key was the identity element. I don't think this mistake allows any actual attacks against the handshake though. | |||
2015-01-06 | handshake: get rid of stpcpy | Matthias Schiffer | |
stpcpy was added in POSIX.1-2008 and is not present on some systems like Android. | |||
2014-11-15 | Use the peer key instead of the name as keys in the status socket output | Matthias Schiffer | |
This fixes the status socket segfault in a nicer way than the reverted commit "Use peer specifier from log instead of the peer name for the status output". | |||
2014-11-15 | ec25519-fhmqvc: extend describe_peer to return the whole key | Matthias Schiffer | |
2014-11-15 | Revert "Use peer specifier from log instead of the peer name for the status ↵ | Matthias Schiffer | |
output" This reverts commit be929dbe2dffa82ca1f91538f56a1bb0490000bd. | |||
2014-11-15 | Fix segfault when checking peer addresses | Matthias Schiffer | |
This segfault would occur when a peer with a static IP address (e.i. not a hostname resolved via DNS) is read, and any other peer after that. | |||
2014-11-12 | Use peer specifier from log instead of the peer name for the status output | Matthias Schiffer | |
This fixes a crash when status sockets are used with peers without names, but the JSON output format is changed: named peers will now use "<name>" as key instead of "name". | |||
2014-11-11 | ec25519-fhmqvc: add missing Doxygen comment | Matthias Schiffer | |
2014-10-22 | Use big endian for handshake field values by default | Matthias Schiffer | |
At the moment the only multi-byte field is the MTU; it is kept in little endian to provide backwards compatiblity. Future fields will be big endian. | |||
2014-10-13 | ec25519-fhmqvc: improve unknown key message | Matthias Schiffer | |
2014-09-26 | Don't forward frames with local destination MAC address | Matthias Schiffer | |
2014-09-26 | Move get_source_address and get_dest_address to fastd.h | Matthias Schiffer | |
2014-09-20 | Some handshake fixes for future protocol extensions | Matthias Schiffer | |
Extensions for arbitrary-length integers. | |||
2014-09-16 | More fixes for zero-length VLAs | Matthias Schiffer | |
2014-09-16 | Fix undefined behaviour due to zero length VLAs in null+* methods | Matthias Schiffer | |
2014-09-15 | Don't try to poll on invalid status socket FD | Matthias Schiffer | |
2014-09-15 | Reorder fields of the peer structure | Matthias Schiffer | |
This tries to get the structure a bit smaller and improve cache locality. | |||
2014-09-15 | status: add uptime and established times | Matthias Schiffer | |
2014-09-12 | Add per-peer stats | Matthias Schiffer | |
2014-09-12 | Restructure traffics stats to keep all stats in a single structure | Matthias Schiffer | |
2014-09-10 | ec25519-fhmqvc: refactor old session check code | Matthias Schiffer | |
2014-09-09 | Add current method of connections to status output | Matthias Schiffer | |
2014-09-08 | Make stats of reordered packets | Matthias Schiffer | |
2014-09-06 | Move UNUSED attribute to the start of arguments to help editors understand ↵ | Matthias Schiffer | |
the syntax | |||
2014-09-06 | Don't count stats when WITH_STATUS_SOCKET is not set | Matthias Schiffer | |
2014-09-06 | Fix async command waitpid error handling (again...) | Matthias Schiffer | |