2020-04-26, Version 0.11.3 * many improvements in handling transient socket errors, i.e. no route to host no longer prevents us from trying to reconnect at a later time if the remote endpoint is known * fix a possible deadlock when the queue runs full while a peer is not connected * schedule a keepalive after receiving the first data packet in a responder role * further improve log messages 2020-04-23, Version 0.11.2 * fix endless loop on platforms where char is unsigned, e.g. macppc (fix by Klemens Nanni) * print interface v6 address on -vv * fix log message if no suitable address could be picked 2020-04-07, Version 0.11.1 * move away from GitHub to our own controlled domain, the new website can be found at https://netsend.nl/wiresep and the repository can be cloned at https://netsend.nl/wiresep.git * support stable releases and distribute them through https://netsend.nl/wiresep/archive * minor nitpicks 2020-04-07, Version 0.11.0 * let wiresep-keygen(1) securely store keys in a file * change default file extension of private keys from .key to .privkey * fix initiator role on big-endian systems * fix a crash because of a memory misalignment on sparc64 * fix premature exit with multiple configured interfaces * various improvements to the documentation * improve log messages seen with -v and -vv * lower tunnel mtu from 1420 to 1408 to work better with DSL 2020-03-25, Version 0.10.1 * upstream OpenBSD package patches that fix some build issues on base-gcc (32-bit) archs, patches thanks to Theo Buehler 2020-03-25, Version 0.10.0 * major effort to clarify all log messages * fix all warnings and false positives reported by Clang Static Analyzer * fix some warnings found with GCC 8.3 * enclave: fix byte order conversion of response sender id * wiresep-keygen reorder output * guard most memcpy(3) for OOB writes by using MIN 2020-03-18, Version 0.9.1 * fix crash on first packet in client-only mode * fix an out-of-bound write when parsing an ipv4 listen address * fix logging unknown destination ip6 addresses * fix a warning in client-only mode about finding a suitable local port 2020-03-15, Version 0.9.0 * support client-only mode, the listen configuration directive is now optional * greatly reduce IPC message size * refactor local address selection, fixes race conditions and stability * do not exit when a write to the peer socket fails * shrink socket receive buffers from 524216 to 131054 bytes * queue at most 50 packets instead of 1000 2019-11-20, Version 0.8.4 * default the user to "_wiresep" if omitted * append to CFLAGS from environment and drop default -O0 -g 2019-11-18, Version 0.8.3 * don't change the process name, keep wiresep * let resource limits take the configuration into account * treat OOM errors in the main loop as transient * don't notify proxy to destroy unsent sessions 2019-11-14, Version 0.8.2 * replace dropuser with setresuid(2) * ensure that the log* functions don't change errno * install example config in /usr/local/share/examples * don't run makewhatis(8) on make install * assorted improvements to the documentation 2019-11-03, Version 0.8.1 * avoid compiler error about duplicate enumeration * debug address family mismatches and reason of inactive sessions * don't exit on sendwgdatamsg() failure 2019-10-31, Version 0.8.0 * private and pre-shared keys should now be put in a separate file * automatically look for a private key in /etc/wiresep/tunX.key * automatically look for an optional pre-shared key in: 1. /etc/wiresep/global.psk 2. /etc/wiresep/tunX.psk 3. /etc/wiresep/tunX.peerY.psk 4. /etc/wiresep/peerY.psk * override default paths with new privkeyfile and pskfile config setting * loosen up permission requirements on config file now that it no longer contains any secrets * set tight resource limits on data and stack size and others * updates to documentation and manpages * add wiresep.conf.example * move the default config file to /etc/wiresep/wiresep.conf * fix some inconsistencies in parsing the config file 2019-10-13, Version 0.7.0 * completely reimplement session management to improve reliability and conformance to the specification * only malloc after a new session is authenticated and established * support queueing of multiple packets * log interface statistics on receiving a USR1 signal * be silent on startup * lot's of refinements * raise status from alpha to beta 2019-08-08, Version 0.6.0 * lot's of small refinements and some code restructuring * interface public key is no longer needed or allowed, only the private key * improve DoS resistence in the proxy by looking up sessions in logarithmic time * use gprof plus a new testing harness to measure the performance of the proxy * increase socket receive buffers to eight maximum sized UDP packets * proxy: collect stats and log on SIGUSR1 * improvements to wiresep-keygen(1) 2019-05-05, Version 0.5.0 * first public release