New message authentication code UMAC
The new message authentication code UMAC provides very high security with much higher performance than the old GMAC methods. “salsa2012+umac” and “null+salsa2012+umac” are the new recommended methods for authenticated encryption and authenticated-only operation.
A unix socket can be configured with the new status socket option. fastd will dump its current state as JSON on every connection on this socket; this status output is much more detailed than the old SIGUSR1 output. SIGUSR1 is ignored now.
To compile fastd with status socket support, libjson-c is required. An example script to get the status can be found at
MacOS X support
fastd should now also run on recent versions of MacOS X. The inofficial TUN/TAP driver is required for this.
New Sphinx-based documentation
Fix warnings with CMake 3.0
OpenWrt: allow setting on-connect, on-verify, on-establish… hooks via UCI
OpenWrt: allow specifying bind interfaces in UCI
Signal handling improvements
This should fix an issue where asynchronous handler scripts would be left as zombie processes occasionally.
Config check fixes in TUN mode
For some configuration mistakes, fastd would segfault instead of printing an error message.
Nicer error messages for common configuration mismatches like having no common methods
When no port is given in a bind directive, a new random port will be chosen now for every new connection attempt (like it was already done when no bind address was configured at all)
This allows setting additional bind options like interface binds without setting a static port.
The peer hashtable is now grown dynamically to reduce memory usage for small numbers of peers and improve performance for huge numbers of peers
Major refactoring: the internal peer and peer config structs have been merged
Internally, int64 timestamps in milliseconds are now used always instead of struct timespec
Milliseconds resolution and int64 range is completely sufficient, and many parts of the code have become simpler due to this change.