-
Notifications
You must be signed in to change notification settings - Fork 1
/
ChangeLog
204 lines (112 loc) · 8.15 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
Version 1.999.128:
- tun2socks: add option --append-source-to-username to give the SOCKS server the source IP of the connection
- tun2socks: IPv6 support, and updated to newer version of lwIP
- tun2socks: fix some bugs/crashes
- tun2socks, udpgw: transparent DNS forwarding, though no Windows support on udpgw side (contributed by Kerem Hadimli)
- NCD: preliminary support for dynamically loading commands
Version 1.999.127:
- client, server: implement experimental support for performing SSL operations in worker threads. Currently it's rather inefficient.
- NCD: modules: value: implement value::append() for appending to a list
- NCD: modules: net_iptables: add single-argument form of append and insert commands, allowing for generic use
- NCD: modules: net_iptables: implement net.iptables.insert() and net.ebtables.insert()
- NCD: modules: sys_start_process: implement options, including username, term_on_deinit and deinit_kill_time
- NCD: modules: sys_request_server: implement _caller in request handler
- NCD: modules: add getenv()
- NCD: modules: daemon: implement options, including username option
- NCD: modules: runonce: add new options format with a map, implement username option
- NCD: modules: add buffer(), which exposes a buffer with efficient appending and removing from the beginning.
- NCD: add a new internal string representation called ComposedString. This allows modules to expose the concatenation of multiple memroy buffers as a single string value, efficiently.
- fix many, hopefully all, strict aliasing violations. In particular, this fixes a bug where the DHCP client integrated into NCD won't work correctly, subject to optimization flags.
- NCD: modules: sleep: interpret empty string as no sleeping, add sleep(ms_start) with one argument
- NCD: modules: add log(), log_r() and log_fr() commands for logging via the BLog system
Version 1.999.126:
- NCD: modules: sleep: interpret empty string time as no sleeping, add sleep(ms_start) with one argument
- NCD: modules: add log module for message logging using the BLog system
- NCD: implement the "include" and "include_guard" directives, which allow separating reusable code into files
- NCD: modules: call2: implement call_with_caller_target(), which makes it easier to write reusable code that calls back user-provided code
- NCD: modules: call2: remove call2_if(), call2_ifelse(), embcall2(), embcall2_if(), embcall2_ifelse()
- NCD: modules: add sys.start_process(), which implements starting and controlling external processes and reading/writing their stdout/stdin
- tun2socks: implement SOCKS password authentication
- NCD: track the depth of values and limit the maximum depth. This avoids stack overflow with very deeply nested values.
- NCD: modules: add substr()
- NCD: process_manager: add 2-argument start() method which doesn't take a process identifier
- NCD: process_manager: allow process identifiers to be any value not just strings
- NCD: multidepend, depend_scope: fix immediate effect order when a depend finishes backtracking
- NCD: add depend_scope module to do exactly what the multidepend module does, but with separate non-global dependency name scopes
- NCD: multidepend: allow dependency names to be any value not just strings
- NCD: implement value::insert(what) for appending to a list
- NCD: change the format of addresses in sys.request_server() and sys.request_client() to be the same as in the socket module
- NCD: add socket module (sys.connect() and sys.listen())
- NCD: fix bug where duplicate template/process names would not be detected and weird behaviour would result
- NCD: add backtrack_point() for simple backtracking
- NCD: add file_open() for more complete file I/O
- NCD: implement parse_ipv6_addr() and parse_ipv6_cidr_addr()
- NCD: port to Emscripten/Javascript, for the in-browser demo
- NCD: many performance and memory usage improvements
- NCD: add assert_false()
- NCD: don't link to OpenSSL to for random number generator. Use /dev/urandom instead to generate XIDs for DHCP.
- NCD: deprecate ip_in_network() and instead add net.ipv{4,6}.addr_in_network(), net.ipv{4,6}.ifnot_addr_in_network()
- NCD: implement some IPv6 modules: net.ipv6.addr(), net.ipv6.route()
- NCD: support CIDR style addr/prefix addresses in various modules
- NCD: recognize Elif and Else with capital first letter to be consistent with other reserved keywords
Version 1.999.123:
- NCD: performance improvements related to finding modules for statements
- NCD: performance improvements related to resolving object names
- NCD: performance improvements related to instantiating statement arguments
- NCD: add value::replace_this() and value::replace_this_undo()
- NCD: add value::reset()
- NCD: add value::replace() and value::replace_undo()
- Port to compile with MSVC for Windows.
- NCD: add Foreach clause
- NCD: implement _caller in spawn(), add spawn::join()
- NCD: add explode()
- NCD: add hard_reboot() and hard_poweroff()
- NCD: add file_stat() and file_lstat()
- NCD: fix regex_replace() semantics. It was very broken because it did a complete replacement pass for every regex on the list, so it would match parts that have already been replaced, producing unexpected results.
- NCD: small performance improvement
Version 1.999.121:
- NCD: improve error handling semantics; see http://code.google.com/p/badvpn/source/detail?r=1376
- NCD: fix assertion failure in sys.evdev() if a device error occurs (e.g. device unplugged) while an event is being processed. Similar fix in some other modules, but these may not be reproducable.
- NCD: some more performance improvements
- NCD: some performance improvements (~30% faster interpretation of cpu-bound code)
- NCD: implemented If..elif..else clause.
- NCD: net.backend.wpa_supplicant: fix to work with wpa_supplicant>=1.0
Version 1.999.115:
- NCD: Many improvements; new statements, including call(), alias(), foreach(), choose().
Version 1.999.113:
- NCD: when starting child processes, make sure that file descriptors for standard
streams are always open in the child, by opening /dev/null if they are not.
- Improve build system to allow selective building of components.
By default, everything is built, unless -DBUILD_NOTHING_BY_DEFAULT=1 is given.
Individual components can then be enabled or disabled using -DBUILD_COMPONENT=1
and -DBUILD_COMPONENT=0.
- When starting any BadVPN program, make sure that file descriptors for standard
streams are always open in the child, by opening /dev/null if they are not.
- NCD: net.backend.wpa_supplicant(): add 'bssid' and 'ssid' variables to allow
determining what wireless network wpa_supplicant connected to.
- NCD: net.backend.wpa_supplicant(): do not require the user to start wpa_supplicant via
stdbuf, but do it automatically.
Version 1.999.111:
- Improved protocol such that peers can use SSL when comminicating via the server. This
improves security, as compromising the server will not allow the attacker to see secret
data shared by peers (in particular, encryption keys and OTP seeds when in UDP mode).
Compatibility is preserved if an only if the following conditions are met:
- The server is using the latest version.
- If the network is using SSL, all clients using the new version are using the
"--allow-peer-talk-without-ssl" command line option.
Be aware, however, that using the "--allow-peer-talk-without-ssl" option negates the
security benefits of the new SSL support - not only between pairs of peers where one
peer is using the old version, but also between pairs where both peers are capable
of SSL. This is because the server can re-initialize the pair, telling them not to use
SSL.
Version 1.999.107:
- Added Windows IOCP support, removing the limitation on ~64 connections. This is important
for tun2socks, which may have to handle several hundred connections.
Version 1.999.105.2:
- Fixed an assertion failure in tun2socks related to sending data to SOCKS.
Version 1.999.101.3:
- Fixed UDP transport on Windows 7 which didn't work (was only tested on XP).
Version 1.999.101:
- Fixed a protocol issue present in versions <=1.999.100.3. Compatibility is preserved in
case of a new server and old clients, but it is not possible to connect to an old server
with a new client.