Build position-indepent executables, required for Android L (5.0+)
They also work with kitkat.
Add new maketarget "cross-android-old" that builds without PIE
for older versions.
Include both new and old versions in latest-android.zip. Add arm64.
Hopefully solves github PR #14.
Server will by default listen on both IPv4 and IPv6.
No way to only listen on one protocol right now.
Use -L to only listen on a specific v6 address.
IP address to use for raw mode is still IPv4 only.
Use -n on server to make raw mode work from IPv6 clients,
then they will get an IPv4 address from the server for raw mode.
Tunnel data is still IPv4.
Add a struct with multiple dns file descriptors (for IPv4 and IPv6)
and pass this to required areas. Choose which descriptor to use when
sending by looking at the destination address family.
As of 10.6, OS X has native tunnel devices. They are implemented as
sockets rather than character devices, but otherwise they appear to
behave the same as Free/OpenBSD tunnels.
'-d utunX' will tell iodine to use a utun device. For backward
compatibility, we'll continue to default to the old tuntap devices for
now.
This is a port of Peter Sagerson <psagers.github@ignorare.net>'s openvpn
commit 43e5016a.
"Permission to use, copy, modify, and distribute this software" is now
"Permission to use, copy, modify, and/or distribute this software".
Add license header to source files missing one.
Recent versions of systemd don't ship with libsystemd-daemon.so anymore,
but instead use libsystemd.so for everything. This is obviously
problematic for using the same LDFLAGS on old systemd and new systemd.
So, they also ship compatability pkgconfig files, which use the old
names but return the new library. So, the most portable way to support
both old and new systemd is to use pkgconfig. It's not a problem either,
since systems that use systemd are bound to also have pkgconfig
installed.
The client could bypass the password check by continuing after getting error
from the server and guessing the network parameters. The server would still
accept the rest of the setup and also network traffic.
Add checks for normal and raw mode that user has authenticated before allowing
any other communication.
Problem found by Oscar Reparaz.
Add PRIVATE query type with id 65399 (private use range).
According to RFC3597 the reply data in a query with unspecified RR type must be handled
as unstructured binary data, which means it can contain raw packet data just like the NULL type.
Since the reply format is optimal it is ordered just after NULL in the priority order.
The arguments to open_dns() needs to be updated after API change.
Called with 0, INADDR_ANY used to mean port, IP address but now means
pointer to sockadddr and its length. Thanks to C for not giving any
warnings or errors..