2006-07-11 11:54:28 +03:00
|
|
|
|
2018-03-24 16:00:37 +02:00
|
|
|
iodine - https://code.kryo.se/iodine
|
2006-07-11 11:54:28 +03:00
|
|
|
|
2023-04-20 14:32:20 +03:00
|
|
|
************************************
|
2006-07-11 11:54:28 +03:00
|
|
|
|
|
|
|
CHANGES:
|
|
|
|
|
2023-04-20 14:32:20 +03:00
|
|
|
master:
|
|
|
|
- Changed deprecated tzsetwall() to tzset() (only used by FreeBSD),
|
|
|
|
patch by Pouria Mousavizadeh Tehrani.
|
2024-07-16 00:56:55 +03:00
|
|
|
- Now builds on macOS even without if_utun.h (pre 10.6).
|
2023-04-20 14:32:20 +03:00
|
|
|
|
2023-04-17 10:59:47 +03:00
|
|
|
2023-04-17: 0.8.0 "Burning Snowman"
|
2015-04-08 09:50:07 +03:00
|
|
|
- Mac OS X: Support native utun VPN devices. Patch by
|
|
|
|
Peter Sagerson, ported from OpenVPN by Catalin Patulea.
|
|
|
|
- Fix compilation failure on kFreeBSD and Hurd, by Gregor Herrmann
|
|
|
|
- Patch from Ryan Welton that fixes compilation warning.
|
2015-06-28 11:36:49 +03:00
|
|
|
- README converted to markdown by Nicolas Braud-Santoni.
|
2015-04-08 09:50:07 +03:00
|
|
|
- Linux: use pkg-config for systemd support flags.
|
|
|
|
Patch by Jason A. Donenfeld.
|
2015-06-28 23:41:54 +03:00
|
|
|
- Add support for IPv6 in the server.
|
|
|
|
Raw mode will be with same protocol as used for login.
|
2015-06-28 21:01:48 +03:00
|
|
|
Traffic inside tunnel is still IPv4.
|
2023-04-17 10:59:47 +03:00
|
|
|
- Update android build to try to support 5.0 (Lollipop) and newer.
|
2020-05-24 17:05:55 +03:00
|
|
|
- Change external IP lookup to using myip.opendns.com via DNS.
|
2021-08-25 23:00:11 +03:00
|
|
|
- Add option to choose IPv4 listen address from external IP lookup.
|
|
|
|
- Add server support for handling multiple domains via wildcard.
|
2022-07-19 00:33:02 +03:00
|
|
|
- Recognize tap device component id 'root' prefix on Windows.
|
2014-06-17 00:43:20 +03:00
|
|
|
|
|
|
|
2014-06-16: 0.7.0 "Kryoptonite"
|
2014-05-29 20:08:20 +03:00
|
|
|
- Partial IPv6 support (#107)
|
|
|
|
Client can connect to iodined through an relaying IPv6
|
|
|
|
nameserver. Server only supports IPv4 for now.
|
2014-02-06 00:08:56 +02:00
|
|
|
Traffic inside tunnel is IPv4.
|
2014-01-29 20:38:39 +02:00
|
|
|
- Add socket activation for systemd, by Michael Scherer.
|
2012-09-03 11:34:27 +03:00
|
|
|
- Add automated lookup of external ip (via -n auto).
|
2014-01-29 20:38:39 +02:00
|
|
|
- Bugfix for OS X (Can't assign requested address)
|
2014-04-08 22:04:17 +03:00
|
|
|
- Fix DNS tunneling bug caused by uninitialized variable, #94
|
|
|
|
- Handle spaces when entering password interactively, fixes #93.
|
|
|
|
Patch by Hagar.
|
|
|
|
- Add -R option to set OpenBSD routing domain for the DNS socket.
|
|
|
|
Patch by laurent at gouloum fr, fixes #95.
|
|
|
|
- Add android patches and makefile, from Marcel Bokhorst, fixes #105.
|
|
|
|
- Added missing break in iodine.c, by Pavel Pergamenshchik, #108.
|
2014-05-29 20:08:20 +03:00
|
|
|
- A number of minor patches from Frank Denis, Gregor Herrmann and
|
|
|
|
Barak A. Pearlmutter.
|
|
|
|
- Testcase compilation fixes for OS X and FreeBSD
|
2014-06-04 11:40:36 +03:00
|
|
|
- Do not let sockets be inherited by sub-processes, fixes #99.
|
2014-06-09 21:05:29 +03:00
|
|
|
- Add unspecified RR type (called PRIVATE; id 65399, in private use
|
|
|
|
range). For servers with RFC3597 support. Fixes #97.
|
2014-06-16 22:12:49 +03:00
|
|
|
- Fix authentication bypass vulnerability; found by Oscar Reparaz.
|
2012-09-03 11:29:54 +03:00
|
|
|
|
|
|
|
2010-02-06: 0.6.0-rc1 "Hotspotify"
|
2009-06-11 20:55:47 +03:00
|
|
|
- Fixed tunnel not working on Windows.
|
2009-06-14 22:50:35 +03:00
|
|
|
- Any device name is now supported on Windows, fixes #47.
|
2009-06-14 23:12:35 +03:00
|
|
|
- Multiple installed TAP32 interfaces are now supported, fixes #46.
|
2009-06-24 19:40:54 +03:00
|
|
|
- Return nonzero if tunnel fails to open, fixes #62.
|
2009-06-24 20:28:13 +03:00
|
|
|
- Support for setting a SELinux context, based on patch by
|
|
|
|
Sebastien Raveau. Sample context file in doc/iodine.te
|
2009-07-16 11:46:21 +03:00
|
|
|
- Allow listen port and DNS forward port to be the same if listen IP
|
|
|
|
does not include localhost.
|
2009-07-23 10:12:37 +03:00
|
|
|
- The client will now exit if configuring IP or MTU fails.
|
|
|
|
- The starting cache miss value is randomized at startup, fixes #65.
|
2009-08-15 16:10:21 +03:00
|
|
|
- Raw UDP mode added. If the iodined server is reachable directly,
|
|
|
|
packets can be sent to it without DNS encoding. Fixes #36.
|
2009-08-16 02:52:47 +03:00
|
|
|
- Do not overwrite users CC/CFLAGS/LDFLAGS, only add to them.
|
2009-08-16 01:02:00 +03:00
|
|
|
- Added -F option to write pidfile, based on patch from
|
|
|
|
misc at mandriva.org. Fixes #70.
|
2009-09-19 11:09:12 +03:00
|
|
|
- Allow password to be set via environment variable, fixes #77.
|
|
|
|
Based on patch by logix.
|
2009-09-19 11:24:59 +03:00
|
|
|
- Client now prints server tunnel IP, fixes #78. Patch by logix.
|
2009-09-20 01:19:09 +03:00
|
|
|
- Fix build error on Mac OS X 10.6, patch by G. Rischard. #79.
|
2009-09-20 19:05:37 +03:00
|
|
|
- Added support for CNAME/TXT/A/MX query types, fixes #75.
|
|
|
|
Patch by Anne Bezemer, merge help by logix.
|
2009-09-21 00:10:48 +03:00
|
|
|
- Merged low-latency patch from Anne Bezemer, fixes #76.
|
2009-09-26 12:42:32 +03:00
|
|
|
- Resolve client nameserver argument if given as hostname, fixes #82.
|
2010-02-08 18:09:45 +02:00
|
|
|
- Open log before chroot, fixes #86: logging on FreeBSD.
|
2012-02-05 09:46:16 +02:00
|
|
|
- Merged big bugfix patch from Anne Bezemer, #88.
|
2009-06-11 20:55:47 +03:00
|
|
|
|
2009-06-01 21:34:50 +03:00
|
|
|
2009-06-01: 0.5.2 "WifiFree"
|
2009-05-14 21:37:38 +03:00
|
|
|
- Fixed client segfault on OS X, #57
|
|
|
|
- Added check that nameserver lookup was successful
|
2009-05-19 09:08:37 +03:00
|
|
|
- Fixed ENOTSOCK error on OS X and FreeBSD, #58.
|
2009-05-14 21:37:38 +03:00
|
|
|
|
2009-03-21 15:12:12 +02:00
|
|
|
2009-03-21: 0.5.1 "Boringo"
|
2009-01-25 19:01:06 +02:00
|
|
|
- Added initial Windows support, fixes #43.
|
2009-02-15 20:24:12 +02:00
|
|
|
- Added length check of autoprobe responses
|
|
|
|
- Refactored and added unit tests
|
|
|
|
- Added syslog logging for iodined on version and login packets
|
2009-02-17 22:48:00 +02:00
|
|
|
- Fixed segfault when encoding just one block, fixes #51.
|
|
|
|
The normal code was never affected by this.
|
2009-02-22 16:27:10 +02:00
|
|
|
- Added win32 code to read DNS server from system, fixes #45.
|
2009-02-22 18:46:50 +02:00
|
|
|
- Disabled password echo on win32, fixes #44.
|
2009-03-04 23:27:48 +02:00
|
|
|
- Fix encoding error making all autoprobing > 1024 bytes fail, #52.
|
2009-03-07 02:32:14 +02:00
|
|
|
- Increase default interface MTU to 1200.
|
|
|
|
- Fix autoprobing error making every third probe fail, set IP flag
|
|
|
|
Dont-Fragment where supported. Fixes #54.
|
2009-03-21 14:51:59 +02:00
|
|
|
- Added TAP32 version 0901 as accepted (#53).
|
2009-01-25 19:01:06 +02:00
|
|
|
|
2009-01-23 21:39:43 +02:00
|
|
|
2009-01-23: 0.5.0 "iPassed"
|
2008-08-07 17:16:12 +03:00
|
|
|
- Fixed segfault in server when sending version reject.
|
2008-08-07 19:53:59 +03:00
|
|
|
- Applied patch to make iodine build on BeOS R5-BONE and Haiku,
|
|
|
|
from Francois Revol. Still work to do to get tun device working.
|
2008-08-08 00:18:15 +03:00
|
|
|
- Added capability to forward DNS queries outside tunnel domain to
|
2008-09-14 16:37:44 +03:00
|
|
|
a nameserver on localhost. Use -b port to enable, fixes #31.
|
2008-09-09 23:55:13 +03:00
|
|
|
- iodined now replies to NS request on its own domain, fixes issue #33.
|
2008-09-14 16:21:11 +03:00
|
|
|
The destination IP address is sent as reply. Use -n to specify
|
|
|
|
a specific IP address to return (if behind NAT etc).
|
2008-09-14 14:34:56 +03:00
|
|
|
- Upstream data is now Base64 encoded if relay server preserves case and
|
|
|
|
supports the plus (+) character in domain names, fixes #16.
|
2009-01-04 01:14:02 +02:00
|
|
|
- Fixed problem in client when DNS trans. ID has highest bit set (#37)
|
2009-01-04 14:39:28 +02:00
|
|
|
- IP addresses are now assigned within the netmask, so iodined can
|
|
|
|
use any address for itself, fixes #28.
|
|
|
|
- Netmask size is now adjustable. Setting a small net will reduce the
|
|
|
|
number of users. Use x.x.x.x/n notation on iodined tunnel ip.
|
|
|
|
This fixes #27.
|
2009-01-10 21:30:55 +02:00
|
|
|
- Downstream data is now fragmented, and the fragment size is auto-
|
|
|
|
probed after login. Fixes #7. It only took a few years :)
|
2009-01-10 22:23:50 +02:00
|
|
|
- Enhanced the checks that validates incoming packets
|
2009-01-16 21:00:37 +02:00
|
|
|
- Fixed endless loop in fragment size autodetection, #39.
|
|
|
|
- Fixed broken hostname dot placing with specific lengths, #40.
|
2008-08-07 16:22:30 +03:00
|
|
|
|
2008-08-06 23:51:20 +03:00
|
|
|
2008-08-06: 0.4.2 "Opened Zone"
|
2008-07-12 14:50:42 +03:00
|
|
|
- Applied a few small patches from Maxim Bourmistrov and Gregor Herrmann
|
|
|
|
- Applied a patch for not creating and configuring the tun interface,
|
|
|
|
Debian bug #477692 by Vincent Bernat, controlled by -s switch
|
2008-07-12 15:06:56 +03:00
|
|
|
- Applied a security patch from Andrew Griffiths, use setgroups() to
|
|
|
|
limit the groups of the user
|
2008-08-06 23:02:34 +03:00
|
|
|
- Applied a patch to make iodine build on (Open)Solaris, from Albert Lee
|
2008-09-14 16:37:44 +03:00
|
|
|
Needs TUN/TAP driver http://www.whiteboard.ne.jp/~admin2/tuntap/
|
|
|
|
Still needs more code in tun.c for opening/closing the device
|
|
|
|
- Added option in server (-c) to disable IP/port checking on packets,
|
2008-07-13 01:39:29 +03:00
|
|
|
will hopefully help when server is behind NAT
|
2008-08-05 17:56:11 +03:00
|
|
|
- Fixed bug #21, now only IP address part of each packet is checked.
|
|
|
|
Should remove the need for the -c option and also work with
|
|
|
|
bugfixed DNS servers worldwide.
|
2008-09-14 16:37:44 +03:00
|
|
|
- Added -D option on server to enable debugging. Debug level 1 now
|
|
|
|
prints info about each RX/TX datagram.
|
2008-07-12 14:50:42 +03:00
|
|
|
|
2007-12-01 00:02:21 +02:00
|
|
|
2007-11-30: 0.4.1 "Tea Online"
|
2007-06-24 13:34:10 +03:00
|
|
|
- Introduced encoding API
|
|
|
|
- Switched to new Base32 implementation
|
2007-11-27 22:11:55 +02:00
|
|
|
- Added Base64 implementation that only uses 63 chars (not used yet)
|
|
|
|
- Refined 'install' make target and use $(MAKE) for recursive calls
|
2007-07-12 01:16:55 +03:00
|
|
|
- All received error messages (RCODE field) are echoed
|
2007-07-12 11:31:29 +03:00
|
|
|
- Top domain limited to 128 chars
|
|
|
|
- Case preservation check sent after login to decide codec
|
2007-07-12 11:38:00 +03:00
|
|
|
- Fixed crash on incoming NULL query in server with bad top domain
|
2007-07-12 16:01:18 +03:00
|
|
|
- /etc/resolv.conf is consulted if no nameserver is given on commandline
|
2007-11-27 22:11:55 +02:00
|
|
|
- Applied patch from Matthew W. S. Bell (Detach before chroot/dropping priv)
|
2007-06-24 13:34:10 +03:00
|
|
|
|
2007-03-25 15:41:20 +03:00
|
|
|
2007-03-25: 0.4.0 "Run Home"
|
2007-03-01 23:07:33 +02:00
|
|
|
- Added multiuser support (up to 8 users simultaneously)
|
2006-11-18 18:08:47 +02:00
|
|
|
- Added authentication (password entered as argument or on stdin)
|
2007-03-01 23:07:33 +02:00
|
|
|
- Added manpage
|
|
|
|
- Added install/uninstall make target
|
|
|
|
- Cleanup of dns code, more test cases, use check library
|
2006-11-18 18:08:47 +02:00
|
|
|
- Changed directory structure
|
|
|
|
|
2006-11-08 23:45:28 +02:00
|
|
|
2006-11-08: 0.3.4
|
|
|
|
- Fixed handshake() buffer overflow
|
|
|
|
(Found by poplix, Secunia: SA22674 / FrSIRT/ADV-2006-4333)
|
|
|
|
- Added more tests
|
2006-11-08 01:12:02 +02:00
|
|
|
- More name parsing enhancements
|
|
|
|
- Now runs on Linux/AMD64
|
|
|
|
- Added setting to change server port
|
|
|
|
|
2006-11-05 15:18:57 +02:00
|
|
|
2006-11-05: 0.3.3
|
2006-11-05 13:47:40 +02:00
|
|
|
- Fixed possible buffer overflow
|
2006-11-08 01:12:02 +02:00
|
|
|
(Found by poplix, Bugtraq ID: 20883)
|
2006-11-05 13:47:40 +02:00
|
|
|
- Reworked dns hostname encoding
|
|
|
|
|
2006-09-11 22:12:20 +03:00
|
|
|
2006-09-11: 0.3.2
|
2006-08-25 18:34:20 +03:00
|
|
|
- Support for NetBSD
|
2006-09-11 22:12:20 +03:00
|
|
|
- Fixed potential security problems
|
2006-08-25 18:34:20 +03:00
|
|
|
- Name parsing routines rewritten, added regression tests
|
2006-08-13 22:18:35 +03:00
|
|
|
- New encoding, 25% more peak upstream throughput
|
|
|
|
- New -l option to set local ip to listen to on server
|
|
|
|
|
2021-08-25 23:00:11 +03:00
|
|
|
2006-07-11: 0.3.1
|
2006-07-11 11:54:28 +03:00
|
|
|
- Add Mac OSX support
|
|
|
|
- Add setting device name
|
2021-08-25 23:00:11 +03:00
|
|
|
- Use compression of domain name in reply (should allow setting MTU
|
2006-07-11 11:54:28 +03:00
|
|
|
approx 200 bytes higher)
|
|
|
|
|
|
|
|
2006-06-24: 0.3.0
|
|
|
|
- First public release
|
|
|
|
- Support for Linux, FreeBSD, OpenBSD
|