iodine/CHANGELOG

iodine - http://code.kryo.se/iodine

***********************************

CHANGES:

2009-xx-xx: 0.x.x
	- Fixed segfault in server when sending version reject.
	- Applied patch to make iodine build on BeOS R5-BONE and Haiku,
		from Francois Revol. Still work to do to get tun device working.
	- Added capability to forward DNS queries outside tunnel domain to
		a nameserver on localhost. Use -b port to enable, fixes #31.
	- iodined now replies to NS request on its own domain, fixes issue #33.
		The destination IP address is sent as reply. Use -n to specify
		a specific IP address to return (if behind NAT etc).
	- Upstream data is now Base64 encoded if relay server preserves case and
		supports the plus (+) character in domain names, fixes #16.
	- Fixed problem in client when DNS trans. ID has highest bit set (#37)
	- IP addresses are now assigned within the netmask, so iodined can
		use any address for itself, fixes #28.
	- Netmask size is now adjustable. Setting a small net will reduce the
		number of users. Use x.x.x.x/n notation on iodined tunnel ip.
		This fixes #27.
	- Downstream data is now fragmented, and the fragment size is auto-
		probed after login. Fixes #7. It only took a few years :)

2008-08-06: 0.4.2 "Opened Zone"
	- Applied a few small patches from Maxim Bourmistrov and Gregor Herrmann
	- Applied a patch for not creating and configuring the tun interface,
		Debian bug #477692 by Vincent Bernat, controlled by -s switch
	- Applied a security patch from Andrew Griffiths, use setgroups() to
		limit the groups of the user
	- Applied a patch to make iodine build on (Open)Solaris, from Albert Lee
		Needs TUN/TAP driver http://www.whiteboard.ne.jp/~admin2/tuntap/
		Still needs more code in tun.c for opening/closing the device
	- Added option in server (-c) to disable IP/port checking on packets,
		will hopefully help when server is behind NAT
	- Fixed bug #21, now only IP address part of each packet is checked.
		Should remove the need for the -c option and also work with
		bugfixed DNS servers worldwide.
	- Added -D option on server to enable debugging. Debug level 1 now 
		prints info about each RX/TX datagram.

2007-11-30: 0.4.1 "Tea Online"
	- Introduced encoding API
	- Switched to new Base32 implementation
	- Added Base64 implementation that only uses 63 chars (not used yet)
	- Refined 'install' make target and use $(MAKE) for recursive calls
	- All received error messages (RCODE field) are echoed
	- Top domain limited to 128 chars
	- Case preservation check sent after login to decide codec
	- Fixed crash on incoming NULL query in server with bad top domain
	- /etc/resolv.conf is consulted if no nameserver is given on commandline
	- Applied patch from Matthew W. S. Bell (Detach before chroot/dropping priv)

2007-03-25: 0.4.0 "Run Home"
	- Added multiuser support (up to 8 users simultaneously)
	- Added authentication (password entered as argument or on stdin)
	- Added manpage
	- Added install/uninstall make target
	- Cleanup of dns code, more test cases, use check library
	- Changed directory structure

2006-11-08: 0.3.4
	- Fixed handshake() buffer overflow
	  (Found by poplix, Secunia: SA22674 / FrSIRT/ADV-2006-4333)
	- Added more tests
	- More name parsing enhancements
	- Now runs on Linux/AMD64
	- Added setting to change server port

2006-11-05: 0.3.3
	- Fixed possible buffer overflow
	  (Found by poplix, Bugtraq ID: 20883)
	- Reworked dns hostname encoding

2006-09-11: 0.3.2
	- Support for NetBSD
	- Fixed potential security problems
	- Name parsing routines rewritten, added regression tests
	- New encoding, 25% more peak upstream throughput
	- New -l option to set local ip to listen to on server

2006-07-11: 0.3.1 
	- Add Mac OSX support
	- Add setting device name
	- Use compression of domain name in reply (should allow setting MTU 
		approx 200 bytes higher)

2006-06-24: 0.3.0
	- First public release
	- Support for Linux, FreeBSD, OpenBSD