Mathew Heard

Stable builds would be really useful too

From #110 > But according to @gsliepen, this is not so easy / there is trade-off involved, because the OpenSSL interface that Tinc used in the past for AES(-NI) is...

@gsliepen gcrypt also has support for AES-NI as of 1.5.0 (https://www.phoronix.com/scan.php?page=news_item&px=OTYxMw) It looks to be automatically detected and used if available on the processor.

I investigated AES-NI detection and detirmined it to be a bit of a pain. Easier on newer GCCs but older GCCs are finiky requiring autoconf or ifdefs by GCC version....

I've currently acheived my first communicating builds with AES in place of chacha. I still need to integrate sequence numbers and digest checks (since the polly tag isnt in use)....

In regards to cipher negotiation @gsliepen will need to do a protocol extension for integration. I don't want to be making breaking protocol changes or introducing a protocol fork.

Looking at the available APIs for AES it doesnt look I can feed the IV with seqnums easily for each encrypt. The AES-GCM standard for inspiration it does a fixed...

@gsliepen I left a few comments from a read through of the commit. I should be able to fire up a test network with it over the weekend and give...

Regarding cache I think it's perfectly acceptable to employ a heavy level of route caching. Not only is it something that should not change frequently route switches for small changes...

How does this PR affect relayed connections? i.e A has 10.0.0.1/24 B has 10.0.0.2/24 C has 10.0.0.3/24 D has 10.0.0.4/24 i.e where A is not connected to D but B&C...