Merging of the entire pre5 branch.

README

@@ -1,7 +1,7 @@
-This is the README file for tinc version 1.0pre4. Installation
+This is the README file for tinc version 1.0pre5. Installation
 instructions may be found in the INSTALL file.
 
-tinc is Copyright (C) 1998-2001 by:
+tinc is Copyright (C) 1998-2002 by:
 
 Ivo Timmermans <itimmermans@bigfoot.com>,
 Guus Sliepen <guus@sliepen.warande.net>,
@@ -18,12 +18,16 @@ your option) any later version. See the file COPYING for more details.
 Security statement
 ------------------
 
-In august 2000, we discovered the existence of a security hole in all
-versions of tinc up to and including 1.0pre2. This had to do with the
-way we exchanged keys. Since then, we have been working on a new
-authentication scheme to make tinc as secure as possible. The current
-version uses the OpenSSL library and does authentication in much the
-same way as the SSH protocol does.
+In August 2000, we discovered the existence of a security hole in all versions
+of tinc up to and including 1.0pre2. This had to do with the way we exchanged
+keys. Since then, we have been working on a new authentication scheme to make
+tinc as secure as possible. The current version uses the OpenSSL library and
+uses strong authentication with RSA keys.
+
+On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc
+1.0pre4. Due to a lack of sequence numbers and a message authentication code
+for each packet, an attacker could possibly disrupt certain network services or
+launch a denial of service attack by replaying intercepted packets.
 
 Cryptography is a hard thing to get right. We cannot make any
 guarantees. Time, review and feedback are the only things that can
@@ -31,6 +35,14 @@ prove the security of any cryptographic product. If you wish to review
 tinc or give us feedback, you are stronly encouraged to do so.
 
 
+Changes to configuration file format
+------------------------------------
+
+Some configuration variables have different names now. Most notably "TapDevice"
+should be changed into "Device", and "Device" should be changed into
+"BindToDevice".
+
+
 Requirements
 ------------
 
@@ -41,6 +53,9 @@ this library is not installed on you system, configure will fail.  The
 manual in doc/tinc.texi contains more detailed information on how to
 install this library.
 
+In order to compile tinc, you will also need autoconf, automake, GNU make, m4
+and gettext.
+
 
 Features
 --------
@@ -68,3 +83,20 @@ This version supports multiple subnets at once. They are also sorted
 on subnet mask size. This means that it is possible to have
 overlapping subnets on the VPN, as long as their subnet mask sizes
 differ.
+
+Since pre5, tinc can operate in several routing modes. The default mode,
+"router", works exactly like the older version, and uses Subnet lines to
+determine the destination of packets. The other two modes, "switch" and "hub",
+allow the tinc daemons to work together like a single network switch or hub.
+This is useful for bridging networks.
+
+The algorithms used for encryption and generating message authentication codes
+can now be changed in the configuration files. All cipher and digest algorithms
+supported by OpenSSL can be used. Useful ciphers are "blowfish" (default),
+"bf-ofb", "des", "des3", etcetera. Useful digests are "sha1" (default), "md5",
+etcetera.
+
+Preliminary support for routing IPv6 packets has been added. Just add Subnet
+lines with IPv6 addresses (without using :: abbreviations) and use ifconfig to
+give the virtual network interface corresponding IPv6 addresses.
+Autoconfiguration will not work in router mode.