| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When src/tests/qemu/Makefile downloads tarballs, they may be corrupted
by accident or malice. Detect such errors by comparing the downloaded
files to their known-good hashes.
In the case of iperf there is actually a chance of a successful MitM
attack because the tarball is downloaded over plain HTTP if the mirror
(https://download.wireguard.com/...) isn't reachable for some reason.
Only the kernel tarball isn't checked, because the makefile needs to
work with many different kernel versions.
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The 3.10 kernel from Red Hat puts head_frag in between headers_start and
headers_end. This is triggered on the latest i40e driver. This results
in the packet being freed incorrectly, crashing the system. So, this
patch just ensures we don't zero any of the header bits.
The whole issue of zeroing header bits probably should be revisited
sometime somewhat soon.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GCC 8.1 does not know about the invariant `0 <= ctx->num < POLY1305_BLOCK_SIZE`.
This results in a warning that `memcpy(ctx->data + num, inp, len);` may
overflow the `data` field, which is correct for arbitrary values of `num`.
To make the invariant explicit we ensure that `num` is in the required range.
An alternative would be to change `ctx->num` to a 4-bit bitfield at the point
of declaration.
This changes the code from `test ebp, ebp; jz end` to `and ebp, 15; jz
end`, which have identical performance characteristics.
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
| |
|
| |
|
|
|
|
| |
Suggested-by: Samuel Neves <sneves@dei.uc.pt>
|
|
|
|
| |
Suggested-by: Samuel Neves <sneves@dei.uc.pt>
|
| |
|
|
|
|
|
|
| |
Also we satisfy lockdep here.
Suggested-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
|
|
|
|
| |
See: http://git.netfilter.org/libmnl/commit/?id=37c876b55a2c00424ccda5a300ab5fdec1d88b22
|
|
|
|
| |
A little bit more JavaScript for easy copy&pasting.
|
| |
|
| |
|
|
|
|
|
|
|
| |
We're referencing these constants as one contiguous blob, so if there's
any merging that goes on with other constants elsewhere (such as the
kernel's current poly1305 implementation that we hope to replace), then
these will be reordered and have the wrong values.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It might be that a particular route has a different MTU than the
interface, via `ip route add ... dev wg0 mtu 1281`, for example. In this
case, it's important that we don't accidently pad beyond the end of the
MTU. We accomplish that in this patch by carrying forward the MTU from
the dst if it exists. We also add a unit test for this issue.
Reported-by: Roman Mamedov <rm.wg@romanrm.net>
|
|
|
|
|
|
|
|
|
|
|
| |
If we're doing automatic routing with default routes, but the config has
also specified an explicit fwmark, then use that explicit fwmark, even
if it's conflicting, since the administrator has explicitly opted into
using it. Also, when shutting down the interface, we only now remove the
fancy rules if we're in automatic routing mode with default routes.
Suggested-by: Luis Ressel <aranea@aixah.de>
Reported-by: Saeid Akbari <saeidscorp@yahoo.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Reported-by: Mike Pechkin <mike.pechkin@gmail.com>
|
| |
|
| |
|
|
|
|
| |
Also add cselect optimization.
|
|
|
|
| |
It's faster and doesn't use the FPU.
|
| |
|
|
|
|
| |
Some Android 3.18 devices backport this macro.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Some older broken resolvconfs don't support resolvconf -l, but do have a
file in a standard location, so use it.
|
|
|
|
|
|
|
| |
Some older broken resolvconf implementations ignore -m, but do have an
interface-order list. It's better to use this list dynamically, in case
it changes, or in case it's not used by the OS's resolvconf
implementation, such as in the case of systemd or openresolv.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
This reverts commit e5203543a674453ce1e0cbbcb234d3308762fe65.
As swanky as it is to have a really short file, it's hard to justify and
makes me nervous.
|
|
|
|
|
| |
Emscripten is too cumbersome. This code here is much slower, but it's
shorter and simpler.
|
|
|
|
|
|
|
| |
For now it looks like only 4.16 has this, but we'll keep track in case
others add it too.
Upstream-fix: b87b6194be63 ("netlink: put module reference if dump start fails")
|