aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Do remove expired leases from allowedipsHEADmasterln/develLinus Nordberg2019-12-121-2/+6
|
* Use siphash for hashtablesThomas Gschwantner2019-12-118-18/+315
|
* Allow /32 and /128 to be omitted in ip= keysThomas Gschwantner2019-12-111-12/+15
|
* radix-trie: fix add() when no poolnodes existThomas Gschwantner2019-12-111-0/+5
|
* Properly send and display wg_errno and errmsgThomas Gschwantner2019-12-114-21/+54
|
* Change request_ip protocolThomas Gschwantner2019-12-114-42/+29
| | | | | | | | | | | | | | ipv4 and ipv6 keys have been combined into one common key, ip. To distinguish between multiple IPs in later versions ip=0.0.0.0/32 and ip=::/128 respectively now mean we want to be assigned a random address from the server. Releasing/not wanting an IP is now done by just not listing that IP, i.e. if we only wanted an (random) ipv4 address the request would look as follows: request_ip=1 ip=0.0.0.0/32
* Postpone freeing memory for leases until after updating allowedipsLinus Nordberg2019-12-111-25/+19
| | | | | | | Changing struct allowedips_update to hold pointers to addresses introduced a use after free bug. Take the opportunity to keep one pointer instead of three.
* radix-trie: implement ipp_removepool_v{4,6}Thomas Gschwantner2019-12-113-10/+109
|
* radix-trie: fix issues related to shadow-/countingThomas Gschwantner2019-12-111-106/+144
| | | | | | | | | | | Previously it was possible that pools would not be correctly shadowed and/or the left or right counters were not updated properly. To fix that, every node now has flags indicating what type of node it is, and if it's shadowed. Furthermore, We determine if a poolnode needs to be (un)shadowed by walking the trie now. remove_node() now also only modifies the left right counters if the target node was actually found.
* radix-trie: fix bug where /64 pools would overflowThomas Gschwantner2019-12-111-10/+8
|
* Fix parsing issue with split messagesThomas Gschwantner2019-12-112-17/+18
| | | | | | | Previously this would trigger a BUG_ON() since the calculation of length & offset was wrong since we added the previous part of the buffer (req->buf) in parse_request(). This meant handle_request() couldn't know how much bytes where actually left in the buffer or their offset.
* radix-trie: allow full use of the v4 address spaceThomas Gschwantner2019-12-113-5/+5
|
* Rename struct ip_pool to be more descriptiveThomas Gschwantner2019-12-113-101/+102
|
* Fix random_bounded() to always be in [0, bound)Thomas Gschwantner2019-12-113-15/+19
| | | | | Previously random_bounded(1) would return values in [0, 1], while values > 1 would return [0, bound).
* Fixup client, including a lot of refactoringThomas Gschwantner2019-12-114-364/+197
|
* Extract all RTNETLINK code into ipm.{c,h}Thomas Gschwantner2019-12-116-128/+263
|
* Serialize/deserialize messages into a structThomas Gschwantner2019-12-113-301/+331
| | | | | | Instead of a list of attributes, parse messages into a proper struct to avoid duplicating code in the server/client for handling this list, as well as making parsing nicer in general.
* Don't validate RTA_GATEWAY and fix an error stringLinus Nordberg2019-12-111-8/+1
|
* Stop passing devname and ifindex aroundLinus Nordberg2019-12-113-25/+28
|
* Ignore routes not for the wg interfaceLinus Nordberg2019-12-113-9/+31
| | | | | Adding 127.0.0.0/8 (lo) for example is not what we want. Didn't happen in tests/netsh.sh because the use of network namespaces.
* server: restore leases from allowedips at startupLinus Nordberg2019-12-112-1/+191
|
* server: add --leasetime as a commandline optionLinus Nordberg2019-12-113-8/+37
|
* lease: handle allowedips updates and improve APILinus Nordberg2019-12-114-136/+229
|
* Fix typo in the previous commits NULL checkLinus Nordberg2019-09-271-1/+1
|
* Fix incorrect use of pubkey ptr in new_lease()Thomas Gschwantner2019-09-101-3/+16
| | | | | | | | | Before this, leases_ht would store the (temporary) pointer to pubkey that's given to new_lease() directly. The memory it's pointing to is overwritten as soon as a new connection comes in however and thus breaking the hashtable. Instead make our own copy of the pubkey and store the pointer to that.
* Fix build issue that occurs on gcc debian 6.3.0-18Thomas Gschwantner2019-08-211-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CC lease.o In file included from /usr/include/arpa/inet.h:22:0, from lease.c:3: lease.c: In function 'new_lease': lease.c:93:30: error: 'const struct in6_addr' has no member named 's6_addr32' bool wants_ipv6 = !ipv6 || !IN6_IS_ADDR_UNSPECIFIED(ipv6); ^ lease.c:93:30: error: 'const struct in6_addr' has no member named 's6_addr32' bool wants_ipv6 = !ipv6 || !IN6_IS_ADDR_UNSPECIFIED(ipv6); ^ lease.c:93:30: error: 'const struct in6_addr' has no member named 's6_addr32' bool wants_ipv6 = !ipv6 || !IN6_IS_ADDR_UNSPECIFIED(ipv6); ^ lease.c:93:30: error: 'const struct in6_addr' has no member named 's6_addr32' bool wants_ipv6 = !ipv6 || !IN6_IS_ADDR_UNSPECIFIED(ipv6); ^ lease.c: In function 'leases_refresh': lease.c:213:10: error: 'const struct in6_addr' has no member named 's6_addr32' if (!IN6_IS_ADDR_UNSPECIFIED(ipv6)) ^ lease.c:213:10: error: 'const struct in6_addr' has no member named 's6_addr32' if (!IN6_IS_ADDR_UNSPECIFIED(ipv6)) ^ lease.c:213:10: error: 'const struct in6_addr' has no member named 's6_addr32' if (!IN6_IS_ADDR_UNSPECIFIED(ipv6)) ^ lease.c:213:10: error: 'const struct in6_addr' has no member named 's6_addr32' if (!IN6_IS_ADDR_UNSPECIFIED(ipv6)) ^ <builtin>: recipe for target 'lease.o' failed make: *** [lease.o] Error 1
* Improve error handling and serializationThomas Gschwantner2019-08-203-88/+88
|
* Don't build wg-dynamic-client until it's fixedThomas Gschwantner2019-08-201-1/+1
|
* Initialize pools from routes via netlinkThomas Gschwantner2019-08-175-29/+191
|
* radix-trie: implement pool shadowingThomas Gschwantner2019-08-022-27/+60
| | | | | | | | | | | | | | Pools are created from routes which can overlap. Consider the following: ip route add 192.168.4.0/28 ip route add 192.168.4.0/24 sleep 3600 ip route del 192.168.4.0/24 Here, the pool created from the first route is being shadowed by the pool from the second route. However, since the second pool is later removed again we cannot simply combine them. So instead this commit shadows them, to avoid them being double counted.
* Move counting logic from lease.c to radix-trie.cThomas Gschwantner2019-07-183-108/+94
|
* Implement lease expirationThomas Gschwantner2019-07-188-36/+120
|
* radix-trie: inline find_node() into ipp_addpool()Thomas Gschwantner2019-07-161-16/+8
| | | | | The way find_node() was written to suit ipp_addpool() means it's not really generic and rather confusing, so we inline it instead.
* Use epoll() instead of poll()Thomas Gschwantner2019-06-144-123/+143
| | | | | This enables us to later use the timeout parameter of epoll_wait() to timely remove expired leases.
* Remove CLOCK_MONOTONIC commentThomas Gschwantner2019-06-141-4/+0
| | | | | | The CLOCK_MONOTONIC change was reverted: https://git.kernel.org/torvalds/c/a3ed0e43
* Fix use-after-free and memory leak in ipp_free()Thomas Gschwantner2019-06-141-14/+11
|
* Add missing #include in netlink.hThomas Gschwantner2019-06-141-0/+1
|
* Don't overwrite peer changes by othersThomas Gschwantner2019-06-131-46/+28
|
* Implement basic lease managementThomas Gschwantner2019-06-1210-162/+536
|
* radix-trie: implement ipp_addrnd_* and relatedThomas Gschwantner2019-06-022-70/+328
|
* Add BUG() and BUG_ON()Thomas Gschwantner2019-06-022-1/+4
|
* radix-trie: allow both ipv4 and ipv6 debug outputThomas Gschwantner2019-06-022-12/+30
|
* radix-trie: fix fls/fls64Thomas Gschwantner2019-06-021-6/+6
|
* radix-trie: remove bits arg from radix_insert_v4/6Thomas Gschwantner2019-06-022-6/+6
|
* Use hashtable to match ll-ip with pubkeyThomas Gschwantner2019-06-022-31/+661
| | | | | | The link-local IP is always /128, so using a hashtable is more appropriate here. We only use the lower 64 bits as key, since the first 64 bits of link-local addresses are always the same.
* Sleep lessLinus Nordberg2019-05-261-3/+5
| | | | | Only sleep after failed try_connect(), because it might fail quickly. The read should be blocking for 1s (SO_RCVTIMEO).
* Use blocking I/O in clientLinus Nordberg2019-05-261-119/+39
| | | | Avoiding the unnecessary complexity of non-blocking I/O.
* No need to clear bits in pollfd reventsLinus Nordberg2019-05-262-5/+0
| | | | | | | | POSIX says: "In each pollfd structure, poll() shall clear the revents member, except that where the application requested a report on a condition by setting one of the bits of events listed above, poll() shall set the corresponding bit in revents if the requested condition is true."
* Fix backwards logic in debug loggingLinus Nordberg2019-05-261-2/+2
|
* Implement client sending ip-request and configuring interfaceLinus Nordberg2019-05-263-24/+521
|