| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
In order to send to ff00::/8 addresses, even over unicast, the interface
needs the multicast flag enabled.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the crash from:
bash -c 'while true; do ifconfig wg0 create; ifconfig wg0 destroy; done&
while true; do wg show wg0 > /dev/null 2>&1; done& wait'
Since we're setting ifp to NULL here, we also have to account for
multicast v6 packets being transmitted during destroy, which can be
triggered by:
ifconfig wg0 create
ifconfig wg0 inet6 fe80::1234/120
ifconfig wg0 up
route add -inet6 ff02::1:0/120 -iface wg0
ifconfig wg0 destroy
These are unfixed upstream bug that we're working around.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
This is better than a custom sysctl.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
By taking shortcuts we were circumventing important hooks.
Reported-by: Frank Behrens <frank@harz.behrens.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
It's word-sized, anyway, and taking the lock means crashes when moving
around vnets.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
We already handle vnet stuff on wg_reassign, and handling it here means
that everytime we toggle any jail that shares the vnet, we render the
link useless.
Reported-by: Matt Smith <matt.r.smith@bt.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
| |
Reported-by: Raúl Munoz <raul.munoz@custos.es>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
We'll try to work around this in wg-quick(8) and see what happens.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
All of this allocation_order and copying garbage needs to go away by
making the crypto take scatter gather lists.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The outgoing, encrypted packets can use a specified FIB and therefore
utilize specific (default) routes. The implementation follows the
existing convention for other tunnel interfaces and reuses some code
from gre(4) implementation.
The FIB for wg(4) interface is set by standard ifconfig(8) with
parameter "tunnelfib", e.g. "ifconfig wg0 tunnelfib 1".
Signed-off-by: Frank Behrens <frank@harz.behrens.de>
[Jason: rewritten to avoid sosockopt and simplify]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported by: https://marc.info/?l=openbsd-bugs&m=161618496905444&w=2
In particular, when consuming an initiation, we don't generate the
index until creating the response (which is incorrect). If we attempt
to create an initiation between these processes, we drop any
outstanding handshake which in this case has index 0 as set when
consuming the initiation.
The fix attached is to generate the index when consuming the initiation
so that any spurious initiation creation can drop a valid index. The
patch also consolidates setting fields on the handshake.
Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
| |
Reported-by: Kyle Evans <kevans@freebsd.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
Turns out that taskqgroup_drain_all is new in 14.
Reported-by: Evilham <contact@evilham.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
| |
It's technically point to multipoint. Also, clear the multicast and
broadcast flags. This _could_ cause problems, but hopefully not.
This should fix issues with receiving incoming connections.
Reported-by: Ashish <ashish.is@lostca.se>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
Nothing else uses ip_input directly.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
These should have been fixed during our initial pass but somehow
weren't. Good thing we have more time to work on this.
Note that all the exporting and marshalling intermediate structs are
going to have to be thrown out at some point, as this whole dance here
still allocates tons of kernel memory needlessly.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This should allow us to get more testing coverage earlier.
This port here is also a bit janky. I really don't like the taskqgroup
business, having to copy and paste those structs. And this isn't well
tested, either. But, it's a start.
This distinguishes between compat.h and support.h, though both header
files are intended to operate in more or less the same way. It's
important to keep some discipline between things that we're backporting
and things that aren't _yet_ upstream or are shims for OpenBSD.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
Rather than relying on the iflib one, which not everyone has available,
define our own.
Reported-by: Frank Behrens <frank@harz.behrens.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
This involves weird backporting things. Hopefully support.c here is not
as bad as compat.h on Linux.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
There's still more to do with wiring this up properly.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
Jason A. Donenfeld
Frank Behrens
Matt Dunwoodie