aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* data: reset all packet fields like tun.cJason A. Donenfeld2016-10-231-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: better debug message for unroutable packetsJason A. Donenfeld2016-10-221-1/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* compat: support PaX constify pluginJason A. Donenfeld2016-10-221-0/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* uapi.h: public_key field is a getterJörg Thalheim2016-10-221-1/+1
| | | | | Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* receive: always send confirmation, even if queue is emptyJason A. Donenfeld2016-10-191-1/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* timers: only have initiator rekeyJason A. Donenfeld2016-10-196-66/+44
| | | | | | | | | | | If it's time to rekey, and the responder sends a message, the initator will begin the rekeying when sending his response message. In the worst case, this response message will actually just be the keepalive. This generally works well, with the one edge case of the message arriving less than 10 seconds before key expiration, in which the keepalive is not sufficient. In this case, we simply rehandshake immediately. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* timers: always delay handshakes for responderJason A. Donenfeld2016-10-195-8/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the prior behavior, when sending a packet, we checked to see if it was about time to start a new handshake, and if we were past a certain time, we started it. For the responder, we made that time a bit further in the future than for the initiator, to prevent the thundering herd problem of them both starting at the same time. However, this was flawed. If both parties stopped communicating after 2.2 minutes, and then one party decided to initiate a TCP connection before the 3 minute mark, the currently open session would be used. However, because it was after the 2.2 minute mark, both peers would try to initiate a handshake upon sending their first packet. The errant flow was as follows: 1. Peer A sends SYN. 2. Peer A sees that his key is getting old and initiates new handshake. 3. Peer B receives SYN and sends ACK. 4. Peer B sees that his key is getting old and initiates new handshake. Since these events happened after the 2.2 minute mark, there's no delay between handshake initiations, and problems begin. The new behavior is changed to: 1. Peer A sends SYN. 2. Peer A sees that his key is getting old and initiates new handshake. 3. Peer B receives SYN and sends ACK. 4. Peer B sees that his key is getting old and schedules a delayed handshake for 12.5 seconds in the future. 5. Peer B receives handshake initiation and cancels scheduled handshake. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* timers: move constants to headerJason A. Donenfeld2016-10-192-12/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* timers: kill half-open handshakes after a whileJason A. Donenfeld2016-10-191-0/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* timers: avoid thundering herd for simultaneous initiationJason A. Donenfeld2016-10-191-1/+1
| | | | | | | | Since it's extremely unlikely for jiffies to be exactly identical everywhere, applying quarter second power of two slack not only improves power efficiency but also ensures that retries have a bit of jitter. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* debug: keep alive -> keepaliveJason A. Donenfeld2016-10-193-3/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* noise: comment/document the key swappingJason A. Donenfeld2016-10-191-1/+19
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* send: ensure that rekey retries are staggeredJason A. Donenfeld2016-10-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Before: t+120: A sends rekey [packet dropped by network congestion] t+125: A sends rekey [packet dropped by network congestion] t+130: A sends rekey t+130: B sends rekey ! race ! After: t+120: A sends rekey [packet dropped by network congestion] t+125: A sends rekey [packet dropped by network congestion] t+130: A sends rekey [packet dropped by network congestion] T+132.5: B sends rekey [packet dropped by network congestion] T+135: A sends rekey [packet dropped by network congestion] T+137.5: B sends rekey ! success, eventually ! Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* device: show debug message when no peer has allowed-ips for packetJason A. Donenfeld2016-10-141-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* send: requeue jobs for later if padata is fullJason A. Donenfeld2016-10-052-2/+14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* compat: akpm merged this to 4.9Jason A. Donenfeld2016-10-041-1/+2
| | | | | http: //marc.info/?l=linux-mm-commits&m=147553169709478&w=2 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* send: only avoid parallel path when there aren't inflight jobsJason A. Donenfeld2016-10-022-1/+14
| | | | | | Otherwise we get packet reordering. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* remote-run: reflect recent makefile changesJason A. Donenfeld2016-09-291-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* git: organize ignore filesJason A. Donenfeld2016-09-291-0/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* compat: Isolate more functionsJason A. Donenfeld2016-09-292-59/+97
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Rework headers and includesJason A. Donenfeld2016-09-2932-179/+187
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* poly1305: optimize unaligned accessRené van Dorst2016-09-291-0/+30
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* send: properly encapsulate ECNJason A. Donenfeld2016-08-294-16/+38
| | | | | | We're not leaking the DSCP, but we do deal with ECN. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netns: remove dangling $@Jason A. Donenfeld2016-08-291-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* socket: use isdigitJason A. Donenfeld2016-08-221-1/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* routingtable: hyphen was uglyJason A. Donenfeld2016-08-224-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hashtables: use rdrand() instead of counterJason A. Donenfeld2016-08-223-5/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tests: test jumbo frames with more transferJason A. Donenfeld2016-08-211-4/+19
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* qemu: enhancementsJason A. Donenfeld2016-08-173-32/+98
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* send: needless debugging checkJason A. Donenfeld2016-08-161-2/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tests: add crypto-RP filter testJason A. Donenfeld2016-08-123-1/+34
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* main: load driver late in boot process when debuggingJason A. Donenfeld2016-08-101-0/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* main: fix typoJason A. Donenfeld2016-08-101-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* qemu: lock distfilesJason A. Donenfeld2016-08-101-19/+34
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* qemu: allow testing with RCsJason A. Donenfeld2016-08-091-2/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ratelimiter: hard-depend on runtime dependenciesJason A. Donenfeld2016-08-091-0/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ratelimiter: do not require IPv6Jason A. Donenfeld2016-08-081-4/+12
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tests: use makefile and expand greatlyJason A. Donenfeld2016-08-088-234/+604
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* persistent-keepalive: change range to [1,65535]Jason A. Donenfeld2016-08-081-7/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Kbuild: move module deps out of tests/Jason A. Donenfeld2016-08-032-18/+16
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* selftest: move to subfolderJason A. Donenfeld2016-08-0211-413/+421
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Makefile: check tools as part of make checkJason A. Donenfeld2016-08-021-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* uapi: typeof is not necessaryJason A. Donenfeld2016-08-021-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* c: specify static array size in function paramsJason A. Donenfeld2016-08-0213-48/+48
| | | | | | | | | | | | | | | | | The C standard states: A declaration of a parameter as ``array of type'' shall be adjusted to ``qualified pointer to type'', where the type qualifiers (if any) are those specified within the [ and ] of the array type derivation. If the keyword static also appears within the [ and ] of the array type derivation, then for each call to the function, the value of the corresponding actual argument shall provide access to the first element of an array with at least as many elements as specified by the size expression. By changing void func(int array[4]) to void func(int array[static 4]), we automatically get the compiler checking argument sizes for us, which is quite nice. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* timers: use more clear pow macroJason A. Donenfeld2016-08-021-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ratelimiter: correct commentJason A. Donenfeld2016-07-231-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* timers: upstream removed the slack conceptJason A. Donenfeld2016-07-232-9/+9
| | | | | | | No longer do we specify slack ourselves. Instead we need to add it directly in the main scheduling. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tools: Use seqpacket instead of dgramJason A. Donenfeld2016-07-221-0/+16
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* index hashtable: run random indices through siphashJason A. Donenfeld2016-07-222-1/+7
| | | | | | | | | | | | | | | | If /dev/urandom is a NOBUS RNG backdoor, like the infamous Dual_EC_DRBG, then sending 4 bytes of raw RNG output over the wire directly might not be such a great idea. This mitigates that vulnerability by, at some point before the indices are generated, creating a random secret. Then, for each session index, we simply run SipHash24 on an incrementing counter. This is probably overkill because /dev/urandom is probably not a backdoored RNG, and itself already uses several rounds of SHA-1 for mixing. If the kernel RNG is backdoored, there may very well be bigger problems at play. Four bytes is also not so many bytes. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cookie: do not expose csprng directlyJason A. Donenfeld2016-07-221-0/+1
| | | | | | | It may not be wise to directly publish the output of the CSPRNG, so we run the output through a round of Blake2s first. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>