aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/.gitignore (unfollow)
Commit message (Collapse)AuthorFilesLines
2016-11-05qemu: move build outside of kernel dir to avoid kernel's make cleanJason A. Donenfeld1-0/+10
2016-11-05socket: big refactoringJason A. Donenfeld3-193/+170
2016-11-04socket: route() returns an error pointer, not NULL on failureJason A. Donenfeld1-2/+2
Reported-by: Cedric Buxin <cedric.buxin@izri.org>
2016-11-04compat: some grsec have get_random_long; others do notJason A. Donenfeld1-2/+3
2016-11-04data: use a memory cache for parallel ctxJason A. Donenfeld3-61/+91
2016-11-04data: keep FPU on when possibleJason A. Donenfeld3-59/+46
2016-11-04send: queue bundles on same CPUJason A. Donenfeld3-216/+140
2016-11-04data: use smaller typesJason A. Donenfeld2-8/+8
2016-11-04data: take reference to peerJason A. Donenfeld1-1/+8
2016-11-04compat: stub out dst_cache for old kernelsJason A. Donenfeld3-1/+16
2016-11-04socket: use dst_cache instead of handrolled cacheJason A. Donenfeld6-102/+68
2016-11-03chacha20poly1305: src is different from dst on last pieceexperimental-0.0.20161103Jason A. Donenfeld1-1/+1
This took hours of debugging. In some cases, the src and dst are different for the last piece, so the incorrect code here resulted in computing the poly1305 over the wrong data. This lead to packets being unnecessarily dropped.
2016-11-03device: use ARPHDR_VOID instead of ARPHDR_NONEJason A. Donenfeld1-1/+1
These amount to the same exact thing, except that IPv6 auto configuration won't assign it a (useless) random address and add multicast routes.
2016-11-03qemu: newer default kernelJason A. Donenfeld1-1/+1
2016-11-03timers: take reference like a lookup tableJason A. Donenfeld5-46/+42
2016-11-02tools: abstract pkg-config to PKG_CONFIGexperimental-0.0.20161102Jason A. Donenfeld1-2/+3
Distros like Exherbo have multitarget setups with toolnames prefixed by the arch.
2016-11-02tools: everybody hates automatic strippingJason A. Donenfeld1-1/+1
I happen to like it, but package managers don't. The GNU standard [1] says there should be a separate install-strip target. I don't like duplicating code like that. So, instead, I'll just remove stripping all together. [1] https://www.gnu.org/prep/standards/html_node/Standard-Targets.html
2016-11-02kref: elide checksJason A. Donenfeld2-8/+4
2016-11-01data: do not allow usage of keypair just before hash removalJason A. Donenfeld3-4/+13
2016-11-01peer: kref is most likely to succeedJason A. Donenfeld1-2/+2
2016-10-23compat: grsecurity backports get_random_longexperimental-0.0.20161025Jason A. Donenfeld1-0/+3
2016-10-23data: reset all packet fields like tun.cJason A. Donenfeld1-2/+2
2016-10-22device: better debug message for unroutable packetsJason A. Donenfeld1-1/+5
2016-10-22compat: support PaX constify pluginJason A. Donenfeld1-0/+7
2016-10-22uapi.h: public_key field is a getterJörg Thalheim1-1/+1
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2016-10-19receive: always send confirmation, even if queue is emptyJason A. Donenfeld1-1/+5
2016-10-19timers: only have initiator rekeyJason A. Donenfeld6-66/+44
If it's time to rekey, and the responder sends a message, the initator will begin the rekeying when sending his response message. In the worst case, this response message will actually just be the keepalive. This generally works well, with the one edge case of the message arriving less than 10 seconds before key expiration, in which the keepalive is not sufficient. In this case, we simply rehandshake immediately.
2016-10-19timers: always delay handshakes for responderJason A. Donenfeld5-8/+50
With the prior behavior, when sending a packet, we checked to see if it was about time to start a new handshake, and if we were past a certain time, we started it. For the responder, we made that time a bit further in the future than for the initiator, to prevent the thundering herd problem of them both starting at the same time. However, this was flawed. If both parties stopped communicating after 2.2 minutes, and then one party decided to initiate a TCP connection before the 3 minute mark, the currently open session would be used. However, because it was after the 2.2 minute mark, both peers would try to initiate a handshake upon sending their first packet. The errant flow was as follows: 1. Peer A sends SYN. 2. Peer A sees that his key is getting old and initiates new handshake. 3. Peer B receives SYN and sends ACK. 4. Peer B sees that his key is getting old and initiates new handshake. Since these events happened after the 2.2 minute mark, there's no delay between handshake initiations, and problems begin. The new behavior is changed to: 1. Peer A sends SYN. 2. Peer A sees that his key is getting old and initiates new handshake. 3. Peer B receives SYN and sends ACK. 4. Peer B sees that his key is getting old and schedules a delayed handshake for 12.5 seconds in the future. 5. Peer B receives handshake initiation and cancels scheduled handshake.
2016-10-19timers: move constants to headerJason A. Donenfeld2-12/+9
2016-10-19timers: kill half-open handshakes after a whileJason A. Donenfeld1-0/+4
2016-10-19timers: avoid thundering herd for simultaneous initiationJason A. Donenfeld1-1/+1
Since it's extremely unlikely for jiffies to be exactly identical everywhere, applying quarter second power of two slack not only improves power efficiency but also ensures that retries have a bit of jitter.
2016-10-19debug: keep alive -> keepaliveJason A. Donenfeld3-3/+2
2016-10-19noise: comment/document the key swappingJason A. Donenfeld1-1/+19
2016-10-14send: ensure that rekey retries are staggeredexperimental-0.0.20161014Jason A. Donenfeld1-1/+1
Before: t+120: A sends rekey [packet dropped by network congestion] t+125: A sends rekey [packet dropped by network congestion] t+130: A sends rekey t+130: B sends rekey ! race ! After: t+120: A sends rekey [packet dropped by network congestion] t+125: A sends rekey [packet dropped by network congestion] t+130: A sends rekey [packet dropped by network congestion] T+132.5: B sends rekey [packet dropped by network congestion] T+135: A sends rekey [packet dropped by network congestion] T+137.5: B sends rekey ! success, eventually !
2016-10-14device: show debug message when no peer has allowed-ips for packetJason A. Donenfeld1-0/+1
2016-10-05send: requeue jobs for later if padata is fullJason A. Donenfeld2-2/+14
2016-10-04compat: akpm merged this to 4.9Jason A. Donenfeld1-1/+2
http://marc.info/?l=linux-mm-commits&m=147553169709478&w=2
2016-10-02send: only avoid parallel path when there aren't inflight jobsJason A. Donenfeld2-1/+14
Otherwise we get packet reordering.
2016-09-29remote-run: reflect recent makefile changesexperimental-0.0.20161001Jason A. Donenfeld1-1/+1
2016-09-29git: organize ignore filesJason A. Donenfeld5-2/+10
2016-09-29compat: Isolate more functionsJason A. Donenfeld2-59/+97
2016-09-29Rework headers and includesJason A. Donenfeld33-180/+190
2016-09-29poly1305: optimize unaligned accessRené van Dorst1-0/+30
2016-08-30tools: allow multiple AllowedIPs invocationsJason A. Donenfeld1-1/+0
It turns out this is a somewhat natural thing to do in config files.
2016-08-29send: properly encapsulate ECNJason A. Donenfeld4-16/+38
We're not leaking the DSCP, but we do deal with ECN.
2016-08-29netns: remove dangling $@Jason A. Donenfeld1-4/+4
2016-08-26examples: add key extractorJason A. Donenfeld4-0/+221
2016-08-24examples: add nat-hole-punchingJason A. Donenfeld3-0/+354
2016-08-22socket: use isdigitJason A. Donenfeld1-1/+2
2016-08-22routingtable: hyphen was uglyJason A. Donenfeld4-3/+3
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.