Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | global: fix up spelling | Josh Soref | 2019-12-12 | 5 | -10/+10 |
| | | | | Signed-off-by: Josh Soref <jsoref@gmail.com> | ||||
* | wg-quick: linux: add support for nft and prefer it | Jason A. Donenfeld | 2019-12-12 | 1 | -20/+39 |
| | | | | | | If nft(8) is installed, use it. These rules should be identical to the iptables-restore(8) ones, with the advantage that cleanup is easy because we use custom table names. | ||||
* | compat: support building for RHEL-8.1 instead of RHEL-8.0 | Sergey Ivanov | 2019-12-12 | 1 | -2/+2 |
| | | | | | | | RedHat backported to their kernel 4.18.0-147.el8 a couple features. This patch enables compiling for this kernel. Signed-off-by: Sergey Ivanov <seriv@cs.umd.edu> | ||||
* | socket: convert to ipv6_dst_lookup_flow for 5.5 | Jason A. Donenfeld | 2019-12-12 | 2 | -3/+8 |
| | | | | | Upstream changed the API, so we introduce this super insane compat hack to make everything work again. | ||||
* | version: bump snapshot0.0.20191206 | Jason A. Donenfeld | 2019-12-06 | 2 | -2/+2 |
| | |||||
* | chacha20poly1305: double check the sgmiter logic with test | Jason A. Donenfeld | 2019-12-06 | 1 | -8/+59 |
| | |||||
* | wg-quick: linux: ignore save warnings for iptables-nft | Jason A. Donenfeld | 2019-12-06 | 1 | -1/+1 |
| | |||||
* | wg-quick: linux: suppress more warnings on weird kernels | Jason A. Donenfeld | 2019-12-06 | 1 | -4/+4 |
| | |||||
* | wg-quick: linux: some iptables don't like empty lines | Jason A. Donenfeld | 2019-12-05 | 1 | -6/+6 |
| | | | | Reported-by: Kenneth R. Crudup <kenny@panix.com> | ||||
* | crypto: use new assembler macros for 5.5 | Jason A. Donenfeld | 2019-12-05 | 6 | -14/+19 |
| | |||||
* | chacha20poly1305: port to sgmitter for 5.5 | Jason A. Donenfeld | 2019-12-05 | 6 | -122/+151 |
| | | | | | I'm not totally comfortable with these changes yet, and it'll require some more scrutiny. But it's a start. | ||||
* | netlink: prepare for removal of genl_family_attrbuf in 5.5 | Jason A. Donenfeld | 2019-12-05 | 2 | -8/+20 |
| | |||||
* | version: bump snapshot0.0.20191205 | Jason A. Donenfeld | 2019-12-05 | 2 | -2/+2 |
| | |||||
* | wg-quick: linux: iptables-* -w is not widely supported | Jason A. Donenfeld | 2019-12-05 | 1 | -2/+2 |
| | |||||
* | ipc: make sure userspace communication frees wgdevice | Jason A. Donenfeld | 2019-12-05 | 2 | -11/+16 |
| | |||||
* | send: avoid touching skb->{next,prev} directly | Jason A. Donenfeld | 2019-12-05 | 1 | -2/+2 |
| | | | | | This isn't quite the same, since mark_not_on_list doesn't touch skb->prev, but hopefully it doesn't matter. | ||||
* | device: prepare skb_list_walk_safe for upstreaming | Jason A. Donenfeld | 2019-12-05 | 3 | -9/+13 |
| | |||||
* | send: use kfree_skb_list | Jason A. Donenfeld | 2019-12-05 | 1 | -9/+2 |
| | |||||
* | wg-quick: linux: have remove_iptables return true | Jason A. Donenfeld | 2019-12-05 | 1 | -1/+1 |
| | | | | Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de> | ||||
* | wg-quick: linux: ensure postdown hooks execute | Jason A. Donenfeld | 2019-12-05 | 1 | -2/+2 |
| | | | | Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de> | ||||
* | wg-quick: linux: suppress error when finding unused table | Jason A. Donenfeld | 2019-11-27 | 1 | -1/+1 |
| | |||||
* | version: bump snapshot0.0.20191127 | Jason A. Donenfeld | 2019-11-27 | 2 | -2/+2 |
| | |||||
* | tools: add syncconf command | Jason A. Donenfeld | 2019-11-27 | 3 | -0/+97 |
| | |||||
* | reresolve-dns: remove invalid anchors on regex match | Jason A. Donenfeld | 2019-11-27 | 1 | -1/+1 |
| | | | | Reported-by: Conrad Meyer <cem@freebsd.org> | ||||
* | qemu: bump version | Jason A. Donenfeld | 2019-11-27 | 1 | -1/+1 |
| | |||||
* | qemu: respect PATH when finding CBUILD | Jason A. Donenfeld | 2019-11-27 | 1 | -1/+1 |
| | |||||
* | qemu: work around build bug with powerpc64le | Jason A. Donenfeld | 2019-11-27 | 1 | -0/+1 |
| | |||||
* | wg-quick: linux: filter bogus injected packets and don't disable rpfilter | Jason A. Donenfeld | 2019-11-27 | 1 | -8/+29 |
| | |||||
* | wg-quick: linux: only touch net.ipv4 for v4 | Jason A. Donenfeld | 2019-11-26 | 1 | -3/+5 |
| | |||||
* | allowedips: avoid double lock in selftest error case | Jason A. Donenfeld | 2019-11-26 | 1 | -8/+9 |
| | |||||
* | socket: remove redundant check of new4 | Jason A. Donenfeld | 2019-11-26 | 1 | -1/+1 |
| | |||||
* | allowedips: safely dereference rcu roots | Jason A. Donenfeld | 2019-11-26 | 1 | -6/+10 |
| | |||||
* | messages: recalculate rekey max based on a one minute flood | Jason A. Donenfeld | 2019-10-30 | 1 | -1/+1 |
| | | | | Discussed-with: Mathias Hall-Andersen <mathias@hall-andersen.dk> | ||||
* | wg-quick: android: check for null in binder cleanup functions | Jason A. Donenfeld | 2019-10-16 | 1 | -3/+6 |
| | |||||
* | version: bump snapshot0.0.20191012 | Jason A. Donenfeld | 2019-10-12 | 2 | -2/+2 |
| | |||||
* | wg-quick: android: use Binder for setting DNS on Android 10 | Nicolas Douma | 2019-10-12 | 1 | -7/+429 |
| | | | | Signed-off-by: Nicolas Douma <nicolas@serveur.io> | ||||
* | noise: recompare stamps after taking write lock | Jason A. Donenfeld | 2019-10-11 | 1 | -2/+6 |
| | |||||
* | netlink: allow preventing creation of new peers when updating | Jason A. Donenfeld | 2019-10-11 | 2 | -9/+12 |
| | | | | | | This enables race-free updates for wg-dynamic and similar tools. Suggested-by: Thomas Gschwantner <tharre3@gmail.com> | ||||
* | netns: add test for failing 5.3 FIB changes | Jason A. Donenfeld | 2019-10-11 | 2 | -1/+24 |
| | | | | Reference: https://lore.kernel.org/netdev/20190924073615.31704-1-Jason@zx2c4.com/ | ||||
* | qemu: bump default version | Jason A. Donenfeld | 2019-10-11 | 1 | -1/+1 |
| | |||||
* | version: bump snapshot0.0.20190913 | Jason A. Donenfeld | 2019-09-13 | 2 | -2/+2 |
| | |||||
* | compat: support rhel/centos 7.7 | Jason A. Donenfeld | 2019-09-13 | 1 | -1/+1 |
| | |||||
* | Kbuild: squelch warnings for stack limit on broken kernel configs | Jason A. Donenfeld | 2019-09-13 | 1 | -0/+1 |
| | | | | 1280 is considered the absolute minimum for 64bit archs. | ||||
* | compat: don't rewrite siphash when it's from compat | Jason A. Donenfeld | 2019-09-13 | 1 | -0/+2 |
| | |||||
* | compat: support newer PaX | Jason A. Donenfeld | 2019-09-11 | 1 | -0/+1 |
| | | | | Reported-by: PaX Team <pageexec@freemail.hu> | ||||
* | version: bump snapshot0.0.20190905 | Jason A. Donenfeld | 2019-09-05 | 2 | -2/+2 |
| | |||||
* | compat: work around ubuntu breakage | Jason A. Donenfeld | 2019-09-05 | 1 | -0/+9 |
| | | | | They forgot to backport hsiphash. | ||||
* | tools: windows: enforce named pipe ownership and use protected prefix | Jason A. Donenfeld | 2019-08-31 | 2 | -22/+40 |
| | |||||
* | Makefile: allow specifying kernel release | Mikk Mar | 2019-08-28 | 1 | -2/+3 |
| | | | | | | | This makes depmod work when building/installing the module for a kernel other than the currently running one. Signed-off-by: Mikk Mar <mikkmar@airmail.cc> | ||||
* | wg-quick: linux: don't fail down when using systemd-resolved | Ronan Pigott | 2019-08-27 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | systemd-resolved has a compatibility interface for use with resolvconf scripts when resolvectl is called from a symlink from resolvconf. However, when tearing down the interface, cmd_down calls del_if and then unset_dns. In the case of systemd-resolved, deleting the interface also removes the systemd-resolved entry and causes resolvconf -d to fail when resolvconf really is a symlink to resolvectl. This causes `wg-quick down` and 'wg-quick@.service' to exit with failure. Instead we use the resolvconf '-f' flag to ignore non-existent interfaces, supported by both openresolv and sd-resolved resolvconf. Signed-off-by: Ronan Pigott <rpigott@berkeley.edu> [zx2c4: moved -f argument to end to remain compatible with Debian's resolvconf] |