aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
* version: bump snapshot0.0.20170320Jason A. Donenfeld2017-03-202-2/+2
|
* data: big refactoringJason A. Donenfeld2017-03-208-159/+158
|
* curve25519: add AVX implementationJason A. Donenfeld2017-03-195-24/+3699
|
* blake2s: add AVX implementationJason A. Donenfeld2017-03-199-8/+613
|
* config: satisfy sparseJason A. Donenfeld2017-03-191-1/+1
|
* tools: wg-quick: support old ip(8)Pim van Pelt2017-03-191-4/+8
| | | | | Old versions of ip(8) do not accept arguments to `ip rule show.` This patch works around that limitation.
* cookie: no need to hash rngJason A. Donenfeld2017-03-191-1/+0
| | | | | | | Since 4.8 or so, the RNG uses chacha, so we feel less scared about exposing its output directly. (Older kernels will simply suffer the paranoia.)
* hashtables: get_random_int is now more secure, so expose directlyJason A. Donenfeld2017-03-193-4/+20
| | | | | | | | On 4.11, get_random_u32 now either uses chacha or rdrand, rather than the horrible former MD5 construction, so we feel more comfortable exposing RNG output directly. On older kernels, we fall back to something a bit disgusting.
* timers: elide enable checkJason A. Donenfeld2017-03-141-3/+3
|
* create-patch: add context below to work with busybox patchJason A. Donenfeld2017-02-271-2/+4
| | | | | | | | It turns out that GNU patch is happy to only have one line of context above the inserted area and zero lines below, because of its fuzzy match feature. However, busybox patch is crippled and terrible, and thus must have context above and below the insertion point. So, we grudgingly add it to our manually crafted minimal patch.
* compat: use maybe_unused macro over gcc-specificJason A. Donenfeld2017-02-271-1/+1
|
* data: transition to skb_reset_tc for 4.11Jason A. Donenfeld2017-02-272-3/+11
|
* device: move sysctl toggling to open timeJason A. Donenfeld2017-02-271-30/+12
|
* receive: last_rx use is discouraged and removed in recent kernelsJason A. Donenfeld2017-02-271-1/+0
|
* device: 4.11 uses cnf for addr_gen_modeJason A. Donenfeld2017-02-271-0/+4
|
* version: bump snapshot0.0.20170223Jason A. Donenfeld2017-02-232-2/+2
|
* contrib: add wg-json utilityJason A. Donenfeld2017-02-232-0/+59
|
* tools: fix bash completion spacesJason A. Donenfeld2017-02-232-5/+13
|
* tools: add wg show [interface] dumpJason A. Donenfeld2017-02-233-5/+51
|
* tools: give "off" value for fwmarkJason A. Donenfeld2017-02-234-5/+19
|
* wg-quick: allow config files without trailing newlineJason A. Donenfeld2017-02-231-1/+1
|
* socket: do not try to create v6 socket when disabledJason A. Donenfeld2017-02-232-0/+10
|
* device: disable ICMP redirectsJason A. Donenfeld2017-02-211-1/+30
| | | | | | | | | | | | The xfrm layer does this by checking for secpath, but we don't use secpath, so instead we have to jigger the config value ourselves. This is nearly always desired, since this is often how a wheel-spoke VPN works. There's very little use case for redirects with wireguard. This should be reverted if we ever move the test directly into ip_forward in net/ipv4/ip_forward.c near the call to ip_rt_send_redirect.
* extract-keys: respect compat directivesJason A. Donenfeld2017-02-201-0/+4
|
* version: bump snapshot0.0.20170214Jason A. Donenfeld2017-02-142-2/+2
|
* Revert "main: add `wg` type alias"Jason A. Donenfeld2017-02-141-2/+1
| | | | This reverts commit b4f93ace76b1065ab08fd5596f31a0971b848eea.
* Makefile: add module-install targetJason A. Donenfeld2017-02-141-1/+5
|
* wg-quick: unquote fwmark for bash 4.3Jason A. Donenfeld2017-02-141-1/+1
|
* version: bump snapshot0.0.20170213Jason A. Donenfeld2017-02-132-2/+2
|
* create-patch: be sure it's actually after NETFILTERJason A. Donenfeld2017-02-131-1/+1
|
* Kconfig: can be a moduleJason A. Donenfeld2017-02-131-2/+2
|
* tools: wg-quick: set LC_ALL for consistent regexJason A. Donenfeld2017-02-131-0/+1
|
* socket: enable setting of fwmarkJason A. Donenfeld2017-02-1311-25/+80
|
* main: add `wg` type aliasJason A. Donenfeld2017-02-131-1/+2
|
* device: shorter workqueue names to fit in psJason A. Donenfeld2017-02-131-2/+2
|
* socket: general ephemeral ports instead of name-based portsJason A. Donenfeld2017-02-132-56/+19
|
* tools: wg-quick: support v6 dual stackJason A. Donenfeld2017-02-131-7/+18
|
* compat: backport siphash & dst_cache from mainlineJason A. Donenfeld2017-02-1315-327/+991
|
* socket: synchronize net on socket tear downJason A. Donenfeld2017-02-071-0/+1
|
* tools: remove key for any empty fileJason A. Donenfeld2017-02-072-25/+18
| | | | | Rather than just using /dev/null to mean key removal, match on any empty file, so that this interface is cross platform.
* tools: setconf should remove existing pskJason A. Donenfeld2017-02-071-0/+3
|
* timers: use simpler uninit sync techniqueJason A. Donenfeld2017-02-074-38/+25
|
* timers: use setup_timer macro helperJason A. Donenfeld2017-01-231-20/+5
|
* tools: wg-quick: recommend using resolvconf in exclusive modeJason A. Donenfeld2017-01-191-1/+1
|
* tools: man: recommend correct portJason A. Donenfeld2017-01-152-2/+2
|
* curve25519: do everything on the stackJason A. Donenfeld2017-01-151-171/+0
| | | | | | With MIPS now supporting a separate IRQ stack, and with these changes being backported into OpenWRT (and likely the stable mainline releases), we no longer need to kmalloc more space for temporary variables.
* version: bump snapshot0.0.20170115Jason A. Donenfeld2017-01-152-2/+2
|
* tools: wg-quick: parse IPv6 endpoints correctlyJason A. Donenfeld2017-01-151-1/+1
|
* ratelimiter: 800ms too fast, decrease to 2s sustained rateJason A. Donenfeld2017-01-151-2/+2
|
* Use __read_mostly attribute when possibleJason A. Donenfeld2017-01-134-9/+9
|