summaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
* version: bump snapshot0.0.20170613Jason A. Donenfeld2017-06-132-2/+2
|
* tools: use proper __linux__ ifdefJason A. Donenfeld2017-06-121-1/+1
|
* random: wait for random bytes when generating nonces and ephemeralsJason A. Donenfeld2017-06-124-7/+12
| | | | | | | | | | | We can let userspace configure wireguard interfaces before the RNG is fully initialized, since what we mostly care about is having good randomness for ephemerals and xchacha nonces. By deferring the wait to actually asking for the randomness, we give a lot more opportunity for gathering entropy. This won't cover entropy for hash table secrets or cookie secrets (which rotate anyway), but those have far less catastrophic failure modes, so ensuring good randomness for elliptic curve points and nonces should be sufficient.
* version: bump snapshot0.0.20170612Jason A. Donenfeld2017-06-122-2/+2
|
* wg-quick: match ipv6 default route more broadlyJason A. Donenfeld2017-06-121-1/+1
|
* wg-quick: make sure we have empty table for both v6 and v4Jason A. Donenfeld2017-06-111-1/+3
| | | | | | | Otherwise, we wind up not doing the right thing in the v6-only case, or doing something totally borked when v4 and v6 are filled unevenly. Reported-by: Roelf Wichertjes <contact@roelf.org>
* external-tests: trim the fatJason A. Donenfeld2017-06-095-205/+0
|
* config: ensure the RNG is initialized before settingJason A. Donenfeld2017-06-082-0/+48
| | | | | | | | It's possible that get_random_bytes() will return bad randomness if it hasn't been seeded. This patch makes configuration block until the RNG is properly initialized. Reference: http://www.openwall.com/lists/kernel-hardening/2017/06/02/2
* noise: fix race when replacing handshakeJason A. Donenfeld2017-06-083-11/+24
| | | | | | | | Replacing an entry that's already been replaced is something that could happen when processing handshake messages in parallel, when starting up multiple instances on the same machine. Reported-by: Hubert Goisern <zweizweizwoelf@gmail.com>
* go test: use x/crypto for blake2s now that we have 128-bit macJason A. Donenfeld2017-06-081-3/+3
|
* peer: explicitly initialize atomicJason A. Donenfeld2017-06-051-0/+3
|
* go test: correct tai64n and formattingJason A. Donenfeld2017-06-011-26/+26
|
* external-tests: add keepalive packetJason A. Donenfeld2017-06-012-0/+23
|
* compat: remove padata hotplug codeJason A. Donenfeld2017-06-011-149/+0
| | | | | | It's different on different kernel versions, and we're not using it anyway, so it's easiest to just get rid of it, rather than having another ifdef maze.
* curve25519: use more standard label convention in asmJason A. Donenfeld2017-06-012-24/+24
|
* device: do-while assignment styleJason A. Donenfeld2017-06-011-1/+1
|
* receive: trim incoming packets to IP header lengthJason A. Donenfeld2017-06-013-2/+17
|
* go test: properly pad messageJason A. Donenfeld2017-06-011-2/+2
|
* timers: queue up killing ephemerals only if not alreadyJason A. Donenfeld2017-05-311-1/+1
|
* config: add new line for styleJason A. Donenfeld2017-05-311-0/+1
|
* version: bump snapshot0.0.20170531Jason A. Donenfeld2017-05-312-2/+2
|
* timers: reset retry-attempt counter when not retryingJason A. Donenfeld2017-05-314-7/+10
|
* timers: the completion of a handshake also is on key confirmationJason A. Donenfeld2017-05-312-2/+3
|
* timers: rework handshake reply control flowJason A. Donenfeld2017-05-311-9/+8
|
* debug: print interface name in dmesgJason A. Donenfeld2017-05-3111-50/+52
|
* compat: remove warning for < 4.1Jason A. Donenfeld2017-05-311-2/+0
| | | | | | | | | | | | It still is sort of experimental, I suppose, especially this part in the udp_tunnel drop-in: skb_orphan(skb); sk_mem_reclaim(sk); It seems like sometimes this won't do what we want, but it's hard to diagnose exactly what's happening. In any case, nobody paid attention to that warning anyway, so let's just get rid of it.
* config: it's faster to memcpy than strncpyJason A. Donenfeld2017-05-311-2/+1
| | | | IFNAMSIZ is 16, so this is two instructions on 64-bit.
* routingtable: Remove unnecessary check in node_placement()Sultan Alsawaf2017-05-311-2/+1
| | | | | | | node_placement() is always given the address of a stack variable for rnode, so there's no need to check if rnode is null. Signed-off-by: Sultan Alsawaf <sultanxda@gmail.com>
* data: enable BH during parallel crypto on ARM/NEONJason A. Donenfeld2017-05-311-0/+12
| | | | | | padata disables it, but in order to use SIMD on ARM, we can't be in an interrupt. We only do this on ARM since it adds jitter to the performance.
* curve25519: add NEON versions for ARMJason A. Donenfeld2017-05-313-29/+2160
|
* curve25519: align the basepoint to 32 bytesJason A. Donenfeld2017-05-311-2/+2
|
* curve25519: actually, do some things on heap sometimesJason A. Donenfeld2017-05-311-0/+170
| | | | This reverts commit 42dd5bd87e418275203dd6644b6b6b0cc310d4d9.
* tools: allow creating device with no peersJason A. Donenfeld2017-05-311-4/+0
|
* config: do not error out when getting if no peersJason A. Donenfeld2017-05-311-0/+1
|
* device: keep going when share_check failsJason A. Donenfeld2017-05-301-4/+4
| | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
* timers: fix typo in commentJason A. Donenfeld2017-05-301-1/+1
| | | | Suggested-by: Peter Wu <peter@lekensteyn.nl>
* rust test: add icmp pingJason A. Donenfeld2017-05-302-10/+63
|
* rust test: convert screech test to snowJake McGinty2017-05-302-39/+31
|
* style: spaces after for loopsJason A. Donenfeld2017-05-307-15/+15
|
* peer: use iterator macro instead of callbackJason A. Donenfeld2017-05-306-77/+73
|
* noise: precompute static-static ECDH operationJason A. Donenfeld2017-05-304-15/+30
|
* noise: no need to store ephemeral public keyJason A. Donenfeld2017-05-302-7/+6
|
* handshake: process in parallelJason A. Donenfeld2017-05-307-35/+61
|
* compat: ship padata if kernel doesn't have itJason A. Donenfeld2017-05-303-11/+1055
|
* man: update wg-quick(8) to show Debian resolvconf braindamageJason A. Donenfeld2017-05-301-2/+2
| | | | | | | | | | | | | | | | | | | | While OpenResolv supports explicit ordering directives such as `-m` and exclusivity directives such as `-x`, Debian's own resolvconf supports none of this, instead using a hard coded list of interface name templates for determining ordering. While trying to emulate `-x` is difficult [*], we can at least try to mostly emulate `-m 0` by masquerading as a `tun*` interface to resolvconf. Ugly, but it works. [*] One heavy handed way of emulating `-x` would be something like: # echo nameserver 8.8.8.8 > /etc/resolv.conf.wg0-exclusive # mount --bind -o ro /etc/resolv.conf.wg0-exclusive /etc/resolv.conf # rm -f /etc/resolv.conf.wg0-exclusive This in practice works quite well, but is a bit heavy to put in a man page. It also doesn't "stack" well. For example, if we simply run `umount /etc/resolv.conf`, how do we know which resolv.conf entry we're unmounting?
* chacha20poly1305: add NEON versions for ARM and ARM64Jason A. Donenfeld2017-05-306-12/+1048
|
* chacha20poly1305: move constants to rodataJason A. Donenfeld2017-05-215-14/+27
|
* wg-quick: use src routing for default routes in v6Jason A. Donenfeld2017-05-181-3/+11
| | | | | Otherwise, traffic is sent with the IP address of a different interface, and then packets don't actually get delivered.
* man: fix psk mention in wg-quick man pageJason A. Donenfeld2017-05-181-2/+2
|
* version: bump snapshot0.0.20170517Jason A. Donenfeld2017-05-172-2/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.