summaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
...
* tools: propagate set errnoJason A. Donenfeld2016-07-211-0/+1
|
* tools: abstract sockets are dangerousJason A. Donenfeld2016-07-211-28/+1
| | | | | They have no permissions, so we're probably better off just creating a socket file with the umask set, as we do in BSD.
* Kconfig: select IP6_NF_IPTABLES if using IPV6experimental-0.0.20160721Jason A. Donenfeld2016-07-211-0/+1
|
* tools: rename kernel to ipcJason A. Donenfeld2016-07-217-25/+25
|
* tools: support horrible freebsd/osx/unix semanticsJason A. Donenfeld2016-07-211-1/+66
|
* tools: first additions of userspace integrationJason A. Donenfeld2016-07-209-50/+277
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is designed to work with a server that follows this: struct sockaddr_un addr = { .sun_family = AF_UNIX, .sun_path = "/var/run/wireguard/wguserspace0.sock" }; int fd, ret; ssize_t len; socklen_t socklen; struct wgdevice *device; fd = socket(AF_UNIX, SOCK_DGRAM, 0); if (fd < 0) exit(1); if (bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) exit(1); for (;;) { /* First we look at how big the next message is, so we know how much to * allocate. Note on BSD you can instead use ioctl(fd, FIONREAD, &len). */ len = recv(fd, NULL, 0, MSG_PEEK | MSG_TRUNC); if (len < 0) { handle_error(); continue; } /* Next we allocate a buffer for the received data. */ device = NULL; if (len) { device = malloc(len); if (!device) { handle_error(); continue; } } /* Finally we receive the data, storing too the return address. */ socklen = sizeof(addr); len = recvfrom(fd, device, len, 0, (struct sockaddr *)&addr, (socklen_t *)&socklen); if (len < 0) { handle_error(); free(device); continue; } if (!len) { /* If len is zero, it's a "get" request, so we send our device back. */ device = get_current_wireguard_device(&len); sendto(fd, device, len, 0, (struct sockaddr *)&addr, socklen); } else { /* Otherwise, we just received a wgdevice, so we should "set" and send back the return status. */ ret = set_current_wireguard_device(device); sendto(fd, &ret, sizeof(ret), 0, (struct sockaddr *)&addr, socklen); free(device); } }
* build system: revamp building and configurationJason A. Donenfeld2016-07-187-84/+76
|
* tests: improve test suite and add qemu testerJason A. Donenfeld2016-07-186-49/+299
|
* tools: fix numbering in man pageJason A. Donenfeld2016-07-161-2/+2
|
* receive: assume we usually succeed with userspaceexperimental-0.0.20160711Jason A. Donenfeld2016-07-101-1/+1
|
* receive: no need to test for !lenJason A. Donenfeld2016-07-101-1/+1
|
* timers: apply slack to hotpath timersJason A. Donenfeld2016-07-102-2/+8
| | | | | | | | | | | For timers in the hotpath, we don't want them to be rescheduled so aggressively, and since they don't need to be that precise, we can set a decent amount of slack. With the persistent keepalive timer, we have something of a special case. Since the timeout isn't fixed like the others, we don't want to make it more often than the kernel ordinarily would. So, instead, we make it a minimum.
* timers: move timer calls out of hot loopJason A. Donenfeld2016-07-101-3/+6
| | | | | | We sacrifice a little bit of precision here, but this avoids jockeying around the timers for every packet, when we're sending in bundles anyway to minimize cache misses.
* timers: document conditions for callingJason A. Donenfeld2016-07-101-0/+8
|
* persistent keepalive: use unsigned long to avoid multiplication in hotpathJason A. Donenfeld2016-07-103-5/+5
|
* persistent keepalive: use authenticated keepalivesJason A. Donenfeld2016-07-108-16/+18
|
* keepalives: only queue keepalive when queue is emptyJason A. Donenfeld2016-07-081-6/+9
|
* examples: update ncat-client-server readmeJason A. Donenfeld2016-07-081-5/+5
|
* timers: do not consider keepalives to be data sentJason A. Donenfeld2016-07-081-1/+3
|
* timers: rename *authorized* functions to *authenticated*Jason A. Donenfeld2016-07-083-4/+4
|
* persistent keepalive: start sending immediatelyexperimental-0.0.20160708.1Jason A. Donenfeld2016-07-082-1/+6
| | | | | | | | | | | | | | | Rather than only start sending the persistent keepalive packets when the device first sends data, this changes it to send the packets immediately on `ip link set up`. This makes things generally seem more stateless, since the administrator does not have to manually ping the endpoint. Of course, if you have a lot of peers and all of them have persistent keepalive enabled, this could cause a lot of unwanted immediate traffic. On the other hand, if all of those peers are at some point going to be sending packets, this would happen anyway. I suppose the moral of the story is that persistent keepalive is a feature really just for clients behind NAT, not for servers, and it should be used sparingly, which is why we've set it off by default in the first place.
* persistent keepalive: enable in an exampleexperimental-0.0.20160708Jason A. Donenfeld2016-07-081-1/+1
|
* persistent keepalive: documentationJason A. Donenfeld2016-07-081-3/+18
|
* persistent keepalive: add userspace supportJason A. Donenfeld2016-07-084-11/+70
|
* persistent keepalive: add kernel mechanismJason A. Donenfeld2016-07-087-4/+42
|
* go test: don't rely on undefined append behaviorJonathan Rudenberg2016-07-071-5/+3
|
* rust test: actually use tai64nJason A. Donenfeld2016-07-071-1/+1
|
* go test: actually use TAI64NJason A. Donenfeld2016-07-071-1/+1
|
* go test: don't use 1 as icmp idsJason A. Donenfeld2016-07-071-3/+3
|
* go test: dynamically calculate ip checksumJason A. Donenfeld2016-07-071-2/+20
|
* go test: add ICMP pingJonathan Rudenberg2016-07-071-8/+64
|
* external-tests: switch to demo serverJason A. Donenfeld2016-07-073-4/+4
|
* curve25519: unneeded zeros variableJason A. Donenfeld2016-07-071-2/+0
|
* go test: put nonce at correct locationJason A. Donenfeld2016-07-071-1/+1
|
* go test: make more idiomaticJonathan Rudenberg2016-07-071-40/+65
| | | | | | | | | - gofmt - Give config struct one line per field - Use camel case - Check errors - Log invariants with detail - Use consistent pronouns
* tools: use pkg-config in MakefileJason A. Donenfeld2016-07-061-1/+2
|
* device: move unlikely check to if clauseJason A. Donenfeld2016-07-051-2/+2
|
* contrib: organize example scripts and add synergyJason A. Donenfeld2016-07-058-0/+43
|
* receive: protect against impossible conditionsJason A. Donenfeld2016-07-031-0/+4
| | | | | | | | | | It should never be the case that skb->head + skb->transport_header - skb->data is greater than 2^16, but in case the kernel network stack borks this at some point in the future, we don't want this to slyly introduce a vulnerability into WireGuard. Further, really smart compilers might be able to make deductions about data_offset, and optimize accordingly.
* tools: always fallback to /dev/urandomJason A. Donenfeld2016-07-031-10/+8
|
* tools: improve error reporting and detectionJason A. Donenfeld2016-07-034-24/+43
|
* tai64n: don't forget to add 2^62, to be in specJason A. Donenfeld2016-07-021-2/+2
|
* contrib: remove extraneous cruftJason A. Donenfeld2016-07-0110-195/+19
| | | | | | | We don't want people packaging these or even using these scripts, which are only useful for limited development circumstances, so get rid of them. More widespread development testing techniques still exist in src/debug.mk and src/netns.sh
* wg.8: wording tweaksexperimental-0.0.20160630Jason A. Donenfeld2016-07-011-5/+7
| | | | Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* receive: error conditions are unlikelyJason A. Donenfeld2016-07-011-3/+3
|
* Readme: the documentation moved to .ioJason A. Donenfeld2016-06-301-1/+1
|
* Readme: use https instead of httpDaniel Kahn Gillmor2016-06-303-3/+3
| | | | | For the websites referenced that offer https instead of http, use https.
* Makefile: Add more verbose dependency errorsJason A. Donenfeld2016-06-301-0/+32
|
* device init: free wq after padataJason A. Donenfeld2016-06-301-3/+3
| | | | | The padata free functions make reference to their parent workqueue, so it's important that we wait to free the workqueue after the padata.
* chacha20poly1305: use more standard way of testing FPU featuresJason A. Donenfeld2016-06-291-7/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.