Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | tools: propagate set errno | Jason A. Donenfeld | 2016-07-21 | 1 | -0/+1 | |
| | ||||||
* | tools: abstract sockets are dangerous | Jason A. Donenfeld | 2016-07-21 | 1 | -28/+1 | |
| | | | | | They have no permissions, so we're probably better off just creating a socket file with the umask set, as we do in BSD. | |||||
* | Kconfig: select IP6_NF_IPTABLES if using IPV6experimental-0.0.20160721 | Jason A. Donenfeld | 2016-07-21 | 1 | -0/+1 | |
| | ||||||
* | tools: rename kernel to ipc | Jason A. Donenfeld | 2016-07-21 | 7 | -25/+25 | |
| | ||||||
* | tools: support horrible freebsd/osx/unix semantics | Jason A. Donenfeld | 2016-07-21 | 1 | -1/+66 | |
| | ||||||
* | tools: first additions of userspace integration | Jason A. Donenfeld | 2016-07-20 | 9 | -50/+277 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is designed to work with a server that follows this: struct sockaddr_un addr = { .sun_family = AF_UNIX, .sun_path = "/var/run/wireguard/wguserspace0.sock" }; int fd, ret; ssize_t len; socklen_t socklen; struct wgdevice *device; fd = socket(AF_UNIX, SOCK_DGRAM, 0); if (fd < 0) exit(1); if (bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) exit(1); for (;;) { /* First we look at how big the next message is, so we know how much to * allocate. Note on BSD you can instead use ioctl(fd, FIONREAD, &len). */ len = recv(fd, NULL, 0, MSG_PEEK | MSG_TRUNC); if (len < 0) { handle_error(); continue; } /* Next we allocate a buffer for the received data. */ device = NULL; if (len) { device = malloc(len); if (!device) { handle_error(); continue; } } /* Finally we receive the data, storing too the return address. */ socklen = sizeof(addr); len = recvfrom(fd, device, len, 0, (struct sockaddr *)&addr, (socklen_t *)&socklen); if (len < 0) { handle_error(); free(device); continue; } if (!len) { /* If len is zero, it's a "get" request, so we send our device back. */ device = get_current_wireguard_device(&len); sendto(fd, device, len, 0, (struct sockaddr *)&addr, socklen); } else { /* Otherwise, we just received a wgdevice, so we should "set" and send back the return status. */ ret = set_current_wireguard_device(device); sendto(fd, &ret, sizeof(ret), 0, (struct sockaddr *)&addr, socklen); free(device); } } | |||||
* | build system: revamp building and configuration | Jason A. Donenfeld | 2016-07-18 | 7 | -84/+76 | |
| | ||||||
* | tests: improve test suite and add qemu tester | Jason A. Donenfeld | 2016-07-18 | 6 | -49/+299 | |
| | ||||||
* | tools: fix numbering in man page | Jason A. Donenfeld | 2016-07-16 | 1 | -2/+2 | |
| | ||||||
* | receive: assume we usually succeed with userspaceexperimental-0.0.20160711 | Jason A. Donenfeld | 2016-07-10 | 1 | -1/+1 | |
| | ||||||
* | receive: no need to test for !len | Jason A. Donenfeld | 2016-07-10 | 1 | -1/+1 | |
| | ||||||
* | timers: apply slack to hotpath timers | Jason A. Donenfeld | 2016-07-10 | 2 | -2/+8 | |
| | | | | | | | | | | | For timers in the hotpath, we don't want them to be rescheduled so aggressively, and since they don't need to be that precise, we can set a decent amount of slack. With the persistent keepalive timer, we have something of a special case. Since the timeout isn't fixed like the others, we don't want to make it more often than the kernel ordinarily would. So, instead, we make it a minimum. | |||||
* | timers: move timer calls out of hot loop | Jason A. Donenfeld | 2016-07-10 | 1 | -3/+6 | |
| | | | | | | We sacrifice a little bit of precision here, but this avoids jockeying around the timers for every packet, when we're sending in bundles anyway to minimize cache misses. | |||||
* | timers: document conditions for calling | Jason A. Donenfeld | 2016-07-10 | 1 | -0/+8 | |
| | ||||||
* | persistent keepalive: use unsigned long to avoid multiplication in hotpath | Jason A. Donenfeld | 2016-07-10 | 3 | -5/+5 | |
| | ||||||
* | persistent keepalive: use authenticated keepalives | Jason A. Donenfeld | 2016-07-10 | 8 | -16/+18 | |
| | ||||||
* | keepalives: only queue keepalive when queue is empty | Jason A. Donenfeld | 2016-07-08 | 1 | -6/+9 | |
| | ||||||
* | examples: update ncat-client-server readme | Jason A. Donenfeld | 2016-07-08 | 1 | -5/+5 | |
| | ||||||
* | timers: do not consider keepalives to be data sent | Jason A. Donenfeld | 2016-07-08 | 1 | -1/+3 | |
| | ||||||
* | timers: rename *authorized* functions to *authenticated* | Jason A. Donenfeld | 2016-07-08 | 3 | -4/+4 | |
| | ||||||
* | persistent keepalive: start sending immediatelyexperimental-0.0.20160708.1 | Jason A. Donenfeld | 2016-07-08 | 2 | -1/+6 | |
| | | | | | | | | | | | | | | | Rather than only start sending the persistent keepalive packets when the device first sends data, this changes it to send the packets immediately on `ip link set up`. This makes things generally seem more stateless, since the administrator does not have to manually ping the endpoint. Of course, if you have a lot of peers and all of them have persistent keepalive enabled, this could cause a lot of unwanted immediate traffic. On the other hand, if all of those peers are at some point going to be sending packets, this would happen anyway. I suppose the moral of the story is that persistent keepalive is a feature really just for clients behind NAT, not for servers, and it should be used sparingly, which is why we've set it off by default in the first place. | |||||
* | persistent keepalive: enable in an exampleexperimental-0.0.20160708 | Jason A. Donenfeld | 2016-07-08 | 1 | -1/+1 | |
| | ||||||
* | persistent keepalive: documentation | Jason A. Donenfeld | 2016-07-08 | 1 | -3/+18 | |
| | ||||||
* | persistent keepalive: add userspace support | Jason A. Donenfeld | 2016-07-08 | 4 | -11/+70 | |
| | ||||||
* | persistent keepalive: add kernel mechanism | Jason A. Donenfeld | 2016-07-08 | 7 | -4/+42 | |
| | ||||||
* | go test: don't rely on undefined append behavior | Jonathan Rudenberg | 2016-07-07 | 1 | -5/+3 | |
| | ||||||
* | rust test: actually use tai64n | Jason A. Donenfeld | 2016-07-07 | 1 | -1/+1 | |
| | ||||||
* | go test: actually use TAI64N | Jason A. Donenfeld | 2016-07-07 | 1 | -1/+1 | |
| | ||||||
* | go test: don't use 1 as icmp ids | Jason A. Donenfeld | 2016-07-07 | 1 | -3/+3 | |
| | ||||||
* | go test: dynamically calculate ip checksum | Jason A. Donenfeld | 2016-07-07 | 1 | -2/+20 | |
| | ||||||
* | go test: add ICMP ping | Jonathan Rudenberg | 2016-07-07 | 1 | -8/+64 | |
| | ||||||
* | external-tests: switch to demo server | Jason A. Donenfeld | 2016-07-07 | 3 | -4/+4 | |
| | ||||||
* | curve25519: unneeded zeros variable | Jason A. Donenfeld | 2016-07-07 | 1 | -2/+0 | |
| | ||||||
* | go test: put nonce at correct location | Jason A. Donenfeld | 2016-07-07 | 1 | -1/+1 | |
| | ||||||
* | go test: make more idiomatic | Jonathan Rudenberg | 2016-07-07 | 1 | -40/+65 | |
| | | | | | | | | | - gofmt - Give config struct one line per field - Use camel case - Check errors - Log invariants with detail - Use consistent pronouns | |||||
* | tools: use pkg-config in Makefile | Jason A. Donenfeld | 2016-07-06 | 1 | -1/+2 | |
| | ||||||
* | device: move unlikely check to if clause | Jason A. Donenfeld | 2016-07-05 | 1 | -2/+2 | |
| | ||||||
* | contrib: organize example scripts and add synergy | Jason A. Donenfeld | 2016-07-05 | 8 | -0/+43 | |
| | ||||||
* | receive: protect against impossible conditions | Jason A. Donenfeld | 2016-07-03 | 1 | -0/+4 | |
| | | | | | | | | | | It should never be the case that skb->head + skb->transport_header - skb->data is greater than 2^16, but in case the kernel network stack borks this at some point in the future, we don't want this to slyly introduce a vulnerability into WireGuard. Further, really smart compilers might be able to make deductions about data_offset, and optimize accordingly. | |||||
* | tools: always fallback to /dev/urandom | Jason A. Donenfeld | 2016-07-03 | 1 | -10/+8 | |
| | ||||||
* | tools: improve error reporting and detection | Jason A. Donenfeld | 2016-07-03 | 4 | -24/+43 | |
| | ||||||
* | tai64n: don't forget to add 2^62, to be in spec | Jason A. Donenfeld | 2016-07-02 | 1 | -2/+2 | |
| | ||||||
* | contrib: remove extraneous cruft | Jason A. Donenfeld | 2016-07-01 | 10 | -195/+19 | |
| | | | | | | | We don't want people packaging these or even using these scripts, which are only useful for limited development circumstances, so get rid of them. More widespread development testing techniques still exist in src/debug.mk and src/netns.sh | |||||
* | wg.8: wording tweaksexperimental-0.0.20160630 | Jason A. Donenfeld | 2016-07-01 | 1 | -5/+7 | |
| | | | | Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> | |||||
* | receive: error conditions are unlikely | Jason A. Donenfeld | 2016-07-01 | 1 | -3/+3 | |
| | ||||||
* | Readme: the documentation moved to .io | Jason A. Donenfeld | 2016-06-30 | 1 | -1/+1 | |
| | ||||||
* | Readme: use https instead of http | Daniel Kahn Gillmor | 2016-06-30 | 3 | -3/+3 | |
| | | | | | For the websites referenced that offer https instead of http, use https. | |||||
* | Makefile: Add more verbose dependency errors | Jason A. Donenfeld | 2016-06-30 | 1 | -0/+32 | |
| | ||||||
* | device init: free wq after padata | Jason A. Donenfeld | 2016-06-30 | 1 | -3/+3 | |
| | | | | | The padata free functions make reference to their parent workqueue, so it's important that we wait to free the workqueue after the padata. | |||||
* | chacha20poly1305: use more standard way of testing FPU features | Jason A. Donenfeld | 2016-06-29 | 1 | -7/+2 | |
| |