Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | compat: grsecurity backports get_random_longexperimental-0.0.20161025 | Jason A. Donenfeld | 2016-10-23 | 1 | -0/+3 |
| | |||||
* | data: reset all packet fields like tun.c | Jason A. Donenfeld | 2016-10-23 | 1 | -2/+2 |
| | |||||
* | device: better debug message for unroutable packets | Jason A. Donenfeld | 2016-10-22 | 1 | -1/+5 |
| | |||||
* | compat: support PaX constify plugin | Jason A. Donenfeld | 2016-10-22 | 1 | -0/+7 |
| | |||||
* | uapi.h: public_key field is a getter | Jörg Thalheim | 2016-10-22 | 1 | -1/+1 |
| | | | | Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk> | ||||
* | receive: always send confirmation, even if queue is empty | Jason A. Donenfeld | 2016-10-19 | 1 | -1/+5 |
| | |||||
* | timers: only have initiator rekey | Jason A. Donenfeld | 2016-10-19 | 6 | -66/+44 |
| | | | | | | | | | If it's time to rekey, and the responder sends a message, the initator will begin the rekeying when sending his response message. In the worst case, this response message will actually just be the keepalive. This generally works well, with the one edge case of the message arriving less than 10 seconds before key expiration, in which the keepalive is not sufficient. In this case, we simply rehandshake immediately. | ||||
* | timers: always delay handshakes for responder | Jason A. Donenfeld | 2016-10-19 | 5 | -8/+50 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the prior behavior, when sending a packet, we checked to see if it was about time to start a new handshake, and if we were past a certain time, we started it. For the responder, we made that time a bit further in the future than for the initiator, to prevent the thundering herd problem of them both starting at the same time. However, this was flawed. If both parties stopped communicating after 2.2 minutes, and then one party decided to initiate a TCP connection before the 3 minute mark, the currently open session would be used. However, because it was after the 2.2 minute mark, both peers would try to initiate a handshake upon sending their first packet. The errant flow was as follows: 1. Peer A sends SYN. 2. Peer A sees that his key is getting old and initiates new handshake. 3. Peer B receives SYN and sends ACK. 4. Peer B sees that his key is getting old and initiates new handshake. Since these events happened after the 2.2 minute mark, there's no delay between handshake initiations, and problems begin. The new behavior is changed to: 1. Peer A sends SYN. 2. Peer A sees that his key is getting old and initiates new handshake. 3. Peer B receives SYN and sends ACK. 4. Peer B sees that his key is getting old and schedules a delayed handshake for 12.5 seconds in the future. 5. Peer B receives handshake initiation and cancels scheduled handshake. | ||||
* | timers: move constants to header | Jason A. Donenfeld | 2016-10-19 | 2 | -12/+9 |
| | |||||
* | timers: kill half-open handshakes after a while | Jason A. Donenfeld | 2016-10-19 | 1 | -0/+4 |
| | |||||
* | timers: avoid thundering herd for simultaneous initiation | Jason A. Donenfeld | 2016-10-19 | 1 | -1/+1 |
| | | | | | | Since it's extremely unlikely for jiffies to be exactly identical everywhere, applying quarter second power of two slack not only improves power efficiency but also ensures that retries have a bit of jitter. | ||||
* | debug: keep alive -> keepalive | Jason A. Donenfeld | 2016-10-19 | 3 | -3/+2 |
| | |||||
* | noise: comment/document the key swapping | Jason A. Donenfeld | 2016-10-19 | 1 | -1/+19 |
| | |||||
* | send: ensure that rekey retries are staggeredexperimental-0.0.20161014 | Jason A. Donenfeld | 2016-10-14 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | Before: t+120: A sends rekey [packet dropped by network congestion] t+125: A sends rekey [packet dropped by network congestion] t+130: A sends rekey t+130: B sends rekey ! race ! After: t+120: A sends rekey [packet dropped by network congestion] t+125: A sends rekey [packet dropped by network congestion] t+130: A sends rekey [packet dropped by network congestion] T+132.5: B sends rekey [packet dropped by network congestion] T+135: A sends rekey [packet dropped by network congestion] T+137.5: B sends rekey ! success, eventually ! | ||||
* | device: show debug message when no peer has allowed-ips for packet | Jason A. Donenfeld | 2016-10-14 | 1 | -0/+1 |
| | |||||
* | send: requeue jobs for later if padata is full | Jason A. Donenfeld | 2016-10-05 | 2 | -2/+14 |
| | |||||
* | compat: akpm merged this to 4.9 | Jason A. Donenfeld | 2016-10-04 | 1 | -1/+2 |
| | | | | http://marc.info/?l=linux-mm-commits&m=147553169709478&w=2 | ||||
* | send: only avoid parallel path when there aren't inflight jobs | Jason A. Donenfeld | 2016-10-02 | 2 | -1/+14 |
| | | | | Otherwise we get packet reordering. | ||||
* | remote-run: reflect recent makefile changesexperimental-0.0.20161001 | Jason A. Donenfeld | 2016-09-29 | 1 | -1/+1 |
| | |||||
* | git: organize ignore files | Jason A. Donenfeld | 2016-09-29 | 5 | -2/+10 |
| | |||||
* | compat: Isolate more functions | Jason A. Donenfeld | 2016-09-29 | 2 | -59/+97 |
| | |||||
* | Rework headers and includes | Jason A. Donenfeld | 2016-09-29 | 33 | -180/+190 |
| | |||||
* | poly1305: optimize unaligned access | René van Dorst | 2016-09-29 | 1 | -0/+30 |
| | |||||
* | tools: allow multiple AllowedIPs invocations | Jason A. Donenfeld | 2016-08-30 | 1 | -1/+0 |
| | | | | It turns out this is a somewhat natural thing to do in config files. | ||||
* | send: properly encapsulate ECN | Jason A. Donenfeld | 2016-08-29 | 4 | -16/+38 |
| | | | | We're not leaking the DSCP, but we do deal with ECN. | ||||
* | netns: remove dangling $@ | Jason A. Donenfeld | 2016-08-29 | 1 | -4/+4 |
| | |||||
* | examples: add key extractor | Jason A. Donenfeld | 2016-08-26 | 4 | -0/+221 |
| | |||||
* | examples: add nat-hole-punching | Jason A. Donenfeld | 2016-08-24 | 3 | -0/+354 |
| | |||||
* | socket: use isdigit | Jason A. Donenfeld | 2016-08-22 | 1 | -1/+2 |
| | |||||
* | routingtable: hyphen was ugly | Jason A. Donenfeld | 2016-08-22 | 4 | -3/+3 |
| | |||||
* | hashtables: use rdrand() instead of counter | Jason A. Donenfeld | 2016-08-22 | 3 | -5/+7 |
| | |||||
* | tests: test jumbo frames with more transfer | Jason A. Donenfeld | 2016-08-21 | 1 | -4/+19 |
| | |||||
* | qemu: enhancements | Jason A. Donenfeld | 2016-08-17 | 3 | -32/+98 |
| | |||||
* | send: needless debugging check | Jason A. Donenfeld | 2016-08-16 | 1 | -2/+1 |
| | |||||
* | tests: add crypto-RP filter test | Jason A. Donenfeld | 2016-08-12 | 3 | -1/+34 |
| | |||||
* | main: load driver late in boot process when debugging | Jason A. Donenfeld | 2016-08-10 | 1 | -0/+6 |
| | |||||
* | main: fix typo | Jason A. Donenfeld | 2016-08-10 | 1 | -1/+1 |
| | |||||
* | qemu: lock distfiles | Jason A. Donenfeld | 2016-08-10 | 1 | -19/+34 |
| | |||||
* | qemu: allow testing with RCs | Jason A. Donenfeld | 2016-08-09 | 1 | -2/+8 |
| | |||||
* | ratelimiter: hard-depend on runtime dependencies | Jason A. Donenfeld | 2016-08-09 | 1 | -0/+7 |
| | |||||
* | ratelimiter: do not require IPv6experimental-0.0.20160808 | Jason A. Donenfeld | 2016-08-08 | 1 | -4/+12 |
| | |||||
* | tests: use makefile and expand greatly | Jason A. Donenfeld | 2016-08-08 | 9 | -237/+609 |
| | |||||
* | persistent-keepalive: change range to [1,65535] | Jason A. Donenfeld | 2016-08-08 | 3 | -11/+8 |
| | |||||
* | Kbuild: move module deps out of tests/ | Jason A. Donenfeld | 2016-08-03 | 2 | -18/+16 |
| | |||||
* | selftest: move to subfolder | Jason A. Donenfeld | 2016-08-02 | 12 | -414/+422 |
| | |||||
* | tools: use correct headers in ipc | Jason A. Donenfeld | 2016-08-02 | 1 | -2/+2 |
| | |||||
* | tools: do not show private keys in pretty output | Jason A. Donenfeld | 2016-08-02 | 3 | -3/+14 |
| | |||||
* | contrib: move patchers to contrib/kernel-tree | Jason A. Donenfeld | 2016-08-02 | 2 | -1/+21 |
| | |||||
* | Makefile: check tools as part of make check | Jason A. Donenfeld | 2016-08-02 | 1 | -0/+1 |
| | |||||
* | uapi: typeof is not necessary | Jason A. Donenfeld | 2016-08-02 | 1 | -4/+4 |
| |