Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Makefile: add non-verbose mode to tools | Jason A. Donenfeld | 2017-10-03 | 2 | -2/+23 | |
| | ||||||
* | global: add space around variable declarations | Jason A. Donenfeld | 2017-10-03 | 13 | -1/+59 | |
| | ||||||
* | global: use _WG prefix for include guards | Jason A. Donenfeld | 2017-10-03 | 20 | -60/+60 | |
| | | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> | |||||
* | global: satisfy bitshift pedantry | Jason A. Donenfeld | 2017-10-03 | 8 | -24/+24 | |
| | | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> | |||||
* | receive: simplify message type validation | Jason A. Donenfeld | 2017-10-03 | 2 | -42/+33 | |
| | ||||||
* | curve25519-neon-arm: force ARM encoding, since this is unrepresentable in Thumb | Jason A. Donenfeld | 2017-10-02 | 1 | -0/+1 | |
| | ||||||
* | kernel-tree: remember UAPI in patch creation | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 | |
| | ||||||
* | contrib: remove worthless build artifact | Jason A. Donenfeld | 2017-10-02 | 1 | -0/+0 | |
| | ||||||
* | tools: compile on non-Linux | Jason A. Donenfeld | 2017-10-02 | 1 | -16/+22 | |
| | ||||||
* | tools: simmer down silly compilers | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 | |
| | ||||||
* | version: bump snapshot0.0.20171001 | Jason A. Donenfeld | 2017-10-02 | 2 | -2/+2 | |
| | ||||||
* | tools: do not warn on unrecognized items | Jason A. Donenfeld | 2017-10-02 | 2 | -26/+0 | |
| | | | | Upstream advice is to simply be silent. | |||||
* | ratelimiter: wait for destruction, not for read_unlock | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 | |
| | ||||||
* | qemu: add watchdog for not hanging on oops | Jason A. Donenfeld | 2017-10-02 | 3 | -1/+24 | |
| | ||||||
* | messages: reduce maximum staged packets per peer | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 | |
| | ||||||
* | noise: use spinlock for rotating keys | Jason A. Donenfeld | 2017-10-02 | 3 | -21/+29 | |
| | | | | | This should only really be contended in extremely exceptional cases, so changing from a mutex to a spinlock is likely fine. | |||||
* | wg-quick: check permissions of parent directory | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 | |
| | | | | | Also prefix octal 0, in case these files are actually of modes that don't start with 0 by accident (such as SUID or sticky bit). | |||||
* | wg-quick: verify wireguard interface in more clever way | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 | |
| | | | | | This helps with old Debian which has ancient iproute2, as well as paving the path toward this script supporting userspace implementations. | |||||
* | wg-quick: anchor sysctl regex to start and end | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 | |
| | | | | | | | This doesn't actually fix a real problem, but it is more correct than not having it. Suggested-by: Aaron Sigel <aaron@vtty.com> | |||||
* | debug: add better insert target | Jason A. Donenfeld | 2017-10-02 | 1 | -4/+4 | |
| | ||||||
* | peer: remove from RCU lists when the kref is zero | Jason A. Donenfeld | 2017-10-02 | 1 | -4/+5 | |
| | ||||||
* | timers: ensure safe timer removal | Jason A. Donenfeld | 2017-10-02 | 1 | -12/+17 | |
| | ||||||
* | receive: do not consider netfilter drop a real drop | Jason A. Donenfeld | 2017-10-02 | 1 | -5/+3 | |
| | ||||||
* | peer: ensure that lookup tables are added last | Jason A. Donenfeld | 2017-10-02 | 1 | -3/+3 | |
| | ||||||
* | netlink: switch from ioctl to netlink for configuration | Jason A. Donenfeld | 2017-10-02 | 28 | -1008/+1934 | |
| | ||||||
* | tools: uapi: only make sure socket file is socket | Jason A. Donenfeld | 2017-09-26 | 1 | -4/+9 | |
| | ||||||
* | receive: mark function static | Jason A. Donenfeld | 2017-09-26 | 1 | -1/+1 | |
| | ||||||
* | queueing: more standard init/uninit names | Jason A. Donenfeld | 2017-09-25 | 3 | -7/+7 | |
| | ||||||
* | tools: use key_is_zero for comparing to zeros | Jason A. Donenfeld | 2017-09-24 | 7 | -24/+27 | |
| | | | | | | | Maybe an attacker on the system could use the infoleak in /proc to gauge how long a wg(8) process takes to complete and determine the number of leading zeros. This is somewhat ridiculous, but it's possible somebody somewhere might at somepoint care in the future, so alright. | |||||
* | config: do not reset device port | Jason A. Donenfeld | 2017-09-24 | 1 | -0/+2 | |
| | ||||||
* | timers: convert to use netif_running | Jason A. Donenfeld | 2017-09-24 | 5 | -32/+24 | |
| | ||||||
* | netns: disable rp_filter for final test | Jason A. Donenfeld | 2017-09-24 | 1 | -0/+4 | |
| | ||||||
* | contrib: add sticky sockets example code | Jason A. Donenfeld | 2017-09-24 | 3 | -0/+342 | |
| | ||||||
* | queueing: rename cpumask function | Jason A. Donenfeld | 2017-09-19 | 3 | -3/+3 | |
| | ||||||
* | queueing: clean up worthless helper | Jason A. Donenfeld | 2017-09-19 | 1 | -12/+1 | |
| | ||||||
* | peer: rearrange structs | Jason A. Donenfeld | 2017-09-19 | 1 | -4/+4 | |
| | ||||||
* | device: properly arrange structs | Jason A. Donenfeld | 2017-09-19 | 1 | -6/+5 | |
| | ||||||
* | send: don't take uninitialized lock | Jason A. Donenfeld | 2017-09-19 | 1 | -3/+3 | |
| | | | | | | Packets is a local, which means we need to use the functions that don't take a spinlock, since otherwise we'll be using a spinlock in an undefined state. | |||||
* | queueing: no need to memzero struct | Jason A. Donenfeld | 2017-09-19 | 3 | -3/+5 | |
| | ||||||
* | receive: use netif_receive_skb instead of netif_rx | Jason A. Donenfeld | 2017-09-19 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | netif_rx queues things up to a per-cpu backlog, whereas netif_receive_skb immediately delivers the packet to the underlying network device and mostly never fails. In the event where decrypting packets is actually happening faster than the networking subsystem receive them -- like with 65k packets with UDPv6 in `make test-qemu` -- then this backlog fills up and we wind up dropping some packets. This is fine and not all together terrible, but it does raise the question of why we bothered spending CPU cycles decrypting those packets if they were just going to be dropped anyway. So, moving from netif_rx to netif_receive_skb means that whatever time netif_receive_skb needs winds up slowing down the dequeuing of decryption packets, which in turn means the decryption receive queue fills up sooner, so that we drop packets before decryption, rather than after, thus saving precious CPU cycles. Potential downsides of this include not keeping the cache hot, or not inundating the network subsystem with as many packets per second as possible, but in preliminary benchmarks, no difference has yet been observed. | |||||
* | version: bump snapshot0.0.20170918 | Jason A. Donenfeld | 2017-09-18 | 2 | -2/+2 | |
| | ||||||
* | compat: support RHEL 7.4 | Jason A. Donenfeld | 2017-09-18 | 1 | -1/+1 | |
| | ||||||
* | queue: entirely rework parallel system | Jason A. Donenfeld | 2017-09-18 | 21 | -1597/+669 | |
| | | | | | | | | | | This removes our dependency on padata and moves to a different mode of multiprocessing that is more efficient. This began as Samuel Holland's GSoC project and was gradually reworked/redesigned/rebased into this present commit, which is a combination of his initial contribution and my subsequent rewriting and redesigning. | |||||
* | compat: ensure we can build without compat.h | Jason A. Donenfeld | 2017-09-16 | 3 | -0/+4 | |
| | ||||||
* | qemu: enable debug info for debug qemu | Jason A. Donenfeld | 2017-09-16 | 1 | -0/+2 | |
| | ||||||
* | send: no need to check for NULL since ref is valid | Jason A. Donenfeld | 2017-09-16 | 2 | -4/+1 | |
| | ||||||
* | timers: style | Jason A. Donenfeld | 2017-09-15 | 1 | -1/+1 | |
| | ||||||
* | routingtable: satisfy sparse | Jason A. Donenfeld | 2017-09-15 | 1 | -1/+2 | |
| | ||||||
* | socket: satisfy sparse | Jason A. Donenfeld | 2017-09-15 | 1 | -2/+2 | |
| | ||||||
* | device: IFF_NO_QUEUE is a private flag, not a public one | Jason A. Donenfeld | 2017-09-11 | 1 | -1/+1 | |
| |