aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
...
* Makefile: add non-verbose mode to toolsJason A. Donenfeld2017-10-032-2/+23
|
* global: add space around variable declarationsJason A. Donenfeld2017-10-0313-1/+59
|
* global: use _WG prefix for include guardsJason A. Donenfeld2017-10-0320-60/+60
| | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
* global: satisfy bitshift pedantryJason A. Donenfeld2017-10-038-24/+24
| | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
* receive: simplify message type validationJason A. Donenfeld2017-10-032-42/+33
|
* curve25519-neon-arm: force ARM encoding, since this is unrepresentable in ThumbJason A. Donenfeld2017-10-021-0/+1
|
* kernel-tree: remember UAPI in patch creationJason A. Donenfeld2017-10-021-1/+1
|
* contrib: remove worthless build artifactJason A. Donenfeld2017-10-021-0/+0
|
* tools: compile on non-LinuxJason A. Donenfeld2017-10-021-16/+22
|
* tools: simmer down silly compilersJason A. Donenfeld2017-10-021-1/+1
|
* version: bump snapshot0.0.20171001Jason A. Donenfeld2017-10-022-2/+2
|
* tools: do not warn on unrecognized itemsJason A. Donenfeld2017-10-022-26/+0
| | | | Upstream advice is to simply be silent.
* ratelimiter: wait for destruction, not for read_unlockJason A. Donenfeld2017-10-021-1/+1
|
* qemu: add watchdog for not hanging on oopsJason A. Donenfeld2017-10-023-1/+24
|
* messages: reduce maximum staged packets per peerJason A. Donenfeld2017-10-021-1/+1
|
* noise: use spinlock for rotating keysJason A. Donenfeld2017-10-023-21/+29
| | | | | This should only really be contended in extremely exceptional cases, so changing from a mutex to a spinlock is likely fine.
* wg-quick: check permissions of parent directoryJason A. Donenfeld2017-10-021-1/+1
| | | | | Also prefix octal 0, in case these files are actually of modes that don't start with 0 by accident (such as SUID or sticky bit).
* wg-quick: verify wireguard interface in more clever wayJason A. Donenfeld2017-10-021-1/+1
| | | | | This helps with old Debian which has ancient iproute2, as well as paving the path toward this script supporting userspace implementations.
* wg-quick: anchor sysctl regex to start and endJason A. Donenfeld2017-10-021-1/+1
| | | | | | | This doesn't actually fix a real problem, but it is more correct than not having it. Suggested-by: Aaron Sigel <aaron@vtty.com>
* debug: add better insert targetJason A. Donenfeld2017-10-021-4/+4
|
* peer: remove from RCU lists when the kref is zeroJason A. Donenfeld2017-10-021-4/+5
|
* timers: ensure safe timer removalJason A. Donenfeld2017-10-021-12/+17
|
* receive: do not consider netfilter drop a real dropJason A. Donenfeld2017-10-021-5/+3
|
* peer: ensure that lookup tables are added lastJason A. Donenfeld2017-10-021-3/+3
|
* netlink: switch from ioctl to netlink for configurationJason A. Donenfeld2017-10-0228-1008/+1934
|
* tools: uapi: only make sure socket file is socketJason A. Donenfeld2017-09-261-4/+9
|
* receive: mark function staticJason A. Donenfeld2017-09-261-1/+1
|
* queueing: more standard init/uninit namesJason A. Donenfeld2017-09-253-7/+7
|
* tools: use key_is_zero for comparing to zerosJason A. Donenfeld2017-09-247-24/+27
| | | | | | | Maybe an attacker on the system could use the infoleak in /proc to gauge how long a wg(8) process takes to complete and determine the number of leading zeros. This is somewhat ridiculous, but it's possible somebody somewhere might at somepoint care in the future, so alright.
* config: do not reset device portJason A. Donenfeld2017-09-241-0/+2
|
* timers: convert to use netif_runningJason A. Donenfeld2017-09-245-32/+24
|
* netns: disable rp_filter for final testJason A. Donenfeld2017-09-241-0/+4
|
* contrib: add sticky sockets example codeJason A. Donenfeld2017-09-243-0/+342
|
* queueing: rename cpumask functionJason A. Donenfeld2017-09-193-3/+3
|
* queueing: clean up worthless helperJason A. Donenfeld2017-09-191-12/+1
|
* peer: rearrange structsJason A. Donenfeld2017-09-191-4/+4
|
* device: properly arrange structsJason A. Donenfeld2017-09-191-6/+5
|
* send: don't take uninitialized lockJason A. Donenfeld2017-09-191-3/+3
| | | | | | Packets is a local, which means we need to use the functions that don't take a spinlock, since otherwise we'll be using a spinlock in an undefined state.
* queueing: no need to memzero structJason A. Donenfeld2017-09-193-3/+5
|
* receive: use netif_receive_skb instead of netif_rxJason A. Donenfeld2017-09-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | netif_rx queues things up to a per-cpu backlog, whereas netif_receive_skb immediately delivers the packet to the underlying network device and mostly never fails. In the event where decrypting packets is actually happening faster than the networking subsystem receive them -- like with 65k packets with UDPv6 in `make test-qemu` -- then this backlog fills up and we wind up dropping some packets. This is fine and not all together terrible, but it does raise the question of why we bothered spending CPU cycles decrypting those packets if they were just going to be dropped anyway. So, moving from netif_rx to netif_receive_skb means that whatever time netif_receive_skb needs winds up slowing down the dequeuing of decryption packets, which in turn means the decryption receive queue fills up sooner, so that we drop packets before decryption, rather than after, thus saving precious CPU cycles. Potential downsides of this include not keeping the cache hot, or not inundating the network subsystem with as many packets per second as possible, but in preliminary benchmarks, no difference has yet been observed.
* version: bump snapshot0.0.20170918Jason A. Donenfeld2017-09-182-2/+2
|
* compat: support RHEL 7.4Jason A. Donenfeld2017-09-181-1/+1
|
* queue: entirely rework parallel systemJason A. Donenfeld2017-09-1821-1597/+669
| | | | | | | | | | This removes our dependency on padata and moves to a different mode of multiprocessing that is more efficient. This began as Samuel Holland's GSoC project and was gradually reworked/redesigned/rebased into this present commit, which is a combination of his initial contribution and my subsequent rewriting and redesigning.
* compat: ensure we can build without compat.hJason A. Donenfeld2017-09-163-0/+4
|
* qemu: enable debug info for debug qemuJason A. Donenfeld2017-09-161-0/+2
|
* send: no need to check for NULL since ref is validJason A. Donenfeld2017-09-162-4/+1
|
* timers: styleJason A. Donenfeld2017-09-151-1/+1
|
* routingtable: satisfy sparseJason A. Donenfeld2017-09-151-1/+2
|
* socket: satisfy sparseJason A. Donenfeld2017-09-151-2/+2
|
* device: IFF_NO_QUEUE is a private flag, not a public oneJason A. Donenfeld2017-09-111-1/+1
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.