aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
* compat: backport ipvs_resetjd/partial-preempt-fixJason A. Donenfeld2018-06-131-0/+11
|
* skb_reset: do not free socket memory with preemption disabledJason A. Donenfeld2018-06-134-6/+4
| | | | | | | | | | | | | | | | | | | | | | | It turns out that calling skb_orphan (via skb_scrub_packet(xnet=true)) might result in a call to schedule(), since it will wake up waiting socket writers in userspace. This means that everything explodes, since we're calling this with preemption disabled. Work around this by removing the spinlocks in the consumers -- they're the sole consumers and so don't need the spinlocks anyway -- and then move skb_orphan to the consumption thread, which doesn't have preemption disabled. (When we move to a proper lockless mpmc ring buffer, we won't even have spinlocks anyway.) Since we don't actually need to call skb_orphan except on tx, so that net_cls does the right thing (see net/netfilter/xt_cgroup.c and its check of skb->sk), just explictly orphan the packet in the one place where that's actually necessary, and otherwise don't orphan it. This leaves us without a call to skb_orphan on the rx path, where we don't need it and can't use it anyway because preemption is disabled for netif_receive_skb. This effectively reworks 740319127f14793a13ad385e8150cd98c715c20c.
* tools: support getentropy(3)Jason A. Donenfeld2018-06-081-0/+11
|
* tools: encoding: add missing static array constraintsJason A. Donenfeld2018-06-063-5/+5
|
* wg-quick: android: change name of intentJason A. Donenfeld2018-06-041-1/+1
|
* chacha20: add missing include to headerJason A. Donenfeld2018-06-021-0/+1
|
* wg-quick: android: delay setting users until endJason A. Donenfeld2018-05-311-1/+6
| | | | | | | `ndc users add` eventually invokes SOCK_DESTROY on user sockets, causing them to reconnect. By delaying this until after routes are set, we ensure that the sockets reconnect using the tunnel, rather than the old route.
* version: bump snapshot0.0.20180531Jason A. Donenfeld2018-05-312-2/+2
|
* qemu: bump default versionJason A. Donenfeld2018-05-311-1/+1
|
* tools: constanter time encodingJason A. Donenfeld2018-05-312-22/+28
|
* device: do not assume dst is always validJason A. Donenfeld2018-05-311-1/+1
| | | | | | The new flow offloading feature at the moment does not set the dst. We have a patch pending to fix this upstream, but in the meantime, work around it here.
* poly1305: mips: compute S on flyRené van Dorst2018-05-311-31/+22
| | | | | | This reduces memory access and the total opaque size. Signed-off-by: René van Dorst <opensource@vdorst.com>
* chacha20poly1305: test for authtag failureJason A. Donenfeld2018-05-311-3/+21
|
* chacha20poly1305: test scattergather functions tooJason A. Donenfeld2018-05-311-2/+44
|
* crypto: consistent constificationJason A. Donenfeld2018-05-316-23/+23
|
* wg-quick: darwin: set DNS servers after delay on route changeJason A. Donenfeld2018-05-311-2/+6
| | | | | | This works around a race condition in macOS's network daemons, while also adding one in the form of possibly calling kill -ALRM on a stale PID; unfortunately bash can't wait from a trap.
* chacha20poly1305: combine stack variables into unionJason A. Donenfeld2018-05-312-62/+64
|
* chacha20poly1305: split up into separate filesJason A. Donenfeld2018-05-3110-627/+740
|
* curve25519: x86_64: make symbol staticJason A. Donenfeld2018-05-291-2/+2
|
* curve25519: x86_64: satisfy sparseJason A. Donenfeld2018-05-291-260/+260
|
* wg-quick: freebsd: configure as p2p linkJason A. Donenfeld2018-05-271-3/+5
|
* wg-quick: darwin: add multiple IP addressesJason A. Donenfeld2018-05-271-2/+2
|
* wg-quick: determine IPs when saving interfaceJason A. Donenfeld2018-05-273-12/+14
|
* compat: don't clash with get_random_u32 backportsJason A. Donenfeld2018-05-241-3/+2
| | | | | | Our previous heuristic wasn't good enough, since CopperheadOS backported CANARY_MASK without backporting get_random_u32, as Qualcomm did, so now we just entirely rename all invocations of the function.
* version: bump snapshot0.0.20180524Jason A. Donenfeld2018-05-242-2/+2
|
* wg-quick: freebsd: work around security vulnerabilities in bashJason A. Donenfeld2018-05-241-7/+29
|
* wg-quick: allow enumeration of socket filesJason A. Donenfeld2018-05-232-2/+2
| | | | | These OSes have an unpriv'd ifconfig, so this isn't an even larger info leak.
* wg-quick: better bash completion for non-renaming OSesJason A. Donenfeld2018-05-231-5/+14
|
* wg-quick: support FreeBSD/Darwin search pathJason A. Donenfeld2018-05-234-16/+39
|
* tools: always pass -v as first argument to installJason A. Donenfeld2018-05-231-7/+7
| | | | This lets crippled OSes sed out our -v more easily.
* wg-quick: openbsd: add new implementationJason A. Donenfeld2018-05-221-0/+451
|
* wg-quick: freebsd: add new implementationJason A. Donenfeld2018-05-222-16/+434
|
* wg-quick: darwin: do not remove routes when no real interfaceJason A. Donenfeld2018-05-221-0/+1
|
* wg-quick: darwin: rename namefile environment variableJason A. Donenfeld2018-05-221-1/+1
| | | | This paves the way for an openbsd implementation.
* tools: fix OpenBSD buildFilippo Valsorda2018-05-224-2/+4
| | | | | License: MIT Signed-off-by: Filippo Valsorda <valsorda@google.com>
* compat: work around qcom 4.9 backportsJason A. Donenfeld2018-05-221-0/+3
| | | | | | | Qualcomm backported the get_random_u32 patch, even though kernel.org didn't, which is a problem. They also backported another patch in the same place which defines a new macro variable, so use this as a differentiator.
* qemu: bump default kernel for gcc 8.1Jason A. Donenfeld2018-05-221-1/+1
|
* allowedips: set pointer to null before freeingJason A. Donenfeld2018-05-221-2/+3
|
* ncat-client-server: do not always call sudo and use env bashJason A. Donenfeld2018-05-221-2/+3
|
* version: bump snapshot0.0.20180519Jason A. Donenfeld2018-05-192-2/+2
|
* timers: no need to clear keepalive in persistent keepaliveJason A. Donenfeld2018-05-191-4/+1
| | | | | | | | We do this after sending the keepalive anyway. This is something of a regression, though, since before we'd cancel and then send, but now we send and then cancel, so it introduces a potential race, but hopefully that isn't too big of a deal.
* timers: clear send_keepalive timer on sending handshake responseJason A. Donenfeld2018-05-193-6/+12
| | | | | | We reorganize this into also doing so on sending keepalives itself, which means the state machine is much more consistent, even if this was already implied.
* timers: fix up commentJason A. Donenfeld2018-05-191-2/+2
|
* timers: remove slack_timeJason A. Donenfeld2018-05-191-8/+2
| | | | | It's already done implicitly by recent kernels and it's not adding much here.
* timers: reinitialize state on initJason A. Donenfeld2018-05-181-0/+3
|
* tools: fix errno propagation and messagesJason A. Donenfeld2018-05-185-9/+8
|
* timers: round up instead of down in slack_timeJason A. Donenfeld2018-05-181-2/+2
| | | | | | | | | On systems with a 100hz tick, this causes handshakes to be retried in slightly less than 5 seconds, which means they aren't sent at all. This has the effect of the handshakes entirely stopping their retry cycle until the next data packet is sent. Reported-by: Andrew He <andrewhe@mit.edu>
* chacha20poly1305: add mips32 implementationRené van Dorst2018-05-184-5/+913
| | | | Signed-off-by: René van Dorst <opensource@vdorst.com>
* device: remove allowedips before individual peersJason A. Donenfeld2018-05-181-1/+1
| | | | This avoids an O(n^2) traversal in favor of an O(n) one.
* wg-quick: darwin: simpler inclusion checkJason A. Donenfeld2018-05-171-1/+1
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.