Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | compat: backport ipvs_resetjd/partial-preempt-fix | Jason A. Donenfeld | 2018-06-13 | 1 | -0/+11 |
| | |||||
* | skb_reset: do not free socket memory with preemption disabled | Jason A. Donenfeld | 2018-06-13 | 4 | -6/+4 |
| | | | | | | | | | | | | | | | | | | | | | | | It turns out that calling skb_orphan (via skb_scrub_packet(xnet=true)) might result in a call to schedule(), since it will wake up waiting socket writers in userspace. This means that everything explodes, since we're calling this with preemption disabled. Work around this by removing the spinlocks in the consumers -- they're the sole consumers and so don't need the spinlocks anyway -- and then move skb_orphan to the consumption thread, which doesn't have preemption disabled. (When we move to a proper lockless mpmc ring buffer, we won't even have spinlocks anyway.) Since we don't actually need to call skb_orphan except on tx, so that net_cls does the right thing (see net/netfilter/xt_cgroup.c and its check of skb->sk), just explictly orphan the packet in the one place where that's actually necessary, and otherwise don't orphan it. This leaves us without a call to skb_orphan on the rx path, where we don't need it and can't use it anyway because preemption is disabled for netif_receive_skb. This effectively reworks 740319127f14793a13ad385e8150cd98c715c20c. | ||||
* | tools: support getentropy(3) | Jason A. Donenfeld | 2018-06-08 | 1 | -0/+11 |
| | |||||
* | tools: encoding: add missing static array constraints | Jason A. Donenfeld | 2018-06-06 | 3 | -5/+5 |
| | |||||
* | wg-quick: android: change name of intent | Jason A. Donenfeld | 2018-06-04 | 1 | -1/+1 |
| | |||||
* | chacha20: add missing include to header | Jason A. Donenfeld | 2018-06-02 | 1 | -0/+1 |
| | |||||
* | wg-quick: android: delay setting users until end | Jason A. Donenfeld | 2018-05-31 | 1 | -1/+6 |
| | | | | | | | `ndc users add` eventually invokes SOCK_DESTROY on user sockets, causing them to reconnect. By delaying this until after routes are set, we ensure that the sockets reconnect using the tunnel, rather than the old route. | ||||
* | version: bump snapshot0.0.20180531 | Jason A. Donenfeld | 2018-05-31 | 2 | -2/+2 |
| | |||||
* | qemu: bump default version | Jason A. Donenfeld | 2018-05-31 | 1 | -1/+1 |
| | |||||
* | tools: constanter time encoding | Jason A. Donenfeld | 2018-05-31 | 2 | -22/+28 |
| | |||||
* | device: do not assume dst is always valid | Jason A. Donenfeld | 2018-05-31 | 1 | -1/+1 |
| | | | | | | The new flow offloading feature at the moment does not set the dst. We have a patch pending to fix this upstream, but in the meantime, work around it here. | ||||
* | poly1305: mips: compute S on fly | René van Dorst | 2018-05-31 | 1 | -31/+22 |
| | | | | | | This reduces memory access and the total opaque size. Signed-off-by: René van Dorst <opensource@vdorst.com> | ||||
* | chacha20poly1305: test for authtag failure | Jason A. Donenfeld | 2018-05-31 | 1 | -3/+21 |
| | |||||
* | chacha20poly1305: test scattergather functions too | Jason A. Donenfeld | 2018-05-31 | 1 | -2/+44 |
| | |||||
* | crypto: consistent constification | Jason A. Donenfeld | 2018-05-31 | 6 | -23/+23 |
| | |||||
* | wg-quick: darwin: set DNS servers after delay on route change | Jason A. Donenfeld | 2018-05-31 | 1 | -2/+6 |
| | | | | | | This works around a race condition in macOS's network daemons, while also adding one in the form of possibly calling kill -ALRM on a stale PID; unfortunately bash can't wait from a trap. | ||||
* | chacha20poly1305: combine stack variables into union | Jason A. Donenfeld | 2018-05-31 | 2 | -62/+64 |
| | |||||
* | chacha20poly1305: split up into separate files | Jason A. Donenfeld | 2018-05-31 | 10 | -627/+740 |
| | |||||
* | curve25519: x86_64: make symbol static | Jason A. Donenfeld | 2018-05-29 | 1 | -2/+2 |
| | |||||
* | curve25519: x86_64: satisfy sparse | Jason A. Donenfeld | 2018-05-29 | 1 | -260/+260 |
| | |||||
* | wg-quick: freebsd: configure as p2p link | Jason A. Donenfeld | 2018-05-27 | 1 | -3/+5 |
| | |||||
* | wg-quick: darwin: add multiple IP addresses | Jason A. Donenfeld | 2018-05-27 | 1 | -2/+2 |
| | |||||
* | wg-quick: determine IPs when saving interface | Jason A. Donenfeld | 2018-05-27 | 3 | -12/+14 |
| | |||||
* | compat: don't clash with get_random_u32 backports | Jason A. Donenfeld | 2018-05-24 | 1 | -3/+2 |
| | | | | | | Our previous heuristic wasn't good enough, since CopperheadOS backported CANARY_MASK without backporting get_random_u32, as Qualcomm did, so now we just entirely rename all invocations of the function. | ||||
* | version: bump snapshot0.0.20180524 | Jason A. Donenfeld | 2018-05-24 | 2 | -2/+2 |
| | |||||
* | wg-quick: freebsd: work around security vulnerabilities in bash | Jason A. Donenfeld | 2018-05-24 | 1 | -7/+29 |
| | |||||
* | wg-quick: allow enumeration of socket files | Jason A. Donenfeld | 2018-05-23 | 2 | -2/+2 |
| | | | | | These OSes have an unpriv'd ifconfig, so this isn't an even larger info leak. | ||||
* | wg-quick: better bash completion for non-renaming OSes | Jason A. Donenfeld | 2018-05-23 | 1 | -5/+14 |
| | |||||
* | wg-quick: support FreeBSD/Darwin search path | Jason A. Donenfeld | 2018-05-23 | 4 | -16/+39 |
| | |||||
* | tools: always pass -v as first argument to install | Jason A. Donenfeld | 2018-05-23 | 1 | -7/+7 |
| | | | | This lets crippled OSes sed out our -v more easily. | ||||
* | wg-quick: openbsd: add new implementation | Jason A. Donenfeld | 2018-05-22 | 1 | -0/+451 |
| | |||||
* | wg-quick: freebsd: add new implementation | Jason A. Donenfeld | 2018-05-22 | 2 | -16/+434 |
| | |||||
* | wg-quick: darwin: do not remove routes when no real interface | Jason A. Donenfeld | 2018-05-22 | 1 | -0/+1 |
| | |||||
* | wg-quick: darwin: rename namefile environment variable | Jason A. Donenfeld | 2018-05-22 | 1 | -1/+1 |
| | | | | This paves the way for an openbsd implementation. | ||||
* | tools: fix OpenBSD build | Filippo Valsorda | 2018-05-22 | 4 | -2/+4 |
| | | | | | License: MIT Signed-off-by: Filippo Valsorda <valsorda@google.com> | ||||
* | compat: work around qcom 4.9 backports | Jason A. Donenfeld | 2018-05-22 | 1 | -0/+3 |
| | | | | | | | Qualcomm backported the get_random_u32 patch, even though kernel.org didn't, which is a problem. They also backported another patch in the same place which defines a new macro variable, so use this as a differentiator. | ||||
* | qemu: bump default kernel for gcc 8.1 | Jason A. Donenfeld | 2018-05-22 | 1 | -1/+1 |
| | |||||
* | allowedips: set pointer to null before freeing | Jason A. Donenfeld | 2018-05-22 | 1 | -2/+3 |
| | |||||
* | ncat-client-server: do not always call sudo and use env bash | Jason A. Donenfeld | 2018-05-22 | 1 | -2/+3 |
| | |||||
* | version: bump snapshot0.0.20180519 | Jason A. Donenfeld | 2018-05-19 | 2 | -2/+2 |
| | |||||
* | timers: no need to clear keepalive in persistent keepalive | Jason A. Donenfeld | 2018-05-19 | 1 | -4/+1 |
| | | | | | | | | We do this after sending the keepalive anyway. This is something of a regression, though, since before we'd cancel and then send, but now we send and then cancel, so it introduces a potential race, but hopefully that isn't too big of a deal. | ||||
* | timers: clear send_keepalive timer on sending handshake response | Jason A. Donenfeld | 2018-05-19 | 3 | -6/+12 |
| | | | | | | We reorganize this into also doing so on sending keepalives itself, which means the state machine is much more consistent, even if this was already implied. | ||||
* | timers: fix up comment | Jason A. Donenfeld | 2018-05-19 | 1 | -2/+2 |
| | |||||
* | timers: remove slack_time | Jason A. Donenfeld | 2018-05-19 | 1 | -8/+2 |
| | | | | | It's already done implicitly by recent kernels and it's not adding much here. | ||||
* | timers: reinitialize state on init | Jason A. Donenfeld | 2018-05-18 | 1 | -0/+3 |
| | |||||
* | tools: fix errno propagation and messages | Jason A. Donenfeld | 2018-05-18 | 5 | -9/+8 |
| | |||||
* | timers: round up instead of down in slack_time | Jason A. Donenfeld | 2018-05-18 | 1 | -2/+2 |
| | | | | | | | | | On systems with a 100hz tick, this causes handshakes to be retried in slightly less than 5 seconds, which means they aren't sent at all. This has the effect of the handshakes entirely stopping their retry cycle until the next data packet is sent. Reported-by: Andrew He <andrewhe@mit.edu> | ||||
* | chacha20poly1305: add mips32 implementation | René van Dorst | 2018-05-18 | 4 | -5/+913 |
| | | | | Signed-off-by: René van Dorst <opensource@vdorst.com> | ||||
* | device: remove allowedips before individual peers | Jason A. Donenfeld | 2018-05-18 | 1 | -1/+1 |
| | | | | This avoids an O(n^2) traversal in favor of an O(n) one. | ||||
* | wg-quick: darwin: simpler inclusion check | Jason A. Donenfeld | 2018-05-17 | 1 | -1/+1 |
| |