Commit message (Collapse)AuthorAgeFilesLines
* queueing: remove per-peer queuesjd/remove-per-peer-queuesJason A. Donenfeld2018-07-187-38/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, having many peers would result in many napi structs, which could make lookups in the napi_hash in net/core/dev.c slow. So, we move to using a single napi struct per device. The best solution would be to replace napi_hash with an idr or just get rid of it all together and use straight pointers. However, that isn't the case currently, so we work with what is and begrudgingly remove per-peer queues. On the upside, it means we reduce the per-peer memory usage by about 8k/16k, but on the downside it means that napi_gro_receive is called on a unified list, which might result in less GRO speedups on systems with many peers active at once. However, if napi_hash does ever go away, we should consider reverting this commit. Since this means moving to unified packet queues, flushing at peer removal is something of a problem. So we make the slightly dubious modification of just not flushing, and letting our reference counters do the work. This in turn required some small changes to ensure that the reference counter will, at some point in the future, still reach zero, and not be kept alive by non-stop packet ingress. Co-developed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
* device: destroy workqueue before freeing queueJason A. Donenfeld2018-07-181-1/+1
* wg-quick: allow link local default gatewayJason A. Donenfeld2018-07-163-3/+0
| | | | | | | It's unclear why it was like this in the first place, but it apparently broke certain IPv6 setups. Reported-by: Jonas Blahut <j@die-blahuts.de>
* receive: use gro call instead of plain callJason A. Donenfeld2018-07-121-1/+1
* receive: account for zero or negative budgetJason A. Donenfeld2018-07-111-0/+3
| | | | Suggested-by: Thomas Gschwantner <tharre3@gmail.com>
* tools: only error on wg show if all interfaces failJason A. Donenfeld2018-07-081-1/+4
* version: bump snapshot0.0.20180708Jason A. Donenfeld2018-07-082-2/+2
* receive: use NAPI on the receive pathJonathan Neuschäfer2018-07-086-17/+45
| | | | | | Suggested-by: Jason A. Donenfeld <Jason@zx2c4.com> [Jason: fixed up the flushing of the rx_queue in peer_remove] Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
* qemu: decide debug kernel based on KERNEL_VERSIONJason A. Donenfeld2018-07-061-8/+8
| | | | | | | If KERNEL_VERSION ends in -debug, then automatically set DEBUG_KERNEL If DEBUG_KERNEL is set, now the debug kernel will be built in a separate directory from the normal kernel, so that it's easy to toggle back and forth.
* qemu: bump default kernel versionJason A. Donenfeld2018-07-061-1/+1
| | | | | This fixes DEBUG_KERNEL=yes due to dd275caf4a0d9b219fffe49288b6cc33cd564312 being backported to 4.17.4.
* selftest: ratelimiter: improve chance of success via retryJason A. Donenfeld2018-07-061-1/+6
* wg-quick: android: support excluding applicationsJason A. Donenfeld2018-07-051-9/+102
* receive: styleJason A. Donenfeld2018-07-041-1/+1
* device: print daddr not saddr in missing peer errorJason A. Donenfeld2018-07-041-1/+4
* version: bump snapshot0.0.20180625Jason A. Donenfeld2018-06-252-2/+2
* wg-quick: android: prevent outgoing handshake packets from being droppedJason A. Donenfeld2018-06-251-0/+4
* compat: more robust ktime backportJason A. Donenfeld2018-06-241-3/+8
| | | | This is needed for frankenkernels, like android-common.
* global: use fast boottime instead of normal boottimeJason A. Donenfeld2018-06-2312-26/+26
| | | | Generally if we're inaccurate by a few nanoseconds, it doesn't matter.
* global: use ktime boottime instead of jiffiesJason A. Donenfeld2018-06-2315-64/+69
| | | | | | | | Since this is a network protocol, expirations need to be accounted for, even across system suspend. On real systems, this isn't a problem, since we're clearing all keys before suspend. But on Android, where we don't do that, this is something of a problem. So, we switch to using boottime instead of jiffies.
* tools: fix misspelling of strchrnul in commentJonathan Neuschäfer2018-06-221-1/+1
| | | | Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
* manpages: eliminate whitespace at the end of the lineJonathan Neuschäfer2018-06-222-26/+26
| | | | | | This eliminates a few style warnings from "mandoc -T lint src/tools/wg*.8". Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
* global: fix a few typosJonathan Neuschäfer2018-06-222-2/+2
| | | | Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
* simd: add missing headerJason A. Donenfeld2018-06-221-0/+1
| | | | Suggested-by: Shlomi Steinberg <shlomi@shlomisteinberg.com>
* poly1305: give linker the correct constant data section sizeJason A. Donenfeld2018-06-221-1/+1
| | | | | | Otherwise these constants will be merged wrong or excluded, and we'll wind up with wrong calculations. While bfd (the normal kernel linker) doesn't seem to mind, recent versions of gold do bad things.
* main: test poly1305 before chacha20poly1305Jason A. Donenfeld2018-06-221-1/+1
| | | | | | Since chacha20poly1305 relies on the correctness of poly1305, it's useful to have a failing poly1305 test first, to better pinpoint what's happening.
* receive: don't toggle bhJason A. Donenfeld2018-06-221-6/+0
| | | | | | | This had a bad performance impact. We'll probably need to revisit this later, but for now, let's not introduce a regression. Reported-by: Lonnie Abelbeck <lonnie@abelbeck.com>
* version: bump snapshot0.0.20180620Jason A. Donenfeld2018-06-202-2/+2
* poly1305: add missing string.h headerJason A. Donenfeld2018-06-201-0/+1
| | | | Reported-by: Peter Korsgaard <peter@korsgaard.com>
* compat: use stabler lkml linksJason A. Donenfeld2018-06-191-2/+2
| | | | | | This will redirect to whichever archive kernel.org thinks is best. Suggested-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
* ratelimiter: do not allow concurrent init and uninitJason A. Donenfeld2018-06-191-0/+6
* ratelimiter: mitigate reference underflowJason A. Donenfeld2018-06-192-1/+3
* receive: drop handshake packets if rng is not initializedJason A. Donenfeld2018-06-192-2/+55
| | | | Otherwise it's too easy to trigger cookie reply messages.
* noise: wait for crng before taking locksJason A. Donenfeld2018-06-181-0/+10
| | | | | | | Otherwise, get_random_bytes_wait gets called from curve25519_generate_secret, and at the same time, a user might use the wg(8) utility, which then wants to grab a read lock for what we're write locking.
* netlink: maintain static_identity lock over entire private key updateJason A. Donenfeld2018-06-183-6/+5
| | | | | We don't want the local private key to not correspond with a precomputed ss or precomputed cookie hash at any intermediate point.
* noise: take locks for ss precomputationJason A. Donenfeld2018-06-181-3/+9
| | | | | | | Usually this is called from handshake_init, where locking doesn't matter because nothing references it yet, but it's also called when changing the device private key, so it's probably a good thing to not process a handshake with a ss precomputation that's part old and part new.
* qemu: bump default kernelJason A. Donenfeld2018-06-171-1/+1
* wg-quick: android: don't forget to free compiled regexesJason A. Donenfeld2018-06-171-5/+6
* wg-quick: android: disable roaming to v6 networks when v4 is specifiedJason A. Donenfeld2018-06-171-1/+54
| | | | This works around an unfortunate bug in 464XLAT transitions.
* dns-hatchet: apply resolv.conf's selinux context to new resolv.confJason A. Donenfeld2018-06-171-0/+2
* simd: no need to restore fpu state when no preemptionJason A. Donenfeld2018-06-171-0/+2
* simd: encapsulate fpu amortization into nice functionsJason A. Donenfeld2018-06-177-71/+83
* queueing: re-enable preemption periodically to lower latencyJason A. Donenfeld2018-06-162-0/+18
* queueing: remove useless spinlocks on scJason A. Donenfeld2018-06-163-5/+1
| | | | Since these are the only consumers, there's no need for locking.
* tools: getentropy requires 10.12Jason A. Donenfeld2018-06-141-1/+7
* chacha20poly1305: use slow crypto on -rt kernels on arm tooJason A. Donenfeld2018-06-141-1/+1
* version: bump snapshot0.0.20180613Jason A. Donenfeld2018-06-132-2/+2
* chacha20poly1305: use slow crypto on -rt kernelsJason A. Donenfeld2018-06-131-1/+1
| | | | | | | | | | | | | | In rt kernels, spinlocks call schedule(), which means preemption can't be disabled. The FPU disables preemption. Hence, we can either restructure things to move the calls to kernel_fpu_begin/end to be really close to the actual crypto routines, or we can do the slower lazier solution of just not using the FPU at all on -rt kernels. This patch goes with the latter lazy solution. The reason why we don't place the calls to kernel_fpu_begin/end close to the crypto routines in the first place is that they're very expensive, as it usually involves a call to XSAVE. So on sane kernels, we benefit from only having to call it once.
* tools: support getentropy(3)Jason A. Donenfeld2018-06-081-0/+11
* tools: encoding: add missing static array constraintsJason A. Donenfeld2018-06-063-5/+5
* wg-quick: android: change name of intentJason A. Donenfeld2018-06-041-1/+1