Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | peerlookup: fall back to get_random_bytes for Ryzen 3000 bugjd/ryzen-bug | Jason A. Donenfeld | 2019-10-28 | 1 | -1/+5 |
| | | | | | | | In case get_random_u32() fails after 32 tries -- something that should only happen on the Ryzen 3000 which returns -1 everytime if you have the wrong CPU microcode -- we fall back to get_random_bytes(), which is slower, but at least works. | ||||
* | wg-quick: android: check for null in binder cleanup functions | Jason A. Donenfeld | 2019-10-16 | 1 | -3/+6 |
| | |||||
* | version: bump snapshot0.0.20191012 | Jason A. Donenfeld | 2019-10-12 | 2 | -2/+2 |
| | |||||
* | wg-quick: android: use Binder for setting DNS on Android 10 | Nicolas Douma | 2019-10-12 | 1 | -7/+429 |
| | | | | Signed-off-by: Nicolas Douma <nicolas@serveur.io> | ||||
* | noise: recompare stamps after taking write lock | Jason A. Donenfeld | 2019-10-11 | 1 | -2/+6 |
| | |||||
* | netlink: allow preventing creation of new peers when updating | Jason A. Donenfeld | 2019-10-11 | 2 | -9/+12 |
| | | | | | | This enables race-free updates for wg-dynamic and similar tools. Suggested-by: Thomas Gschwantner <tharre3@gmail.com> | ||||
* | netns: add test for failing 5.3 FIB changes | Jason A. Donenfeld | 2019-10-11 | 2 | -1/+24 |
| | | | | Reference: https://lore.kernel.org/netdev/20190924073615.31704-1-Jason@zx2c4.com/ | ||||
* | qemu: bump default version | Jason A. Donenfeld | 2019-10-11 | 1 | -1/+1 |
| | |||||
* | version: bump snapshot0.0.20190913 | Jason A. Donenfeld | 2019-09-13 | 2 | -2/+2 |
| | |||||
* | compat: support rhel/centos 7.7 | Jason A. Donenfeld | 2019-09-13 | 1 | -1/+1 |
| | |||||
* | Kbuild: squelch warnings for stack limit on broken kernel configs | Jason A. Donenfeld | 2019-09-13 | 1 | -0/+1 |
| | | | | 1280 is considered the absolute minimum for 64bit archs. | ||||
* | compat: don't rewrite siphash when it's from compat | Jason A. Donenfeld | 2019-09-13 | 1 | -0/+2 |
| | |||||
* | compat: support newer PaX | Jason A. Donenfeld | 2019-09-11 | 1 | -0/+1 |
| | | | | Reported-by: PaX Team <pageexec@freemail.hu> | ||||
* | version: bump snapshot0.0.20190905 | Jason A. Donenfeld | 2019-09-05 | 2 | -2/+2 |
| | |||||
* | compat: work around ubuntu breakage | Jason A. Donenfeld | 2019-09-05 | 1 | -0/+9 |
| | | | | They forgot to backport hsiphash. | ||||
* | tools: windows: enforce named pipe ownership and use protected prefix | Jason A. Donenfeld | 2019-08-31 | 2 | -22/+40 |
| | |||||
* | Makefile: allow specifying kernel release | Mikk Mar | 2019-08-28 | 1 | -2/+3 |
| | | | | | | | This makes depmod work when building/installing the module for a kernel other than the currently running one. Signed-off-by: Mikk Mar <mikkmar@airmail.cc> | ||||
* | wg-quick: linux: don't fail down when using systemd-resolved | Ronan Pigott | 2019-08-27 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | systemd-resolved has a compatibility interface for use with resolvconf scripts when resolvectl is called from a symlink from resolvconf. However, when tearing down the interface, cmd_down calls del_if and then unset_dns. In the case of systemd-resolved, deleting the interface also removes the systemd-resolved entry and causes resolvconf -d to fail when resolvconf really is a symlink to resolvectl. This causes `wg-quick down` and 'wg-quick@.service' to exit with failure. Instead we use the resolvconf '-f' flag to ignore non-existent interfaces, supported by both openresolv and sd-resolved resolvconf. Signed-off-by: Ronan Pigott <rpigott@berkeley.edu> [zx2c4: moved -f argument to end to remain compatible with Debian's resolvconf] | ||||
* | compat: account for android-4.9 backport of addr_gen_mode | Nathan Chancellor | 2019-08-25 | 2 | -4/+4 |
| | | | | | | | | Android kernels backported d35a00b8e33dab7385f724e713ae71c8be0a49f4, so now we need to do feature detection. Link: https://android-review.googlesource.com/c/kernel/common/+/1103831 Signed-off-by: Nathan Chancellor <natechancellor@gmail.com> | ||||
* | wg-quick: openbsd: fix alternate routing table syntax | Ankur Kothari | 2019-08-07 | 1 | -1/+1 |
| | | | | | | | route(8) has always used the `-T` option to specify the routing table; there is no `rdomain` option. Signed-off-by: Ankur Kothari <ankur@lipidity.com> | ||||
* | Kbuild: account for upstream configuration maze changes | Jason A. Donenfeld | 2019-08-07 | 1 | -0/+2 |
| | |||||
* | netlink: skip peers with invalid keys | Jason A. Donenfeld | 2019-08-05 | 2 | -6/+15 |
| | |||||
* | compat: do not run bc on clean target | Jason A. Donenfeld | 2019-08-03 | 1 | -0/+2 |
| | | | | | Certain targets don't define CONFIG_*, which means this bc command was previously failing. | ||||
* | compat: support running in OpenVZ environments | Jason A. Donenfeld | 2019-07-19 | 1 | -0/+8 |
| | | | | | | | Overriding LLTX like this is pretty ugly, but at least it means we don't have to let OpenVZ infect the real source tree. Requested-by: Benedikt Braunger <b.braunger@syseleven.de> | ||||
* | noise: immediately rekey all peers after changing device private key | Jason A. Donenfeld | 2019-07-11 | 6 | -7/+47 |
| | | | | Reported-by: Derrick Pallas <derrick@pallas.us> | ||||
* | netlink: enforce that unused bits of flags are zero | Jason A. Donenfeld | 2019-07-08 | 2 | -5/+16 |
| | | | | Reported-by: Toke Høiland-Jørgensen <toke@toke.dk> | ||||
* | wg-quick: android: refactor and add incoming allow rules | Jason A. Donenfeld | 2019-07-08 | 1 | -65/+73 |
| | | | | Suggested-by: Yağmur Oymak <yagmur.oymak@gmail.com> | ||||
* | compat: define conversion constants for ancient kernels | Jason A. Donenfeld | 2019-07-04 | 2 | -1/+5 |
| | |||||
* | version: bump snapshot0.0.20190702 | Jason A. Donenfeld | 2019-07-02 | 2 | -2/+2 |
| | |||||
* | receive: queue dead packets to napi queue instead of empty rx_queue | Jason A. Donenfeld | 2019-07-02 | 2 | -5/+3 |
| | |||||
* | peer: use LIST_HEAD macro | Jason A. Donenfeld | 2019-06-28 | 1 | -1/+1 |
| | | | | Suggested-by: Sultan Alsawaf <sultan@kerneltoast.com> | ||||
* | netlink: cast struct over cb->args for type safety | Jason A. Donenfeld | 2019-06-28 | 1 | -29/+34 |
| | | | | | | This eliminates the headache of managing cb->args[??]. Suggested-by: Johannes Berg <johannes@sipsolutions.net> | ||||
* | compat: support RHEL8's skb_mark_not_on_list backport | Jason A. Donenfeld | 2019-06-28 | 1 | -1/+3 |
| | |||||
* | compat: rhel backported list modifications | Jason A. Donenfeld | 2019-06-25 | 1 | -1/+1 |
| | |||||
* | global: switch to coarse ktime | Jason A. Donenfeld | 2019-06-25 | 11 | -36/+43 |
| | | | | | | | | | | | | | Coarse ktime is broken until [1] in 5.2 and kernels without the backport, so we use fallback code there. The fallback code has also been improved significantly. It now only uses slower clocks on kernels < 3.17, at the expense of some accuracy we're not overly concerned about. [1] https://lore.kernel.org/lkml/tip-e3ff9c3678b4d80e22d2557b68726174578eaf52@git.kernel.org/ Suggested-by: Arnd Bergmann <arnd@arndb.de> | ||||
* | compat: unify custom function prefix/suffix | Jason A. Donenfeld | 2019-06-24 | 3 | -48/+48 |
| | |||||
* | compat: some kernels weirdly backport prandom_u32_max | Jason A. Donenfeld | 2019-06-24 | 1 | -2/+3 |
| | |||||
* | wg-quick: darwin: support being called from launchd | Jason A. Donenfeld | 2019-06-24 | 3 | -1/+53 |
| | | | | | | | This causes wg-quick up to wait for the monitor to exit before it exits, so that launchd can correctly wait on it. Reported-by: Cameron Palmer <cameron@promon.no> | ||||
* | qemu: show signal when failing | Jason A. Donenfeld | 2019-06-18 | 1 | -3/+14 |
| | |||||
* | blake2s: spacing | Jason A. Donenfeld | 2019-06-03 | 2 | -123/+123 |
| | |||||
* | curve25519: not all linkers support bmi2 and adx | Jason A. Donenfeld | 2019-06-02 | 3 | -6/+58 |
| | |||||
* | version: bump snapshot0.0.20190601 | Jason A. Donenfeld | 2019-06-01 | 2 | -2/+2 |
| | |||||
* | compat: don't call xgetbv on cpus with no XSAVE | Jason A. Donenfeld | 2019-05-31 | 1 | -1/+1 |
| | |||||
* | blake2s: add ssse3 to nobs | Jason A. Donenfeld | 2019-05-31 | 1 | -1/+2 |
| | |||||
* | blake2s: do not use xgetbv for ssse3 detection | Jason A. Donenfeld | 2019-05-31 | 1 | -3/+1 |
| | |||||
* | tools: pass WG_ENDPOINT_RESOLUTION_RETRIES=infinity to systemd unit | Jason A. Donenfeld | 2019-05-31 | 1 | -0/+1 |
| | |||||
* | version: bump snapshot0.0.20190531 | Jason A. Donenfeld | 2019-05-31 | 2 | -2/+2 |
| | |||||
* | tools: add wincompat layer to wg(8) | Jason A. Donenfeld | 2019-05-31 | 15 | -0/+321 |
| | |||||
* | tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES | Jason A. Donenfeld | 2019-05-29 | 2 | -4/+25 |
| | |||||
* | zinc: update copyright | Jason A. Donenfeld | 2019-05-29 | 2 | -2/+2 |
| |