aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
* git: organize ignore filesJason A. Donenfeld2016-09-295-2/+10
|
* compat: Isolate more functionsJason A. Donenfeld2016-09-292-59/+97
|
* Rework headers and includesJason A. Donenfeld2016-09-2933-180/+190
|
* poly1305: optimize unaligned accessRené van Dorst2016-09-291-0/+30
|
* tools: allow multiple AllowedIPs invocationsJason A. Donenfeld2016-08-301-1/+0
| | | | It turns out this is a somewhat natural thing to do in config files.
* send: properly encapsulate ECNJason A. Donenfeld2016-08-294-16/+38
| | | | We're not leaking the DSCP, but we do deal with ECN.
* netns: remove dangling $@Jason A. Donenfeld2016-08-291-4/+4
|
* examples: add key extractorJason A. Donenfeld2016-08-264-0/+221
|
* examples: add nat-hole-punchingJason A. Donenfeld2016-08-243-0/+354
|
* socket: use isdigitJason A. Donenfeld2016-08-221-1/+2
|
* routingtable: hyphen was uglyJason A. Donenfeld2016-08-224-3/+3
|
* hashtables: use rdrand() instead of counterJason A. Donenfeld2016-08-223-5/+7
|
* tests: test jumbo frames with more transferJason A. Donenfeld2016-08-211-4/+19
|
* qemu: enhancementsJason A. Donenfeld2016-08-173-32/+98
|
* send: needless debugging checkJason A. Donenfeld2016-08-161-2/+1
|
* tests: add crypto-RP filter testJason A. Donenfeld2016-08-123-1/+34
|
* main: load driver late in boot process when debuggingJason A. Donenfeld2016-08-101-0/+6
|
* main: fix typoJason A. Donenfeld2016-08-101-1/+1
|
* qemu: lock distfilesJason A. Donenfeld2016-08-101-19/+34
|
* qemu: allow testing with RCsJason A. Donenfeld2016-08-091-2/+8
|
* ratelimiter: hard-depend on runtime dependenciesJason A. Donenfeld2016-08-091-0/+7
|
* ratelimiter: do not require IPv6experimental-0.0.20160808Jason A. Donenfeld2016-08-081-4/+12
|
* tests: use makefile and expand greatlyJason A. Donenfeld2016-08-089-237/+609
|
* persistent-keepalive: change range to [1,65535]Jason A. Donenfeld2016-08-083-11/+8
|
* Kbuild: move module deps out of tests/Jason A. Donenfeld2016-08-032-18/+16
|
* selftest: move to subfolderJason A. Donenfeld2016-08-0212-414/+422
|
* tools: use correct headers in ipcJason A. Donenfeld2016-08-021-2/+2
|
* tools: do not show private keys in pretty outputJason A. Donenfeld2016-08-023-3/+14
|
* contrib: move patchers to contrib/kernel-treeJason A. Donenfeld2016-08-022-1/+21
|
* Makefile: check tools as part of make checkJason A. Donenfeld2016-08-021-0/+1
|
* uapi: typeof is not necessaryJason A. Donenfeld2016-08-021-4/+4
|
* c: specify static array size in function paramsJason A. Donenfeld2016-08-0217-58/+58
| | | | | | | | | | | | | | | The C standard states: A declaration of a parameter as ``array of type'' shall be adjusted to ``qualified pointer to type'', where the type qualifiers (if any) are those specified within the [ and ] of the array type derivation. If the keyword static also appears within the [ and ] of the array type derivation, then for each call to the function, the value of the corresponding actual argument shall provide access to the first element of an array with at least as many elements as specified by the size expression. By changing void func(int array[4]) to void func(int array[static 4]), we automatically get the compiler checking argument sizes for us, which is quite nice.
* timers: use more clear pow macroJason A. Donenfeld2016-08-021-1/+1
|
* ratelimiter: correct commentJason A. Donenfeld2016-07-231-1/+1
|
* timers: upstream removed the slack conceptJason A. Donenfeld2016-07-232-9/+9
| | | | | No longer do we specify slack ourselves. Instead we need to add it directly in the main scheduling.
* tools: use stream instead of seqpacketexperimental-0.0.20160722Jason A. Donenfeld2016-07-221-18/+31
| | | | To support OS X and Windows, we have to. Ugh.
* tools: Use seqpacket instead of dgramJason A. Donenfeld2016-07-223-35/+22
|
* index hashtable: run random indices through siphashJason A. Donenfeld2016-07-222-1/+7
| | | | | | | | | | | | | | If /dev/urandom is a NOBUS RNG backdoor, like the infamous Dual_EC_DRBG, then sending 4 bytes of raw RNG output over the wire directly might not be such a great idea. This mitigates that vulnerability by, at some point before the indices are generated, creating a random secret. Then, for each session index, we simply run SipHash24 on an incrementing counter. This is probably overkill because /dev/urandom is probably not a backdoored RNG, and itself already uses several rounds of SHA-1 for mixing. If the kernel RNG is backdoored, there may very well be bigger problems at play. Four bytes is also not so many bytes.
* cookie: do not expose csprng directlyJason A. Donenfeld2016-07-221-0/+1
| | | | | It may not be wise to directly publish the output of the CSPRNG, so we run the output through a round of Blake2s first.
* tools: add -MP to makefileJason A. Donenfeld2016-07-221-1/+1
|
* socket: fix compat for 4.1 v6 socketsJason A. Donenfeld2016-07-221-3/+9
| | | | | | | | It turns out 4.1 is even more broken than expected. While both 4.1 and 4.2 need to jigger the sysctl nob temporarily, it turns out that in 4.1 it's looking in the wrong namespace for the nob value. So, we have to account for the different namespace semantics in the different versions. Super ugly. But, all this code goes away once we upstream.
* socket: reset IPv4 socket to NULL after freeJason A. Donenfeld2016-07-211-0/+1
|
* socket: simpler debug messageJason A. Donenfeld2016-07-211-2/+2
|
* tools: add default cflagJason A. Donenfeld2016-07-211-0/+1
|
* tools: propagate set errnoJason A. Donenfeld2016-07-211-0/+1
|
* tools: abstract sockets are dangerousJason A. Donenfeld2016-07-211-28/+1
| | | | | They have no permissions, so we're probably better off just creating a socket file with the umask set, as we do in BSD.
* Kconfig: select IP6_NF_IPTABLES if using IPV6experimental-0.0.20160721Jason A. Donenfeld2016-07-211-0/+1
|
* tools: rename kernel to ipcJason A. Donenfeld2016-07-217-25/+25
|
* tools: support horrible freebsd/osx/unix semanticsJason A. Donenfeld2016-07-211-1/+66
|
* tools: first additions of userspace integrationJason A. Donenfeld2016-07-209-50/+277
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is designed to work with a server that follows this: struct sockaddr_un addr = { .sun_family = AF_UNIX, .sun_path = "/var/run/wireguard/wguserspace0.sock" }; int fd, ret; ssize_t len; socklen_t socklen; struct wgdevice *device; fd = socket(AF_UNIX, SOCK_DGRAM, 0); if (fd < 0) exit(1); if (bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) exit(1); for (;;) { /* First we look at how big the next message is, so we know how much to * allocate. Note on BSD you can instead use ioctl(fd, FIONREAD, &len). */ len = recv(fd, NULL, 0, MSG_PEEK | MSG_TRUNC); if (len < 0) { handle_error(); continue; } /* Next we allocate a buffer for the received data. */ device = NULL; if (len) { device = malloc(len); if (!device) { handle_error(); continue; } } /* Finally we receive the data, storing too the return address. */ socklen = sizeof(addr); len = recvfrom(fd, device, len, 0, (struct sockaddr *)&addr, (socklen_t *)&socklen); if (len < 0) { handle_error(); free(device); continue; } if (!len) { /* If len is zero, it's a "get" request, so we send our device back. */ device = get_current_wireguard_device(&len); sendto(fd, device, len, 0, (struct sockaddr *)&addr, socklen); } else { /* Otherwise, we just received a wgdevice, so we should "set" and send back the return status. */ ret = set_current_wireguard_device(device); sendto(fd, &ret, sizeof(ret), 0, (struct sockaddr *)&addr, socklen); free(device); } }
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.