aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
* [zinc] Add PowerPC accelerated poly1305 from openssl/cryptogramssl/ppcShawn Landden2019-05-137-69/+2127
| | | | | | | | | | | | | | Unfortunately I am not seeing a speed up with this patch, but it does decrease CPU usage. Only (currently) runs on the outbound path, as the in-bound path is in an interrupt, but that can be fixed in Linux. v2: - Do not include the FPU version, as +10% performance on POWER8 (admittedly better on really old CPUs, like old world macs) is not worth it, especially when there is a fast VSX version available. - Honor CONFIG_VSX. Signed-off-by: Shawn Landden <shawn@git.icu>
* [Zinc] Add PowerPC chacha20 implementation from openssl/cryptogramsShawn Landden2019-05-136-3/+1820
| | | | | | | | | | | | | | | | | Only runs on the out-bound path, as the in-bound path is in an interrupt, but that can be fixed in Linux. Otherwise this is tested (with the VSX code enabled) on Power 9 (ppc64le). Without this I get 2GiB/s over the loopback (so 4 GiB/s), and with this I get 2.8 GiB/s (so 5.6 GiB/s), and more time is spent in poly1305 than chacha20. This is on a 4-thread VPS. Signed-off-by: Shawn Landden <shawn@git.icu> v2: more complete simd.h for PPC benchmarks whitespace issues v3: honor CONFIG_ALTIVEC (CONFIG_VSX has already honored)
* socket: set ignore_df=1 on xmitJoe Holden2019-05-122-0/+6
| | | | | | | This allows the kernel to generate ipv6 fragments. Apply the same to ipv4 for consistency. Signed-off-by: Joe Holden <jwh@zorins.us>
* contrib: add windows pipe exampleJason A. Donenfeld2019-05-113-0/+141
|
* wg-quick: make darwin and freebsd path search strict like linuxJason A. Donenfeld2019-04-232-2/+4
|
* wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernelJason A. Donenfeld2019-04-231-9/+22
|
* compat: udp_tunnel: force cast sk_data_readyJason A. Donenfeld2019-04-141-1/+3
| | | | Reference: https://lists.zx2c4.com/pipermail/wireguard/2019-April/004081.html
* version: bump snapshot0.0.20190406Jason A. Donenfeld2019-04-062-2/+2
|
* allowedips: initialize list head when removing intermediate nodesJason A. Donenfeld2019-04-062-1/+5
| | | | | | | | | | Otherwise if this list item is later reused, we'll crash on list poison or worse. Also, add a version of Mimka's reproducer to netns.sh to catch these types of bugs in the future. Reported-by: Mimka <mikma.wg@lists.m7n.se>
* compat: backport skb_mark_not_on_listJason A. Donenfeld2019-03-291-0/+7
|
* blake2s: remove outlen parameter from finalJason A. Donenfeld2019-03-274-12/+11
|
* blake2s: simplifySamuel Neves2019-03-272-40/+12
| | | | Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
* qemu: set framewarn 1280 for 64bit and 1024 for 32bitJason A. Donenfeld2019-03-2514-4/+14
|
* device: use skb accessor functions where possibleJason A. Donenfeld2019-03-251-2/+2
| | | | Suggested-by: David Miller <davem@davemloft.net>
* allowedips: do not use __always_inlineJason A. Donenfeld2019-03-251-9/+9
| | | | | | DaveM doth forbid. Suggested-by: David Miller <davem@davemloft.net>
* peerlookup: rename from hashtablesJason A. Donenfeld2019-03-257-9/+9
|
* tools: avoid unneccessary next_peer assignments in sort_peers()Luis Ressel2019-03-231-2/+1
| | | | Signed-off-by: Luis Ressel <aranea@aixah.de>
* wg-quick: add 'strip' subcommandLuis Ressel2019-03-235-5/+50
| | | | | | | | | `wg-quick strip` prints the config file to stdout after stripping it of all wg-quick-specific options. This enables tricks such as `wg addconf $DEV <(wg-quick strip $DEV)`. Signed-off-by: Luis Ressel <aranea@aixah.de>
* tools: warn if an AllowedIP has a nonzero host partLuis Ressel2019-03-231-0/+34
| | | | Signed-off-by: Luis Ressel <aranea@aixah.de>
* wg-quick: freebsd: export TMPDIR when restoring and don't make emptyJason A. Donenfeld2019-03-181-1/+2
| | | | Otherwise mktemp doesn't see it, and if it's empty we wind up in /.
* global: the _bh variety of rcu helpers have been unifiedJason A. Donenfeld2019-03-177-12/+57
|
* compat: nf_nat_core.h was removed upstreamBruno Wolff III2019-03-141-0/+2
| | | | | | | In d2c5c103b133 ("netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h"). Signed-off-by: Bruno Wolff III <bruno@wolff.to>
* tools: add support for HaikuAlexander von Gluck IV2019-02-281-0/+3
| | | | Signed-off-by: Alexander von Gluck IV <kallisti5@unixzen.com>
* tools: genkey: account for short reads of /dev/urandomJason A. Donenfeld2019-02-282-18/+35
| | | | | | | | | | Apparently Haiku has a misbehaving /dev/urandom. While we're at it, simplify the function signature to completely succeed or completely fail and make sure the caller checks the result. Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com> Nitpicked-by: Aaron Jones <aaronmdjones@gmail.com>
* wg-quick: freebsd: rebreak interface loopback, while fixing localhostJason A. Donenfeld2019-02-281-1/+1
| | | | | | | | | | | The commit 7c833642 ("wg-quick: freebsd: allow loopback to work") was supposed to make things better, but actually it just started sending legitimate localhost traffic over the WireGuard interface, which is really quite bad. This reverts commit 7c833642dfa342218602ab18e7091e86408d2982. Reported-by: Matt Smith <matt.xtaz@gmail.com>
* version: bump snapshot0.0.20190227Jason A. Donenfeld2019-02-272-2/+2
|
* queueing: net-next has changed signature of skb_probe_transport_headerJason A. Donenfeld2019-02-272-1/+7
|
* allowedips: maintain per-peer list of allowedipsJason A. Donenfeld2019-02-266-160/+129
| | | | | | | | This makes `wg show` and `wg showconf` and the like significantly faster, since we don't have to iterate through every node of the trie for every single peer. It also makes netlink cursor resumption much less problematic, since we're just iterating through a list, rather than having to save a traversal stack.
* peer: only synchronize_rcu_bh and traverse trie once when removing all peersJason A. Donenfeld2019-02-252-20/+42
|
* netlink: don't remove allowed ips for new peersJason A. Donenfeld2019-02-251-0/+3
| | | | This causes needless traversal of the trie.
* Makefile: make the depmod path configurableLuis Ressel2019-02-171-1/+2
| | | | Signed-off-by: Luis Ressel <aranea@aixah.de>
* Makefile: don't duplicate code in install and modules-installLuis Ressel2019-02-171-5/+5
| | | | Signed-off-by: Luis Ressel <aranea@aixah.de>
* compat: backport ALIGN_DOWNJason A. Donenfeld2019-02-171-0/+7
|
* compat: ipv6_stub is sometimes nullJason A. Donenfeld2019-02-171-1/+1
| | | | | | | On ancient kernels, ipv6_stub is sometimes null in cases where IPv6 has been disabled with a command line flag or other failures. Reported-by: Anatoli <me@anatoli.ws>
* tools: c_acc doesn't need to be initializedJason A. Donenfeld2019-02-081-1/+1
|
* tools: fight compiler slightly harderJason A. Donenfeld2019-02-052-2/+2
|
* chacha20: name enumsJason A. Donenfeld2019-02-041-2/+2
|
* noise: store clamped key instead of raw keyJason A. Donenfeld2019-02-039-18/+18
|
* chacha20poly1305: permit unaligned strides on certain platformsJason A. Donenfeld2019-02-031-18/+14
| | | | | | | The map allocations required to fix this are mostly slower than unaligned paths. Reported-by: Louis Sautier <sbraz@gentoo.org>
* hashtables: decouple hashtable allocations from the main device allocationSultan Alsawaf2019-02-039-25/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The hashtable allocations are quite large, and cause the device allocation in the net framework to stall sometimes while it tries to find a contiguous region that can fit the device struct: [<0000000000000000>] __switch_to+0x94/0xb8 [<0000000000000000>] __alloc_pages_nodemask+0x764/0x7e8 [<0000000000000000>] kmalloc_order+0x20/0x40 [<0000000000000000>] __kmalloc+0x144/0x1a0 [<0000000000000000>] alloc_netdev_mqs+0x5c/0x368 [<0000000000000000>] rtnl_create_link+0x48/0x180 [<0000000000000000>] rtnl_newlink+0x410/0x708 [<0000000000000000>] rtnetlink_rcv_msg+0x190/0x1f8 [<0000000000000000>] netlink_rcv_skb+0x4c/0xf8 [<0000000000000000>] rtnetlink_rcv+0x30/0x40 [<0000000000000000>] netlink_unicast+0x18c/0x208 [<0000000000000000>] netlink_sendmsg+0x19c/0x348 [<0000000000000000>] sock_sendmsg+0x3c/0x58 [<0000000000000000>] ___sys_sendmsg+0x290/0x2b0 [<0000000000000000>] __sys_sendmsg+0x58/0xa0 [<0000000000000000>] SyS_sendmsg+0x10/0x20 [<0000000000000000>] el0_svc_naked+0x34/0x38 [<0000000000000000>] 0xffffffffffffffff To fix the allocation stalls, decouple the hashtable allocations from the device allocation and allocate the hashtables with kvmalloc's implicit __GFP_NORETRY so that the allocations fall back to vmalloc with little resistance. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
* queueing: more reasonable allocator function conventionJason A. Donenfeld2019-02-033-4/+4
|
* noise: whiten the nanoseconds portion of the timestampJason A. Donenfeld2019-02-031-0/+9
| | | | | This mitigates unrelated sidechannel attacks that think they can turn WireGuard into a useful time oracle.
* highlighter: when subtracting char, cast to unsignedJason A. Donenfeld2019-01-311-2/+2
| | | | Windows.
* systemd: wg-quick should depend on nss-lookup.targetJason A. Donenfeld2019-01-301-2/+2
| | | | | | | Since wg-quick(8) calls wg(8) which does hostname lookups, we should probably only run this after we're allowed to look up hostnames. Reported-by: Anton Castelli <anton.c42@gmail.com>
* tools: remove unused check phony declarationJason A. Donenfeld2019-01-241-1/+1
|
* wg-quick: freebsd: allow loopback to workJason A. Donenfeld2019-01-241-1/+1
| | | | | | | | | | | | FreeBSD adds a route for point-to-point destination addresses. We don't really want to specify any destination address, but unfortunately we have to. Before we tried to cheat by giving our own address as the destination, but this had the unfortunate effect of preventing loopback from working on our local ip address. We work around this with yet another kludge: we set the destination address to 127.0.0.1. Since 127.0.0.1 is already assigned to an interface, this has the same effect of not specifying a destination address, and therefore we accomplish the intended behavior.
* version: bump snapshot0.0.20190123Jason A. Donenfeld2019-01-232-2/+2
|
* netlink: use __kernel_timespec for handshake timeJason A. Donenfeld2019-01-2310-13/+45
|
* contrib: introduce simple highlighter libraryJason A. Donenfeld2019-01-238-0/+904
|
* global: normalize -> clampJason A. Donenfeld2019-01-239-26/+19
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.