Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2016-09-29 | compat: Isolate more functions | Jason A. Donenfeld | 2 | -59/+97 | |
2016-09-29 | Rework headers and includes | Jason A. Donenfeld | 33 | -180/+190 | |
2016-09-29 | poly1305: optimize unaligned access | René van Dorst | 1 | -0/+30 | |
2016-08-30 | tools: allow multiple AllowedIPs invocations | Jason A. Donenfeld | 1 | -1/+0 | |
It turns out this is a somewhat natural thing to do in config files. | |||||
2016-08-29 | send: properly encapsulate ECN | Jason A. Donenfeld | 4 | -16/+38 | |
We're not leaking the DSCP, but we do deal with ECN. | |||||
2016-08-29 | netns: remove dangling $@ | Jason A. Donenfeld | 1 | -4/+4 | |
2016-08-26 | examples: add key extractor | Jason A. Donenfeld | 4 | -0/+221 | |
2016-08-24 | examples: add nat-hole-punching | Jason A. Donenfeld | 3 | -0/+354 | |
2016-08-22 | socket: use isdigit | Jason A. Donenfeld | 1 | -1/+2 | |
2016-08-22 | routingtable: hyphen was ugly | Jason A. Donenfeld | 4 | -3/+3 | |
2016-08-22 | hashtables: use rdrand() instead of counter | Jason A. Donenfeld | 3 | -5/+7 | |
2016-08-21 | tests: test jumbo frames with more transfer | Jason A. Donenfeld | 1 | -4/+19 | |
2016-08-17 | qemu: enhancements | Jason A. Donenfeld | 3 | -32/+98 | |
2016-08-16 | send: needless debugging check | Jason A. Donenfeld | 1 | -2/+1 | |
2016-08-12 | tests: add crypto-RP filter test | Jason A. Donenfeld | 3 | -1/+34 | |
2016-08-10 | main: load driver late in boot process when debugging | Jason A. Donenfeld | 1 | -0/+6 | |
2016-08-10 | main: fix typo | Jason A. Donenfeld | 1 | -1/+1 | |
2016-08-10 | qemu: lock distfiles | Jason A. Donenfeld | 1 | -19/+34 | |
2016-08-09 | qemu: allow testing with RCs | Jason A. Donenfeld | 1 | -2/+8 | |
2016-08-09 | ratelimiter: hard-depend on runtime dependencies | Jason A. Donenfeld | 1 | -0/+7 | |
2016-08-08 | ratelimiter: do not require IPv6experimental-0.0.20160808 | Jason A. Donenfeld | 1 | -4/+12 | |
2016-08-08 | tests: use makefile and expand greatly | Jason A. Donenfeld | 9 | -237/+609 | |
2016-08-08 | persistent-keepalive: change range to [1,65535] | Jason A. Donenfeld | 3 | -11/+8 | |
2016-08-03 | Kbuild: move module deps out of tests/ | Jason A. Donenfeld | 2 | -18/+16 | |
2016-08-02 | selftest: move to subfolder | Jason A. Donenfeld | 12 | -414/+422 | |
2016-08-02 | tools: use correct headers in ipc | Jason A. Donenfeld | 1 | -2/+2 | |
2016-08-02 | tools: do not show private keys in pretty output | Jason A. Donenfeld | 3 | -3/+14 | |
2016-08-02 | contrib: move patchers to contrib/kernel-tree | Jason A. Donenfeld | 2 | -1/+21 | |
2016-08-02 | Makefile: check tools as part of make check | Jason A. Donenfeld | 1 | -0/+1 | |
2016-08-02 | uapi: typeof is not necessary | Jason A. Donenfeld | 1 | -4/+4 | |
2016-08-02 | c: specify static array size in function params | Jason A. Donenfeld | 17 | -58/+58 | |
The C standard states: A declaration of a parameter as ``array of type'' shall be adjusted to ``qualified pointer to type'', where the type qualifiers (if any) are those specified within the [ and ] of the array type derivation. If the keyword static also appears within the [ and ] of the array type derivation, then for each call to the function, the value of the corresponding actual argument shall provide access to the first element of an array with at least as many elements as specified by the size expression. By changing void func(int array[4]) to void func(int array[static 4]), we automatically get the compiler checking argument sizes for us, which is quite nice. | |||||
2016-08-02 | timers: use more clear pow macro | Jason A. Donenfeld | 1 | -1/+1 | |
2016-07-23 | ratelimiter: correct comment | Jason A. Donenfeld | 1 | -1/+1 | |
2016-07-23 | timers: upstream removed the slack concept | Jason A. Donenfeld | 2 | -9/+9 | |
No longer do we specify slack ourselves. Instead we need to add it directly in the main scheduling. | |||||
2016-07-22 | tools: use stream instead of seqpacketexperimental-0.0.20160722 | Jason A. Donenfeld | 1 | -18/+31 | |
To support OS X and Windows, we have to. Ugh. | |||||
2016-07-22 | tools: Use seqpacket instead of dgram | Jason A. Donenfeld | 3 | -35/+22 | |
2016-07-22 | index hashtable: run random indices through siphash | Jason A. Donenfeld | 2 | -1/+7 | |
If /dev/urandom is a NOBUS RNG backdoor, like the infamous Dual_EC_DRBG, then sending 4 bytes of raw RNG output over the wire directly might not be such a great idea. This mitigates that vulnerability by, at some point before the indices are generated, creating a random secret. Then, for each session index, we simply run SipHash24 on an incrementing counter. This is probably overkill because /dev/urandom is probably not a backdoored RNG, and itself already uses several rounds of SHA-1 for mixing. If the kernel RNG is backdoored, there may very well be bigger problems at play. Four bytes is also not so many bytes. | |||||
2016-07-22 | cookie: do not expose csprng directly | Jason A. Donenfeld | 1 | -0/+1 | |
It may not be wise to directly publish the output of the CSPRNG, so we run the output through a round of Blake2s first. | |||||
2016-07-22 | tools: add -MP to makefile | Jason A. Donenfeld | 1 | -1/+1 | |
2016-07-22 | socket: fix compat for 4.1 v6 sockets | Jason A. Donenfeld | 1 | -3/+9 | |
It turns out 4.1 is even more broken than expected. While both 4.1 and 4.2 need to jigger the sysctl nob temporarily, it turns out that in 4.1 it's looking in the wrong namespace for the nob value. So, we have to account for the different namespace semantics in the different versions. Super ugly. But, all this code goes away once we upstream. | |||||
2016-07-21 | socket: reset IPv4 socket to NULL after free | Jason A. Donenfeld | 1 | -0/+1 | |
2016-07-21 | socket: simpler debug message | Jason A. Donenfeld | 1 | -2/+2 | |
2016-07-21 | tools: add default cflag | Jason A. Donenfeld | 1 | -0/+1 | |
2016-07-21 | tools: propagate set errno | Jason A. Donenfeld | 1 | -0/+1 | |
2016-07-21 | tools: abstract sockets are dangerous | Jason A. Donenfeld | 1 | -28/+1 | |
They have no permissions, so we're probably better off just creating a socket file with the umask set, as we do in BSD. | |||||
2016-07-21 | Kconfig: select IP6_NF_IPTABLES if using IPV6experimental-0.0.20160721 | Jason A. Donenfeld | 1 | -0/+1 | |
2016-07-21 | tools: rename kernel to ipc | Jason A. Donenfeld | 7 | -25/+25 | |
2016-07-21 | tools: support horrible freebsd/osx/unix semantics | Jason A. Donenfeld | 1 | -1/+66 | |
2016-07-20 | tools: first additions of userspace integration | Jason A. Donenfeld | 9 | -50/+277 | |
This is designed to work with a server that follows this: struct sockaddr_un addr = { .sun_family = AF_UNIX, .sun_path = "/var/run/wireguard/wguserspace0.sock" }; int fd, ret; ssize_t len; socklen_t socklen; struct wgdevice *device; fd = socket(AF_UNIX, SOCK_DGRAM, 0); if (fd < 0) exit(1); if (bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) exit(1); for (;;) { /* First we look at how big the next message is, so we know how much to * allocate. Note on BSD you can instead use ioctl(fd, FIONREAD, &len). */ len = recv(fd, NULL, 0, MSG_PEEK | MSG_TRUNC); if (len < 0) { handle_error(); continue; } /* Next we allocate a buffer for the received data. */ device = NULL; if (len) { device = malloc(len); if (!device) { handle_error(); continue; } } /* Finally we receive the data, storing too the return address. */ socklen = sizeof(addr); len = recvfrom(fd, device, len, 0, (struct sockaddr *)&addr, (socklen_t *)&socklen); if (len < 0) { handle_error(); free(device); continue; } if (!len) { /* If len is zero, it's a "get" request, so we send our device back. */ device = get_current_wireguard_device(&len); sendto(fd, device, len, 0, (struct sockaddr *)&addr, socklen); } else { /* Otherwise, we just received a wgdevice, so we should "set" and send back the return status. */ ret = set_current_wireguard_device(device); sendto(fd, &ret, sizeof(ret), 0, (struct sockaddr *)&addr, socklen); free(device); } } | |||||
2016-07-18 | build system: revamp building and configuration | Jason A. Donenfeld | 7 | -84/+76 | |