| Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
I'm not sure if fwmark is the correct way to do it, but for the time
being it works.
|
|
This is required for the Cython library I'm working on. I don't see this
causing any issues.
|
|
|
|
|
|
This isn't as foolproof as I would like, however it seems to work with both
wireguard-openbsd and wireguard-go.
|
|
The set AIP ioctl was actually not called in openbsd_set_device. Also,
specify ipv4 and ipv6 when copying the addresses.
|
|
|
|
|
|
Before mdlayher notified me that wg(8) actually can view the device
private key (with `WG_HIDE_KEYS=never wg`), I did not have a need for
it. It was straight forward to add in kernel.
This functionality will also be implemented in wgctrl-go.
|
|
|
|
While this isn't complete, it is a good representation of what needs to
be done. The biggest problem to fix is that the kernel module has no
concept of 'replacing' peers or allowedips.
|
|
|
|
|
|
Reference: https://lists.zx2c4.com/pipermail/wireguard/2019-April/004081.html
|
|
|
|
Otherwise if this list item is later reused, we'll crash on list poison
or worse.
Also, add a version of Mimka's reproducer to netns.sh to catch these
types of bugs in the future.
Reported-by: Mimka <mikma.wg@lists.m7n.se>
|
|
|
|
|
|
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
|
|
|
Suggested-by: David Miller <davem@davemloft.net>
|
|
DaveM doth forbid.
Suggested-by: David Miller <davem@davemloft.net>
|
|
|
|
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
|
`wg-quick strip` prints the config file to stdout after stripping it of
all wg-quick-specific options.
This enables tricks such as `wg addconf $DEV <(wg-quick strip $DEV)`.
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
|
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
|
Otherwise mktemp doesn't see it, and if it's empty we wind up in /.
|
|
|
|
In d2c5c103b133 ("netfilter: nat: remove nf_nat_l3proto.h and
nf_nat_core.h").
Signed-off-by: Bruno Wolff III <bruno@wolff.to>
|
|
Signed-off-by: Alexander von Gluck IV <kallisti5@unixzen.com>
|
|
Apparently Haiku has a misbehaving /dev/urandom.
While we're at it, simplify the function signature to completely succeed
or completely fail and make sure the caller checks the result.
Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Nitpicked-by: Aaron Jones <aaronmdjones@gmail.com>
|
|
The commit 7c833642 ("wg-quick: freebsd: allow loopback to work") was
supposed to make things better, but actually it just started sending
legitimate localhost traffic over the WireGuard interface, which is
really quite bad.
This reverts commit 7c833642dfa342218602ab18e7091e86408d2982.
Reported-by: Matt Smith <matt.xtaz@gmail.com>
|
|
|
|
|
|
This makes `wg show` and `wg showconf` and the like significantly
faster, since we don't have to iterate through every node of the trie
for every single peer. It also makes netlink cursor resumption much less
problematic, since we're just iterating through a list, rather than
having to save a traversal stack.
|
|
|
|
This causes needless traversal of the trie.
|
|
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
|
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
|
|
|
On ancient kernels, ipv6_stub is sometimes null in cases where IPv6 has
been disabled with a command line flag or other failures.
Reported-by: Anatoli <me@anatoli.ws>
|
|
|
|
|
|
|
|
|
|
The map allocations required to fix this are mostly slower than
unaligned paths.
Reported-by: Louis Sautier <sbraz@gentoo.org>
|
|
The hashtable allocations are quite large, and cause the device allocation in
the net framework to stall sometimes while it tries to find a contiguous region
that can fit the device struct:
[<0000000000000000>] __switch_to+0x94/0xb8
[<0000000000000000>] __alloc_pages_nodemask+0x764/0x7e8
[<0000000000000000>] kmalloc_order+0x20/0x40
[<0000000000000000>] __kmalloc+0x144/0x1a0
[<0000000000000000>] alloc_netdev_mqs+0x5c/0x368
[<0000000000000000>] rtnl_create_link+0x48/0x180
[<0000000000000000>] rtnl_newlink+0x410/0x708
[<0000000000000000>] rtnetlink_rcv_msg+0x190/0x1f8
[<0000000000000000>] netlink_rcv_skb+0x4c/0xf8
[<0000000000000000>] rtnetlink_rcv+0x30/0x40
[<0000000000000000>] netlink_unicast+0x18c/0x208
[<0000000000000000>] netlink_sendmsg+0x19c/0x348
[<0000000000000000>] sock_sendmsg+0x3c/0x58
[<0000000000000000>] ___sys_sendmsg+0x290/0x2b0
[<0000000000000000>] __sys_sendmsg+0x58/0xa0
[<0000000000000000>] SyS_sendmsg+0x10/0x20
[<0000000000000000>] el0_svc_naked+0x34/0x38
[<0000000000000000>] 0xffffffffffffffff
To fix the allocation stalls, decouple the hashtable allocations from the device
allocation and allocate the hashtables with kvmalloc's implicit __GFP_NORETRY
so that the allocations fall back to vmalloc with little resistance.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
|