aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/compat/compat.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* compat: workaround Ubuntu 16.10 kernel weirdnessJason A. Donenfeld2017-07-031-0/+1
|
* compat: support OpenSUSE's backportsJason A. Donenfeld2017-07-031-1/+6
|
* compat: support Ubuntu 14.04Jason A. Donenfeld2017-06-281-4/+10
|
* compat: support EL7.3Jason A. Donenfeld2017-06-281-16/+21
|
* device: remove icmp conntrack hacksJason A. Donenfeld2017-06-261-0/+31
| | | | This logic belongs upstream.
* socket: verify saddr belongs to interfaceJason A. Donenfeld2017-06-261-0/+5
| | | | | This helps "unstick" stuck source addresses, when changing routes dynamically.
* ratelimiter: rewrite from scratchJason A. Donenfeld2017-06-261-9/+12
| | | | | | | This not only removes the depenency on x_tables, but it also gives us much better performance and memory usage. Now, systems are able to have millions of WireGuard interfaces, without having to worry about a thundering herd of garbage collection.
* random: wait for random bytes when generating nonces and ephemeralsJason A. Donenfeld2017-06-121-0/+10
| | | | | | | | | | | We can let userspace configure wireguard interfaces before the RNG is fully initialized, since what we mostly care about is having good randomness for ephemerals and xchacha nonces. By deferring the wait to actually asking for the randomness, we give a lot more opportunity for gathering entropy. This won't cover entropy for hash table secrets or cookie secrets (which rotate anyway), but those have far less catastrophic failure modes, so ensuring good randomness for elliptic curve points and nonces should be sufficient.
* config: ensure the RNG is initialized before settingJason A. Donenfeld2017-06-081-0/+43
| | | | | | | | It's possible that get_random_bytes() will return bad randomness if it hasn't been seeded. This patch makes configuration block until the RNG is properly initialized. Reference: http://www.openwall.com/lists/kernel-hardening/2017/06/02/2
* debug: print interface name in dmesgJason A. Donenfeld2017-05-311-2/+2
|
* compat: remove warning for < 4.1Jason A. Donenfeld2017-05-311-2/+0
| | | | | | | | | | | | It still is sort of experimental, I suppose, especially this part in the udp_tunnel drop-in: skb_orphan(skb); sk_mem_reclaim(sk); It seems like sometimes this won't do what we want, but it's hard to diagnose exactly what's happening. In any case, nobody paid attention to that warning anyway, so let's just get rid of it.
* style: spaces after for loopsJason A. Donenfeld2017-05-301-1/+1
|
* compat: use real crypto_memneqJason A. Donenfeld2017-05-171-14/+0
|
* compat: work around ubnt offloadingJason A. Donenfeld2017-05-171-0/+4
|
* compat: ssse3 supportJason A. Donenfeld2017-05-041-0/+4
|
* compat: work on old 3.10Jason A. Donenfeld2017-04-211-0/+31
|
* tools: side channel resistant base64Jason A. Donenfeld2017-04-191-1/+1
|
* compat: warn on < 4.1Jason A. Donenfeld2017-04-091-0/+2
|
* compat: support 3.10Jason A. Donenfeld2017-04-091-3/+59
|
* compat: support 3.12Jason A. Donenfeld2017-04-091-4/+20
|
* compat: support 3.14Jason A. Donenfeld2017-04-091-4/+27
|
* compat: support 3.16Jason A. Donenfeld2017-04-091-109/+22
|
* hashtables: get_random_int is now more secure, so expose directlyJason A. Donenfeld2017-03-191-0/+19
| | | | | | | | On 4.11, get_random_u32 now either uses chacha or rdrand, rather than the horrible former MD5 construction, so we feel more comfortable exposing RNG output directly. On older kernels, we fall back to something a bit disgusting.
* compat: use maybe_unused macro over gcc-specificJason A. Donenfeld2017-02-271-1/+1
|
* data: transition to skb_reset_tc for 4.11Jason A. Donenfeld2017-02-271-0/+10
|
* socket: do not try to create v6 socket when disabledJason A. Donenfeld2017-02-231-0/+8
|
* compat: backport siphash & dst_cache from mainlineJason A. Donenfeld2017-02-131-0/+180
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.