| Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This (mostly) preserves the performance (as measured on Haswell and
*lake) of last commit, but it drastically reduces code size.
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
|
In every odd-numbered round, instead of operating over the state
x00 x01 x02 x03
x05 x06 x07 x04
x10 x11 x08 x09
x15 x12 x13 x14
we operate over the rotated state
x03 x00 x01 x02
x04 x05 x06 x07
x09 x10 x11 x08
x14 x15 x12 x13
The advantage here is that this requires no changes to the
'x04 x05 x06 x07' row, which is in the critical path. This
results in a noticeable latency improvement of roughly R
cycles, for R diagonal rounds in the primitive.
In the case of BLAKE2s, which I also moved from requiring AVX
to only requiring SSSE3, we save approximately 30 cycles per
compression function call on Haswell and Skylake. In other
words, this is an improvement of ~0.6 cpb.
This idea was pointed out to me by Shunsuke Shimizu, though
it appears to have been around for longer.
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
|
It insta-crashes on x86.
|
|
|
|
Apparently cdd750bfb1f76fe9be8cfb53cbe77b2e811081ab changed things, so
we fall back onto this hack.
Reported-by: Alex Xu <alex@alxu.ca>
|
|
|
|
|
|
|
|
Reported-by: Bruno Wolff III <bruno@wolff.to>
|
|
This was never really correct, and then 5.1 broke it entirely.
Reported-by: piraty1@inbox.ru
|
|
|
|
This allows the kernel to generate ipv6 fragments. Apply the same
to ipv4 for consistency.
Signed-off-by: Joe Holden <jwh@zorins.us>
|
|
|
|
|
|
Reference: https://lists.zx2c4.com/pipermail/wireguard/2019-April/004081.html
|
|
|
|
Otherwise if this list item is later reused, we'll crash on list poison
or worse.
Also, add a version of Mimka's reproducer to netns.sh to catch these
types of bugs in the future.
Reported-by: Mimka <mikma.wg@lists.m7n.se>
|
|
|
|
|
|
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
|
|
|
|
Suggested-by: David Miller <davem@davemloft.net>
|
|
DaveM doth forbid.
Suggested-by: David Miller <davem@davemloft.net>
|
|
|
|
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
|
`wg-quick strip` prints the config file to stdout after stripping it of
all wg-quick-specific options.
This enables tricks such as `wg addconf $DEV <(wg-quick strip $DEV)`.
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
|
Signed-off-by: Luis Ressel <aranea@aixah.de>
|
|
Otherwise mktemp doesn't see it, and if it's empty we wind up in /.
|
|
|
|
In d2c5c103b133 ("netfilter: nat: remove nf_nat_l3proto.h and
nf_nat_core.h").
Signed-off-by: Bruno Wolff III <bruno@wolff.to>
|
|
Signed-off-by: Alexander von Gluck IV <kallisti5@unixzen.com>
|
|
Apparently Haiku has a misbehaving /dev/urandom.
While we're at it, simplify the function signature to completely succeed
or completely fail and make sure the caller checks the result.
Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Nitpicked-by: Aaron Jones <aaronmdjones@gmail.com>
|
|
The commit 7c833642 ("wg-quick: freebsd: allow loopback to work") was
supposed to make things better, but actually it just started sending
legitimate localhost traffic over the WireGuard interface, which is
really quite bad.
This reverts commit 7c833642dfa342218602ab18e7091e86408d2982.
Reported-by: Matt Smith <matt.xtaz@gmail.com>
|
|
|
|
|
|
This makes `wg show` and `wg showconf` and the like significantly
faster, since we don't have to iterate through every node of the trie
for every single peer. It also makes netlink cursor resumption much less
problematic, since we're just iterating through a list, rather than
having to save a traversal stack.
|
|
|
|
This causes needless traversal of the trie.
|