Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2019-12-19 | compat: ipv6_dst_lookup_flow was backported to 5.3 and 5.4 | 1 | -1/+1 | ||
2019-12-17 | wg-quick: linux: use already configured addresses instead of in-memory | 1 | -6/+6 | ||
The ADDRESSES array might not have addresses added during PreUp. But moreover, nft(8) and iptables(8) don't like ip addresses in the form somev6prefix::someipv4suffix, such as fd00::1.2.3.4, while ip(8) can handle it. So by adding these first and then asking for them back, we always get normalized addresses suitable for nft(8) and iptables(8). Reported-by: Silvan Nagl <mail@53c70r.de> | |||||
2019-12-13 | tools: adjust wg.8 syntax for consistency in COMMANDS section | 1 | -1/+1 | ||
Signed-off-by: Kai Haberzettl <khaberz@gmail.com> | |||||
2019-12-12 | wg-quick: linux: try both iptables(8) and nft(8) on teardown | 1 | -1/+2 | ||
Daniel argues that technically a package manager could install nft(8) after previously having started wg-quick(8) using iptables(8). Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> | |||||
2019-12-12 | version: bump snapshot0.0.20191212 | 2 | -2/+2 | ||
2019-12-12 | main: remove unused include <linux/version.h> | 1 | -1/+0 | ||
Remove including <linux/version.h> that we don't need. Signed-off-by: YueHaibing <yuehaibing@huawei.com> | |||||
2019-12-12 | wg-quick: linux: support older nft(8) | 1 | -5/+5 | ||
Older nft(8), such as that on Ubuntu, does not accept the - parameter to the -f argument and doesn't accept symbolic priority names. So instead use the canonical numeric priority forms and use <(echo) instead of -. | |||||
2019-12-12 | global: fix up spelling | 5 | -10/+10 | ||
Signed-off-by: Josh Soref <jsoref@gmail.com> | |||||
2019-12-12 | wg-quick: linux: add support for nft and prefer it | 1 | -20/+39 | ||
If nft(8) is installed, use it. These rules should be identical to the iptables-restore(8) ones, with the advantage that cleanup is easy because we use custom table names. | |||||
2019-12-12 | compat: support building for RHEL-8.1 instead of RHEL-8.0 | 1 | -2/+2 | ||
RedHat backported to their kernel 4.18.0-147.el8 a couple features. This patch enables compiling for this kernel. Signed-off-by: Sergey Ivanov <seriv@cs.umd.edu> | |||||
2019-12-12 | socket: convert to ipv6_dst_lookup_flow for 5.5 | 2 | -3/+8 | ||
Upstream changed the API, so we introduce this super insane compat hack to make everything work again. | |||||
2019-12-06 | version: bump snapshot0.0.20191206 | 2 | -2/+2 | ||
2019-12-06 | chacha20poly1305: double check the sgmiter logic with test | 1 | -8/+59 | ||
2019-12-06 | wg-quick: linux: ignore save warnings for iptables-nft | 1 | -1/+1 | ||
2019-12-06 | wg-quick: linux: suppress more warnings on weird kernels | 1 | -4/+4 | ||
2019-12-05 | wg-quick: linux: some iptables don't like empty lines | 1 | -6/+6 | ||
Reported-by: Kenneth R. Crudup <kenny@panix.com> | |||||
2019-12-05 | crypto: use new assembler macros for 5.5 | 6 | -14/+19 | ||
2019-12-05 | chacha20poly1305: port to sgmitter for 5.5 | 6 | -122/+151 | ||
I'm not totally comfortable with these changes yet, and it'll require some more scrutiny. But it's a start. | |||||
2019-12-05 | netlink: prepare for removal of genl_family_attrbuf in 5.5 | 2 | -8/+20 | ||
2019-12-05 | version: bump snapshot0.0.20191205 | 2 | -2/+2 | ||
2019-12-05 | wg-quick: linux: iptables-* -w is not widely supported | 1 | -2/+2 | ||
2019-12-05 | ipc: make sure userspace communication frees wgdevice | 2 | -11/+16 | ||
2019-12-05 | send: avoid touching skb->{next,prev} directly | 1 | -2/+2 | ||
This isn't quite the same, since mark_not_on_list doesn't touch skb->prev, but hopefully it doesn't matter. | |||||
2019-12-05 | device: prepare skb_list_walk_safe for upstreaming | 3 | -9/+13 | ||
2019-12-05 | send: use kfree_skb_list | 1 | -9/+2 | ||
2019-12-05 | wg-quick: linux: have remove_iptables return true | 1 | -1/+1 | ||
Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de> | |||||
2019-12-05 | wg-quick: linux: ensure postdown hooks execute | 1 | -2/+2 | ||
Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de> | |||||
2019-11-27 | wg-quick: linux: suppress error when finding unused table | 1 | -1/+1 | ||
2019-11-27 | version: bump snapshot0.0.20191127 | 2 | -2/+2 | ||
2019-11-27 | tools: add syncconf command | 3 | -0/+97 | ||
2019-11-27 | reresolve-dns: remove invalid anchors on regex match | 1 | -1/+1 | ||
Reported-by: Conrad Meyer <cem@freebsd.org> | |||||
2019-11-27 | qemu: bump version | 1 | -1/+1 | ||
2019-11-27 | qemu: respect PATH when finding CBUILD | 1 | -1/+1 | ||
2019-11-27 | qemu: work around build bug with powerpc64le | 1 | -0/+1 | ||
2019-11-27 | wg-quick: linux: filter bogus injected packets and don't disable rpfilter | 1 | -8/+29 | ||
2019-11-26 | wg-quick: linux: only touch net.ipv4 for v4 | 1 | -3/+5 | ||
2019-11-26 | allowedips: avoid double lock in selftest error case | 1 | -8/+9 | ||
2019-11-26 | socket: remove redundant check of new4 | 1 | -1/+1 | ||
2019-11-26 | allowedips: safely dereference rcu roots | 1 | -6/+10 | ||
2019-10-30 | messages: recalculate rekey max based on a one minute flood | 1 | -1/+1 | ||
Discussed-with: Mathias Hall-Andersen <mathias@hall-andersen.dk> | |||||
2019-10-16 | wg-quick: android: check for null in binder cleanup functions | 1 | -3/+6 | ||
2019-10-12 | version: bump snapshot0.0.20191012 | 2 | -2/+2 | ||
2019-10-12 | wg-quick: android: use Binder for setting DNS on Android 10 | 1 | -7/+429 | ||
Signed-off-by: Nicolas Douma <nicolas@serveur.io> | |||||
2019-10-11 | noise: recompare stamps after taking write lock | 1 | -2/+6 | ||
2019-10-11 | netlink: allow preventing creation of new peers when updating | 2 | -9/+12 | ||
This enables race-free updates for wg-dynamic and similar tools. Suggested-by: Thomas Gschwantner <tharre3@gmail.com> | |||||
2019-10-11 | netns: add test for failing 5.3 FIB changes | 2 | -1/+24 | ||
Reference: https://lore.kernel.org/netdev/20190924073615.31704-1-Jason@zx2c4.com/ | |||||
2019-10-11 | qemu: bump default version | 1 | -1/+1 | ||
2019-09-13 | version: bump snapshot0.0.20190913 | 2 | -2/+2 | ||
2019-09-13 | compat: support rhel/centos 7.7 | 1 | -1/+1 | ||
2019-09-13 | Kbuild: squelch warnings for stack limit on broken kernel configs | 1 | -0/+1 | ||
1280 is considered the absolute minimum for 64bit archs. |