Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | WIP: Automatically update PMTU for tunneled destinationslr/pmtu | Luis Ressel | 2018-01-13 | 1 | -1/+26 |
| | |||||
* | global: year bump | Jason A. Donenfeld | 2018-01-03 | 1 | -1/+1 |
| | |||||
* | global: add SPDX tags to all files | Greg Kroah-Hartman | 2017-12-09 | 1 | -1/+4 |
| | | | | | | | | | | | | | It's good to have SPDX identifiers in all files as the Linux kernel developers are working to add these identifiers to all files. Update all files with the correct SPDX license identifier based on the license text of the project or based on the license in the file itself. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Modified-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | device: clear last handshake timer on ifdown | Jason A. Donenfeld | 2017-11-29 | 1 | -0/+1 |
| | | | | | | | Otherwise new handshakes might not occur immediately when the interface goes up and down. Also initialize peers to having a proper zeroed handshake jiffies. | ||||
* | device: do not clear keys during sleep on Android | Jason A. Donenfeld | 2017-11-28 | 1 | -4/+4 |
| | | | | | | This makes sense for the security model of laptops, but not for clicking phones on and off, where we actually want to be able to handle incoming packets. | ||||
* | device: uninitialize socket first in destruction | Jason A. Donenfeld | 2017-11-17 | 1 | -2/+2 |
| | |||||
* | socket: only free socket after successful creation of new | Jason A. Donenfeld | 2017-11-17 | 1 | -3/+3 |
| | | | | | | | | | | | | | | When an interface is down, the socket port can change freely. A socket will be allocated when the interface comes up, and if a socket can't be allocated, the interface doesn't come up. However, a socket port can change while the interface is up. In this case, if a new socket with a new port cannot be allocated, it's important to keep the interface in a consistent state. The choices are either to bring down the interface or to preserve the old socket. This patch implements the latter. Reported-by: Marc-Antoine Perennou <keruspe@exherbo.org> | ||||
* | allowedips: rename from routingtable | Jason A. Donenfeld | 2017-11-10 | 1 | -3/+3 |
| | | | | Makes it more clear that this _not_ a routing table replacement. | ||||
* | device: wait for all peers to be freed before destroying | Jason A. Donenfeld | 2017-11-10 | 1 | -0/+1 |
| | |||||
* | device: please lockdep | Jason A. Donenfeld | 2017-11-03 | 1 | -1/+1 |
| | |||||
* | device: expand scope of destruct lock | Jason A. Donenfeld | 2017-10-31 | 1 | -2/+2 |
| | |||||
* | device: only take reference if netns is different | Jason A. Donenfeld | 2017-10-31 | 1 | -9/+50 |
| | | | | | | If we take two references, the namespace and the device are never freed in the usual manner. We should thus only take a reference to another namespace when it is a different namespace from our own. | ||||
* | global: style nits | Jason A. Donenfeld | 2017-10-31 | 1 | -4/+8 |
| | |||||
* | global: infuriating kernel iterator style | Jason A. Donenfeld | 2017-10-31 | 1 | -4/+4 |
| | | | | | | | | | | | | | | | | | One types: for (i = 0 ... So one should also type: for_each_obj (obj ... But the upstream kernel style guidelines are insane, and so we must instead do: for_each_obj(obj ... Ugly, but one must choose his battles wisely. | ||||
* | peer: get rid of peer_for_each magic | Jason A. Donenfeld | 2017-10-31 | 1 | -6/+12 |
| | | | | | | | | | Since the peer list is protected by the device_update_lock, and since items are removed from the peer list before putting their final reference, we don't actually need to take a reference when iterating. This allows us to simplify the macro considerably. Suggested-by: Johannes Berg <johannes@sipsolutions.net> | ||||
* | global: accept decent check_patch.pl suggestions | Jason A. Donenfeld | 2017-10-31 | 1 | -1/+2 |
| | |||||
* | device: no need to take lock for integer comparison | Jason A. Donenfeld | 2017-10-17 | 1 | -4/+3 |
| | |||||
* | device: our use of queues means this check is worthless | Jason A. Donenfeld | 2017-10-17 | 1 | -6/+0 |
| | |||||
* | compat: move version logic to compat.h and out of main .c | Jason A. Donenfeld | 2017-10-11 | 1 | -6/+6 |
| | |||||
* | routingtable: only use device's mutex, not a special rt one | Jason A. Donenfeld | 2017-10-09 | 1 | -1/+1 |
| | |||||
* | queueing: use ptr_ring instead of linked lists | Jason A. Donenfeld | 2017-10-05 | 1 | -6/+6 |
| | |||||
* | global: add space around variable declarations | Jason A. Donenfeld | 2017-10-03 | 1 | -1/+2 |
| | |||||
* | netlink: switch from ioctl to netlink for configuration | Jason A. Donenfeld | 2017-10-02 | 1 | -21/+3 |
| | |||||
* | timers: convert to use netif_running | Jason A. Donenfeld | 2017-09-24 | 1 | -2/+1 |
| | |||||
* | queue: entirely rework parallel system | Jason A. Donenfeld | 2017-09-18 | 1 | -47/+37 |
| | | | | | | | | | | This removes our dependency on padata and moves to a different mode of multiprocessing that is more efficient. This began as Samuel Holland's GSoC project and was gradually reworked/redesigned/rebased into this present commit, which is a combination of his initial contribution and my subsequent rewriting and redesigning. | ||||
* | device: IFF_NO_QUEUE is a private flag, not a public one | Jason A. Donenfeld | 2017-09-11 | 1 | -1/+1 |
| | |||||
* | timers: rename confusingly named functions and variables | Jason A. Donenfeld | 2017-08-04 | 1 | -2/+2 |
| | | | | Suggested-by: Mathias Hall-Andersen <mathias@hall-andersen.dk> | ||||
* | global: use pointer to net_device | Jason A. Donenfeld | 2017-07-20 | 1 | -0/+1 |
| | | | | | | DaveM prefers it to be this way per [1]. [1] http://www.spinics.net/lists/netdev/msg443992.html | ||||
* | device: support 4.13's extact newlink param | Jason A. Donenfeld | 2017-07-20 | 1 | -1/+1 |
| | |||||
* | device: cleanup register_netdev logic | Jason A. Donenfeld | 2017-07-06 | 1 | -15/+7 |
| | |||||
* | compat: priv_destructor got backported | Jason A. Donenfeld | 2017-07-06 | 1 | -5/+7 |
| | |||||
* | global: cleanup IP header checking | Jason A. Donenfeld | 2017-06-26 | 1 | -1/+7 |
| | | | | This way is more correct and ensures we're within the skb head. | ||||
* | device: remove icmp conntrack hacks | Jason A. Donenfeld | 2017-06-26 | 1 | -33/+6 |
| | | | | This logic belongs upstream. | ||||
* | device: avoid double icmp send on routing loop | Jason A. Donenfeld | 2017-06-26 | 1 | -1/+0 |
| | |||||
* | ratelimiter: rewrite from scratch | Jason A. Donenfeld | 2017-06-26 | 1 | -3/+5 |
| | | | | | | | This not only removes the depenency on x_tables, but it also gives us much better performance and memory usage. Now, systems are able to have millions of WireGuard interfaces, without having to worry about a thundering herd of garbage collection. | ||||
* | device: only use one sleep notifier | Jason A. Donenfeld | 2017-06-24 | 1 | -19/+26 |
| | | | | | This greatly improves performance when adding and removing interfaces, since the power registration function does a linear search each time. | ||||
* | device: netdevice destruction logic change for 4.12 | Jason A. Donenfeld | 2017-06-24 | 1 | -4/+13 |
| | |||||
* | main: annotate init/exit functions to save memory | Jason A. Donenfeld | 2017-06-24 | 1 | -2/+2 |
| | |||||
* | device: do-while assignment style | Jason A. Donenfeld | 2017-06-01 | 1 | -1/+1 |
| | |||||
* | debug: print interface name in dmesg | Jason A. Donenfeld | 2017-05-31 | 1 | -5/+5 |
| | |||||
* | device: keep going when share_check fails | Jason A. Donenfeld | 2017-05-30 | 1 | -4/+4 |
| | | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> | ||||
* | style: spaces after for loops | Jason A. Donenfeld | 2017-05-30 | 1 | -1/+1 |
| | |||||
* | peer: use iterator macro instead of callback | Jason A. Donenfeld | 2017-05-30 | 1 | -28/+22 |
| | |||||
* | handshake: process in parallel | Jason A. Donenfeld | 2017-05-30 | 1 | -19/+36 |
| | |||||
* | device: use rcu_barrier_bh | Jason A. Donenfeld | 2017-04-14 | 1 | -2/+2 |
| | |||||
* | compat: support 3.16 | Jason A. Donenfeld | 2017-04-09 | 1 | -0/+4 |
| | |||||
* | data: cleanup parallel workqueue and use two max_active | Jason A. Donenfeld | 2017-04-08 | 1 | -18/+18 |
| | |||||
* | device: move sysctl toggling to open time | Jason A. Donenfeld | 2017-02-27 | 1 | -30/+12 |
| | |||||
* | device: 4.11 uses cnf for addr_gen_mode | Jason A. Donenfeld | 2017-02-27 | 1 | -0/+4 |
| | |||||
* | device: disable ICMP redirects | Jason A. Donenfeld | 2017-02-21 | 1 | -1/+30 |
| | | | | | | | | | | | | The xfrm layer does this by checking for secpath, but we don't use secpath, so instead we have to jigger the config value ourselves. This is nearly always desired, since this is often how a wheel-spoke VPN works. There's very little use case for redirects with wireguard. This should be reverted if we ever move the test directly into ip_forward in net/ipv4/ip_forward.c near the call to ip_rt_send_redirect. |