Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2017-04-09 | compat: support 3.16 | Jason A. Donenfeld | 8 | -111/+579 | |
2017-04-09 | data: alloca is actually as dangerous as they say | Jason A. Donenfeld | 1 | -6/+4 | |
It turns out that calling alloca from an inline function means that the memory isn't ever deallocated until the caller function exits, which means we were using tons of stack space for every iteration of the call. So, we hard code the sg array. While 128 seems like a reasonable number, we actually wind up using "MAX_SKB_FRAGS * 2 + 1". An skb has its data segment, so that's 1. Then it has its frags, which are MAX_SKB_FRAGS at max. Then it has its frag list, which, so far as I can tell, are potentially unbounded. So we just hope it's no more than MAX_SKB_FRAGS, and so we plan for at most two of those. | |||||
2017-04-08 | debug: cleanups | Jason A. Donenfeld | 2 | -3/+3 | |
2017-04-08 | qemu: ensure kernel is configured before headers are installed | Jason A. Donenfeld | 1 | -1/+1 | |
2017-04-08 | data: cleanup parallel workqueue and use two max_active | Jason A. Donenfeld | 7 | -29/+31 | |
2017-04-04 | data: simplify flow | Jason A. Donenfeld | 4 | -94/+45 | |
2017-04-04 | chacha20poly1305: check return values of sgops | Jason A. Donenfeld | 3 | -14/+22 | |
2017-04-04 | locking: always use _bh | Jason A. Donenfeld | 8 | -78/+81 | |
All locks are potentially between user context and softirq, which means we need to take the _bh variant. | |||||
2017-04-04 | qemu: new stable kernel | Jason A. Donenfeld | 1 | -1/+1 | |
2017-03-30 | chacha20poly1305: enforce authtag checking with compiler | Jason A. Donenfeld | 4 | -32/+22 | |
2017-03-30 | curve25519: protect against potential invalid point attacks | Jason A. Donenfeld | 5 | -43/+74 | |
2017-03-28 | config: do not allow peers with public keys the same as the interface | Jason A. Donenfeld | 1 | -0/+20 | |
2017-03-28 | tools: do not use addrconfig with port in gai | Jason A. Donenfeld | 1 | -1/+1 | |
2017-03-27 | main: add /sys/module/wireguard/version | Jason A. Donenfeld | 1 | -0/+1 | |
Suggested-by: Samuel Holland <samuel@sholland.org> | |||||
2017-03-27 | compat: allow create-patch to work on debian-based builds | Jason A. Donenfeld | 1 | -0/+4 | |
2017-03-24 | version: bump snapshot0.0.20170324 | Jason A. Donenfeld | 2 | -2/+2 | |
2017-03-24 | uapi: add version magic | Jason A. Donenfeld | 4 | -23/+58 | |
2017-03-24 | wg-quick: various cleanups | Jason A. Donenfeld | 1 | -5/+6 | |
2017-03-24 | socket: avoid deadlock on port retry | Jason A. Donenfeld | 1 | -4/+3 | |
2017-03-24 | tools: document # comments in wg(8) man page | Jason A. Donenfeld | 1 | -1/+3 | |
2017-03-24 | curve25519: 128-bit integer != x86_64 | Jason A. Donenfeld | 1 | -2/+8 | |
2017-03-20 | version: bump snapshot0.0.20170320.1 | Jason A. Donenfeld | 2 | -2/+2 | |
2017-03-20 | curve25519: do dispatcher in C instead of asm, since shlx is haswell only | Jason A. Donenfeld | 2 | -162/+73 | |
2017-03-20 | version: bump snapshot0.0.20170320 | Jason A. Donenfeld | 2 | -2/+2 | |
2017-03-20 | data: big refactoring | Jason A. Donenfeld | 8 | -159/+158 | |
2017-03-19 | curve25519: add AVX implementation | Jason A. Donenfeld | 5 | -24/+3699 | |
2017-03-19 | blake2s: add AVX implementation | Jason A. Donenfeld | 9 | -8/+613 | |
2017-03-19 | config: satisfy sparse | Jason A. Donenfeld | 1 | -1/+1 | |
2017-03-19 | tools: wg-quick: support old ip(8) | Pim van Pelt | 1 | -4/+8 | |
Old versions of ip(8) do not accept arguments to `ip rule show.` This patch works around that limitation. | |||||
2017-03-19 | cookie: no need to hash rng | Jason A. Donenfeld | 1 | -1/+0 | |
Since 4.8 or so, the RNG uses chacha, so we feel less scared about exposing its output directly. (Older kernels will simply suffer the paranoia.) | |||||
2017-03-19 | hashtables: get_random_int is now more secure, so expose directly | Jason A. Donenfeld | 3 | -4/+20 | |
On 4.11, get_random_u32 now either uses chacha or rdrand, rather than the horrible former MD5 construction, so we feel more comfortable exposing RNG output directly. On older kernels, we fall back to something a bit disgusting. | |||||
2017-03-14 | timers: elide enable check | Jason A. Donenfeld | 1 | -3/+3 | |
2017-02-27 | create-patch: add context below to work with busybox patch | Jason A. Donenfeld | 1 | -2/+4 | |
It turns out that GNU patch is happy to only have one line of context above the inserted area and zero lines below, because of its fuzzy match feature. However, busybox patch is crippled and terrible, and thus must have context above and below the insertion point. So, we grudgingly add it to our manually crafted minimal patch. | |||||
2017-02-27 | compat: use maybe_unused macro over gcc-specific | Jason A. Donenfeld | 1 | -1/+1 | |
2017-02-27 | data: transition to skb_reset_tc for 4.11 | Jason A. Donenfeld | 2 | -3/+11 | |
2017-02-27 | device: move sysctl toggling to open time | Jason A. Donenfeld | 1 | -30/+12 | |
2017-02-27 | receive: last_rx use is discouraged and removed in recent kernels | Jason A. Donenfeld | 1 | -1/+0 | |
2017-02-27 | device: 4.11 uses cnf for addr_gen_mode | Jason A. Donenfeld | 1 | -0/+4 | |
2017-02-23 | version: bump snapshot0.0.20170223 | Jason A. Donenfeld | 2 | -2/+2 | |
2017-02-23 | contrib: add wg-json utility | Jason A. Donenfeld | 2 | -0/+59 | |
2017-02-23 | tools: fix bash completion spaces | Jason A. Donenfeld | 2 | -5/+13 | |
2017-02-23 | tools: add wg show [interface] dump | Jason A. Donenfeld | 3 | -5/+51 | |
2017-02-23 | tools: give "off" value for fwmark | Jason A. Donenfeld | 4 | -5/+19 | |
2017-02-23 | wg-quick: allow config files without trailing newline | Jason A. Donenfeld | 1 | -1/+1 | |
2017-02-23 | socket: do not try to create v6 socket when disabled | Jason A. Donenfeld | 2 | -0/+10 | |
2017-02-21 | device: disable ICMP redirects | Jason A. Donenfeld | 1 | -1/+30 | |
The xfrm layer does this by checking for secpath, but we don't use secpath, so instead we have to jigger the config value ourselves. This is nearly always desired, since this is often how a wheel-spoke VPN works. There's very little use case for redirects with wireguard. This should be reverted if we ever move the test directly into ip_forward in net/ipv4/ip_forward.c near the call to ip_rt_send_redirect. | |||||
2017-02-20 | extract-keys: respect compat directives | Jason A. Donenfeld | 1 | -0/+4 | |
2017-02-14 | version: bump snapshot0.0.20170214 | Jason A. Donenfeld | 2 | -2/+2 | |
2017-02-14 | Revert "main: add `wg` type alias" | Jason A. Donenfeld | 1 | -2/+1 | |
This reverts commit b4f93ace76b1065ab08fd5596f31a0971b848eea. | |||||
2017-02-14 | Makefile: add module-install target | Jason A. Donenfeld | 1 | -1/+5 | |