aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/dkms.conf (unfollow)
Commit message (Collapse)AuthorFilesLines
2017-04-09compat: support 3.16Jason A. Donenfeld8-111/+579
2017-04-09data: alloca is actually as dangerous as they sayJason A. Donenfeld1-6/+4
It turns out that calling alloca from an inline function means that the memory isn't ever deallocated until the caller function exits, which means we were using tons of stack space for every iteration of the call. So, we hard code the sg array. While 128 seems like a reasonable number, we actually wind up using "MAX_SKB_FRAGS * 2 + 1". An skb has its data segment, so that's 1. Then it has its frags, which are MAX_SKB_FRAGS at max. Then it has its frag list, which, so far as I can tell, are potentially unbounded. So we just hope it's no more than MAX_SKB_FRAGS, and so we plan for at most two of those.
2017-04-08debug: cleanupsJason A. Donenfeld2-3/+3
2017-04-08qemu: ensure kernel is configured before headers are installedJason A. Donenfeld1-1/+1
2017-04-08data: cleanup parallel workqueue and use two max_activeJason A. Donenfeld7-29/+31
2017-04-04data: simplify flowJason A. Donenfeld4-94/+45
2017-04-04chacha20poly1305: check return values of sgopsJason A. Donenfeld3-14/+22
2017-04-04locking: always use _bhJason A. Donenfeld8-78/+81
All locks are potentially between user context and softirq, which means we need to take the _bh variant.
2017-04-04qemu: new stable kernelJason A. Donenfeld1-1/+1
2017-03-30chacha20poly1305: enforce authtag checking with compilerJason A. Donenfeld4-32/+22
2017-03-30curve25519: protect against potential invalid point attacksJason A. Donenfeld5-43/+74
2017-03-28config: do not allow peers with public keys the same as the interfaceJason A. Donenfeld1-0/+20
2017-03-28tools: do not use addrconfig with port in gaiJason A. Donenfeld1-1/+1
2017-03-27main: add /sys/module/wireguard/versionJason A. Donenfeld1-0/+1
Suggested-by: Samuel Holland <samuel@sholland.org>
2017-03-27compat: allow create-patch to work on debian-based buildsJason A. Donenfeld1-0/+4
2017-03-24version: bump snapshot0.0.20170324Jason A. Donenfeld2-2/+2
2017-03-24uapi: add version magicJason A. Donenfeld4-23/+58
2017-03-24wg-quick: various cleanupsJason A. Donenfeld1-5/+6
2017-03-24socket: avoid deadlock on port retryJason A. Donenfeld1-4/+3
2017-03-24tools: document # comments in wg(8) man pageJason A. Donenfeld1-1/+3
2017-03-24curve25519: 128-bit integer != x86_64Jason A. Donenfeld1-2/+8
2017-03-20version: bump snapshot0.0.20170320.1Jason A. Donenfeld2-2/+2
2017-03-20curve25519: do dispatcher in C instead of asm, since shlx is haswell onlyJason A. Donenfeld2-162/+73
2017-03-20version: bump snapshot0.0.20170320Jason A. Donenfeld2-2/+2
2017-03-20data: big refactoringJason A. Donenfeld8-159/+158
2017-03-19curve25519: add AVX implementationJason A. Donenfeld5-24/+3699
2017-03-19blake2s: add AVX implementationJason A. Donenfeld9-8/+613
2017-03-19config: satisfy sparseJason A. Donenfeld1-1/+1
2017-03-19tools: wg-quick: support old ip(8)Pim van Pelt1-4/+8
Old versions of ip(8) do not accept arguments to `ip rule show.` This patch works around that limitation.
2017-03-19cookie: no need to hash rngJason A. Donenfeld1-1/+0
Since 4.8 or so, the RNG uses chacha, so we feel less scared about exposing its output directly. (Older kernels will simply suffer the paranoia.)
2017-03-19hashtables: get_random_int is now more secure, so expose directlyJason A. Donenfeld3-4/+20
On 4.11, get_random_u32 now either uses chacha or rdrand, rather than the horrible former MD5 construction, so we feel more comfortable exposing RNG output directly. On older kernels, we fall back to something a bit disgusting.
2017-03-14timers: elide enable checkJason A. Donenfeld1-3/+3
2017-02-27create-patch: add context below to work with busybox patchJason A. Donenfeld1-2/+4
It turns out that GNU patch is happy to only have one line of context above the inserted area and zero lines below, because of its fuzzy match feature. However, busybox patch is crippled and terrible, and thus must have context above and below the insertion point. So, we grudgingly add it to our manually crafted minimal patch.
2017-02-27compat: use maybe_unused macro over gcc-specificJason A. Donenfeld1-1/+1
2017-02-27data: transition to skb_reset_tc for 4.11Jason A. Donenfeld2-3/+11
2017-02-27device: move sysctl toggling to open timeJason A. Donenfeld1-30/+12
2017-02-27receive: last_rx use is discouraged and removed in recent kernelsJason A. Donenfeld1-1/+0
2017-02-27device: 4.11 uses cnf for addr_gen_modeJason A. Donenfeld1-0/+4
2017-02-23version: bump snapshot0.0.20170223Jason A. Donenfeld2-2/+2
2017-02-23contrib: add wg-json utilityJason A. Donenfeld2-0/+59
2017-02-23tools: fix bash completion spacesJason A. Donenfeld2-5/+13
2017-02-23tools: add wg show [interface] dumpJason A. Donenfeld3-5/+51
2017-02-23tools: give "off" value for fwmarkJason A. Donenfeld4-5/+19
2017-02-23wg-quick: allow config files without trailing newlineJason A. Donenfeld1-1/+1
2017-02-23socket: do not try to create v6 socket when disabledJason A. Donenfeld2-0/+10
2017-02-21device: disable ICMP redirectsJason A. Donenfeld1-1/+30
The xfrm layer does this by checking for secpath, but we don't use secpath, so instead we have to jigger the config value ourselves. This is nearly always desired, since this is often how a wheel-spoke VPN works. There's very little use case for redirects with wireguard. This should be reverted if we ever move the test directly into ip_forward in net/ipv4/ip_forward.c near the call to ip_rt_send_redirect.
2017-02-20extract-keys: respect compat directivesJason A. Donenfeld1-0/+4
2017-02-14version: bump snapshot0.0.20170214Jason A. Donenfeld2-2/+2
2017-02-14Revert "main: add `wg` type alias"Jason A. Donenfeld1-2/+1
This reverts commit b4f93ace76b1065ab08fd5596f31a0971b848eea.
2017-02-14Makefile: add module-install targetJason A. Donenfeld1-1/+5
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.