Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2019-10-02 | wg-quick: android: add addresses after bringing interface up | Nicolas Douma | 1 | -1/+1 | |
Signed-off-by: Nicolas Douma <nicolas@serveur.io> | |||||
2019-09-30 | netlink: allow preventing creation of new peers when updating | Jason A. Donenfeld | 2 | -9/+12 | |
This enables race-free updates for wg-dynamic and similar tools. Suggested-by: Thomas Gschwantner <tharre3@gmail.com> | |||||
2019-09-24 | netns: add test for failing 5.3 FIB changes | Jason A. Donenfeld | 2 | -1/+24 | |
Reference: https://lore.kernel.org/netdev/20190924073615.31704-1-Jason@zx2c4.com/ | |||||
2019-09-24 | qemu: bump default version | Jason A. Donenfeld | 1 | -1/+1 | |
2019-09-13 | version: bump snapshot0.0.20190913 | Jason A. Donenfeld | 2 | -2/+2 | |
2019-09-13 | compat: support rhel/centos 7.7 | Jason A. Donenfeld | 1 | -1/+1 | |
2019-09-13 | Kbuild: squelch warnings for stack limit on broken kernel configs | Jason A. Donenfeld | 1 | -0/+1 | |
1280 is considered the absolute minimum for 64bit archs. | |||||
2019-09-13 | compat: don't rewrite siphash when it's from compat | Jason A. Donenfeld | 1 | -0/+2 | |
2019-09-11 | compat: support newer PaX | Jason A. Donenfeld | 1 | -0/+1 | |
Reported-by: PaX Team <pageexec@freemail.hu> | |||||
2019-09-05 | version: bump snapshot0.0.20190905 | Jason A. Donenfeld | 2 | -2/+2 | |
2019-09-05 | compat: work around ubuntu breakage | Jason A. Donenfeld | 1 | -0/+9 | |
They forgot to backport hsiphash. | |||||
2019-08-31 | tools: windows: enforce named pipe ownership and use protected prefix | Jason A. Donenfeld | 2 | -22/+40 | |
2019-08-28 | Makefile: allow specifying kernel release | Mikk Mar | 1 | -2/+3 | |
This makes depmod work when building/installing the module for a kernel other than the currently running one. Signed-off-by: Mikk Mar <mikkmar@airmail.cc> | |||||
2019-08-27 | wg-quick: linux: don't fail down when using systemd-resolved | Ronan Pigott | 1 | -1/+1 | |
systemd-resolved has a compatibility interface for use with resolvconf scripts when resolvectl is called from a symlink from resolvconf. However, when tearing down the interface, cmd_down calls del_if and then unset_dns. In the case of systemd-resolved, deleting the interface also removes the systemd-resolved entry and causes resolvconf -d to fail when resolvconf really is a symlink to resolvectl. This causes `wg-quick down` and 'wg-quick@.service' to exit with failure. Instead we use the resolvconf '-f' flag to ignore non-existent interfaces, supported by both openresolv and sd-resolved resolvconf. Signed-off-by: Ronan Pigott <rpigott@berkeley.edu> [zx2c4: moved -f argument to end to remain compatible with Debian's resolvconf] | |||||
2019-08-25 | compat: account for android-4.9 backport of addr_gen_mode | Nathan Chancellor | 2 | -4/+4 | |
Android kernels backported d35a00b8e33dab7385f724e713ae71c8be0a49f4, so now we need to do feature detection. Link: https://android-review.googlesource.com/c/kernel/common/+/1103831 Signed-off-by: Nathan Chancellor <natechancellor@gmail.com> | |||||
2019-08-07 | wg-quick: openbsd: fix alternate routing table syntax | Ankur Kothari | 1 | -1/+1 | |
route(8) has always used the `-T` option to specify the routing table; there is no `rdomain` option. Signed-off-by: Ankur Kothari <ankur@lipidity.com> | |||||
2019-08-07 | Kbuild: account for upstream configuration maze changes | Jason A. Donenfeld | 1 | -0/+2 | |
2019-08-05 | netlink: skip peers with invalid keys | Jason A. Donenfeld | 2 | -6/+15 | |
2019-08-03 | compat: do not run bc on clean target | Jason A. Donenfeld | 1 | -0/+2 | |
Certain targets don't define CONFIG_*, which means this bc command was previously failing. | |||||
2019-07-19 | compat: support running in OpenVZ environments | Jason A. Donenfeld | 1 | -0/+8 | |
Overriding LLTX like this is pretty ugly, but at least it means we don't have to let OpenVZ infect the real source tree. Requested-by: Benedikt Braunger <b.braunger@syseleven.de> | |||||
2019-07-11 | noise: immediately rekey all peers after changing device private key | Jason A. Donenfeld | 6 | -7/+47 | |
Reported-by: Derrick Pallas <derrick@pallas.us> | |||||
2019-07-08 | netlink: enforce that unused bits of flags are zero | Jason A. Donenfeld | 2 | -5/+16 | |
Reported-by: Toke Høiland-Jørgensen <toke@toke.dk> | |||||
2019-07-08 | wg-quick: android: refactor and add incoming allow rules | Jason A. Donenfeld | 1 | -65/+73 | |
Suggested-by: Yağmur Oymak <yagmur.oymak@gmail.com> | |||||
2019-07-04 | compat: define conversion constants for ancient kernels | Jason A. Donenfeld | 2 | -1/+5 | |
2019-07-02 | version: bump snapshot0.0.20190702 | Jason A. Donenfeld | 2 | -2/+2 | |
2019-07-02 | receive: queue dead packets to napi queue instead of empty rx_queue | Jason A. Donenfeld | 2 | -5/+3 | |
2019-06-28 | peer: use LIST_HEAD macro | Jason A. Donenfeld | 1 | -1/+1 | |
Suggested-by: Sultan Alsawaf <sultan@kerneltoast.com> | |||||
2019-06-28 | netlink: cast struct over cb->args for type safety | Jason A. Donenfeld | 1 | -29/+34 | |
This eliminates the headache of managing cb->args[??]. Suggested-by: Johannes Berg <johannes@sipsolutions.net> | |||||
2019-06-28 | compat: support RHEL8's skb_mark_not_on_list backport | Jason A. Donenfeld | 1 | -1/+3 | |
2019-06-25 | compat: rhel backported list modifications | Jason A. Donenfeld | 1 | -1/+1 | |
2019-06-25 | global: switch to coarse ktime | Jason A. Donenfeld | 11 | -36/+43 | |
Coarse ktime is broken until [1] in 5.2 and kernels without the backport, so we use fallback code there. The fallback code has also been improved significantly. It now only uses slower clocks on kernels < 3.17, at the expense of some accuracy we're not overly concerned about. [1] https://lore.kernel.org/lkml/tip-e3ff9c3678b4d80e22d2557b68726174578eaf52@git.kernel.org/ Suggested-by: Arnd Bergmann <arnd@arndb.de> | |||||
2019-06-24 | compat: unify custom function prefix/suffix | Jason A. Donenfeld | 3 | -48/+48 | |
2019-06-24 | compat: some kernels weirdly backport prandom_u32_max | Jason A. Donenfeld | 1 | -2/+3 | |
2019-06-24 | wg-quick: darwin: support being called from launchd | Jason A. Donenfeld | 3 | -1/+53 | |
This causes wg-quick up to wait for the monitor to exit before it exits, so that launchd can correctly wait on it. Reported-by: Cameron Palmer <cameron@promon.no> | |||||
2019-06-18 | qemu: show signal when failing | Jason A. Donenfeld | 1 | -3/+14 | |
2019-06-03 | blake2s: spacing | Jason A. Donenfeld | 2 | -123/+123 | |
2019-06-02 | curve25519: not all linkers support bmi2 and adx | Jason A. Donenfeld | 3 | -6/+58 | |
2019-06-01 | version: bump snapshot0.0.20190601 | Jason A. Donenfeld | 2 | -2/+2 | |
2019-05-31 | compat: don't call xgetbv on cpus with no XSAVE | Jason A. Donenfeld | 1 | -1/+1 | |
2019-05-31 | blake2s: add ssse3 to nobs | Jason A. Donenfeld | 1 | -1/+2 | |
2019-05-31 | blake2s: do not use xgetbv for ssse3 detection | Jason A. Donenfeld | 1 | -3/+1 | |
2019-05-31 | tools: pass WG_ENDPOINT_RESOLUTION_RETRIES=infinity to systemd unit | Jason A. Donenfeld | 1 | -0/+1 | |
2019-05-31 | version: bump snapshot0.0.20190531 | Jason A. Donenfeld | 2 | -2/+2 | |
2019-05-31 | tools: add wincompat layer to wg(8) | Jason A. Donenfeld | 15 | -0/+321 | |
2019-05-29 | tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES | Jason A. Donenfeld | 2 | -4/+25 | |
2019-05-29 | zinc: update copyright | Jason A. Donenfeld | 2 | -2/+2 | |
2019-05-29 | blake2s: shorten ssse3 loop | Samuel Neves | 1 | -857/+66 | |
This (mostly) preserves the performance (as measured on Haswell and *lake) of last commit, but it drastically reduces code size. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | |||||
2019-05-29 | blake2s,chacha: latency tweak | Samuel Neves | 5 | -618/+982 | |
In every odd-numbered round, instead of operating over the state x00 x01 x02 x03 x05 x06 x07 x04 x10 x11 x08 x09 x15 x12 x13 x14 we operate over the rotated state x03 x00 x01 x02 x04 x05 x06 x07 x09 x10 x11 x08 x14 x15 x12 x13 The advantage here is that this requires no changes to the 'x04 x05 x06 x07' row, which is in the critical path. This results in a noticeable latency improvement of roughly R cycles, for R diagonal rounds in the primitive. In the case of BLAKE2s, which I also moved from requiring AVX to only requiring SSSE3, we save approximately 30 cycles per compression function call on Haswell and Skylake. In other words, this is an improvement of ~0.6 cpb. This idea was pointed out to me by Shunsuke Shimizu, though it appears to have been around for longer. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | |||||
2019-05-29 | qemu: do not check for alignment with ubsan | Jason A. Donenfeld | 1 | -0/+1 | |
It insta-crashes on x86. | |||||
2019-05-29 | zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2 | Jason A. Donenfeld | 3 | -2/+6 | |