Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | noise: infer initiator or not from handshake state | Jason A. Donenfeld | 2017-08-04 | 1 | -1/+1 |
| | | | | Suggested-by: Mathias Hall-Andersen <mathias@hall-andersen.dk> | ||||
* | timers: rename confusingly named functions and variables | Jason A. Donenfeld | 2017-08-04 | 1 | -1/+1 |
| | | | | Suggested-by: Mathias Hall-Andersen <mathias@hall-andersen.dk> | ||||
* | receive: move lastminute guard into timer event | Jason A. Donenfeld | 2017-08-04 | 1 | -3/+1 |
| | | | | Suggested-by: Mathias Hall-Andersen <mathias@hall-andersen.dk> | ||||
* | recieve: pskb_trim already checks length | Jason A. Donenfeld | 2017-08-01 | 1 | -1/+1 |
| | |||||
* | receive: single line if style | Jason A. Donenfeld | 2017-08-01 | 1 | -2/+1 |
| | |||||
* | recieve: cleanup variable usage | Jason A. Donenfeld | 2017-07-28 | 1 | -11/+7 |
| | |||||
* | global: use pointer to net_device | Jason A. Donenfeld | 2017-07-20 | 1 | -15/+15 |
| | | | | | | DaveM prefers it to be this way per [1]. [1] http://www.spinics.net/lists/netdev/msg443992.html | ||||
* | receive: cleanup error handlers | Jason A. Donenfeld | 2017-06-29 | 1 | -21/+23 |
| | |||||
* | receive: pull IP header into head | Jason A. Donenfeld | 2017-06-29 | 1 | -0/+4 |
| | |||||
* | receive: fix off-by-one in packet length checking | Jason A. Donenfeld | 2017-06-29 | 1 | -1/+1 |
| | | | | | | | | | | | | This caused certain packets to be rejected that shouldn't be rejected, in the case of certain scatter-gather ethernet drivers doing GRO pulling right up to the UDP bounds but not beyond. This caused certain TCP connections to fail. Thanks very much to Reuben for providing access to the machine to debug this regression. Reported-by: Reuben Martin <reuben.m@gmail.com> | ||||
* | global: cleanup IP header checking | Jason A. Donenfeld | 2017-06-26 | 1 | -50/+16 |
| | | | | This way is more correct and ensures we're within the skb head. | ||||
* | receive: extend rate limiting to 1 second after under load detection | Jason A. Donenfeld | 2017-06-24 | 1 | -0/+5 |
| | |||||
* | receive: trim incoming packets to IP header length | Jason A. Donenfeld | 2017-06-01 | 1 | -0/+15 |
| | |||||
* | timers: reset retry-attempt counter when not retrying | Jason A. Donenfeld | 2017-05-31 | 1 | -1/+1 |
| | |||||
* | timers: the completion of a handshake also is on key confirmation | Jason A. Donenfeld | 2017-05-31 | 1 | -0/+1 |
| | |||||
* | debug: print interface name in dmesg | Jason A. Donenfeld | 2017-05-31 | 1 | -23/+23 |
| | |||||
* | handshake: process in parallel | Jason A. Donenfeld | 2017-05-30 | 1 | -9/+12 |
| | |||||
* | receive: netif_rx consumes | Jason A. Donenfeld | 2017-04-09 | 1 | -1/+3 |
| | |||||
* | data: cleanup parallel workqueue and use two max_active | Jason A. Donenfeld | 2017-04-08 | 1 | -2/+2 |
| | |||||
* | data: simplify flow | Jason A. Donenfeld | 2017-04-04 | 1 | -7/+2 |
| | |||||
* | locking: always use _bh | Jason A. Donenfeld | 2017-04-04 | 1 | -3/+3 |
| | | | | | All locks are potentially between user context and softirq, which means we need to take the _bh variant. | ||||
* | data: big refactoring | Jason A. Donenfeld | 2017-03-20 | 1 | -42/+49 |
| | |||||
* | receive: last_rx use is discouraged and removed in recent kernels | Jason A. Donenfeld | 2017-02-27 | 1 | -1/+0 |
| | |||||
* | Update copyright | Jason A. Donenfeld | 2017-01-10 | 1 | -1/+1 |
| | |||||
* | peer: don't use sockaddr_storage to reduce memory usage | Jason A. Donenfeld | 2016-12-13 | 1 | -7/+7 |
| | |||||
* | receive: simplify ip header checking logic | Jason A. Donenfeld | 2016-12-11 | 1 | -15/+2 |
| | |||||
* | headers: cleanup notices | Jason A. Donenfeld | 2016-11-21 | 1 | -1/+1 |
| | |||||
* | packets: consolidate constants | Jason A. Donenfeld | 2016-11-16 | 1 | -3/+3 |
| | |||||
* | various: nits from willy | Jason A. Donenfeld | 2016-11-15 | 1 | -1/+1 |
| | |||||
* | debug: cleanup skb printing | Jason A. Donenfeld | 2016-11-15 | 1 | -42/+25 |
| | |||||
* | socket: keep track of src address in sending packets | Jason A. Donenfeld | 2016-11-15 | 1 | -42/+36 |
| | |||||
* | send: simplify handshake initiation queueing and introduce lock | Jason A. Donenfeld | 2016-11-07 | 1 | -1/+1 |
| | |||||
* | debug: support dynamic debug on skb addr | Jason A. Donenfeld | 2016-11-06 | 1 | -4/+4 |
| | |||||
* | receive: always send confirmation, even if queue is empty | Jason A. Donenfeld | 2016-10-19 | 1 | -1/+5 |
| | |||||
* | timers: only have initiator rekey | Jason A. Donenfeld | 2016-10-19 | 1 | -3/+26 |
| | | | | | | | | | If it's time to rekey, and the responder sends a message, the initator will begin the rekeying when sending his response message. In the worst case, this response message will actually just be the keepalive. This generally works well, with the one edge case of the message arriving less than 10 seconds before key expiration, in which the keepalive is not sufficient. In this case, we simply rehandshake immediately. | ||||
* | timers: always delay handshakes for responder | Jason A. Donenfeld | 2016-10-19 | 1 | -0/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the prior behavior, when sending a packet, we checked to see if it was about time to start a new handshake, and if we were past a certain time, we started it. For the responder, we made that time a bit further in the future than for the initiator, to prevent the thundering herd problem of them both starting at the same time. However, this was flawed. If both parties stopped communicating after 2.2 minutes, and then one party decided to initiate a TCP connection before the 3 minute mark, the currently open session would be used. However, because it was after the 2.2 minute mark, both peers would try to initiate a handshake upon sending their first packet. The errant flow was as follows: 1. Peer A sends SYN. 2. Peer A sees that his key is getting old and initiates new handshake. 3. Peer B receives SYN and sends ACK. 4. Peer B sees that his key is getting old and initiates new handshake. Since these events happened after the 2.2 minute mark, there's no delay between handshake initiations, and problems begin. The new behavior is changed to: 1. Peer A sends SYN. 2. Peer A sees that his key is getting old and initiates new handshake. 3. Peer B receives SYN and sends ACK. 4. Peer B sees that his key is getting old and schedules a delayed handshake for 12.5 seconds in the future. 5. Peer B receives handshake initiation and cancels scheduled handshake. | ||||
* | debug: keep alive -> keepalive | Jason A. Donenfeld | 2016-10-19 | 1 | -1/+1 |
| | |||||
* | Rework headers and includes | Jason A. Donenfeld | 2016-09-29 | 1 | -2/+3 |
| | |||||
* | send: properly encapsulate ECN | Jason A. Donenfeld | 2016-08-29 | 1 | -2/+13 |
| | | | | We're not leaking the DSCP, but we do deal with ECN. | ||||
* | receive: assume we usually succeed with userspaceexperimental-0.0.20160711 | Jason A. Donenfeld | 2016-07-10 | 1 | -1/+1 |
| | |||||
* | receive: no need to test for !len | Jason A. Donenfeld | 2016-07-10 | 1 | -1/+1 |
| | |||||
* | persistent keepalive: use authenticated keepalives | Jason A. Donenfeld | 2016-07-10 | 1 | -0/+2 |
| | |||||
* | timers: rename *authorized* functions to *authenticated* | Jason A. Donenfeld | 2016-07-08 | 1 | -2/+2 |
| | |||||
* | persistent keepalive: add kernel mechanism | Jason A. Donenfeld | 2016-07-08 | 1 | -1/+1 |
| | |||||
* | receive: protect against impossible conditions | Jason A. Donenfeld | 2016-07-03 | 1 | -0/+4 |
| | | | | | | | | | | It should never be the case that skb->head + skb->transport_header - skb->data is greater than 2^16, but in case the kernel network stack borks this at some point in the future, we don't want this to slyly introduce a vulnerability into WireGuard. Further, really smart compilers might be able to make deductions about data_offset, and optimize accordingly. | ||||
* | receive: error conditions are unlikely | Jason A. Donenfeld | 2016-07-01 | 1 | -3/+3 |
| | |||||
* | Initial commit | Jason A. Donenfeld | 2016-06-25 | 1 | -0/+301 |