aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/tests/netns.sh (unfollow)
Commit message (Collapse)AuthorFilesLines
2019-10-11netns: add test for failing 5.3 FIB changesJason A. Donenfeld1-1/+21
Reference: https://lore.kernel.org/netdev/20190924073615.31704-1-Jason@zx2c4.com/
2019-07-11noise: immediately rekey all peers after changing device private keyJason A. Donenfeld1-0/+10
Reported-by: Derrick Pallas <derrick@pallas.us>
2019-04-06allowedips: initialize list head when removing intermediate nodesJason A. Donenfeld1-0/+4
Otherwise if this list item is later reused, we'll crash on list poison or worse. Also, add a version of Mimka's reproducer to netns.sh to catch these types of bugs in the future. Reported-by: Mimka <mikma.wg@lists.m7n.se>
2019-02-03noise: store clamped key instead of raw keyJason A. Donenfeld1-0/+2
2019-01-23netlink: use __kernel_timespec for handshake timeJason A. Donenfeld1-1/+3
2019-01-07global: update copyrightJason A. Donenfeld1-1/+1
2018-12-18netns: nmap != ncatJason A. Donenfeld1-4/+4
2018-09-03global: satisfy check_patch.pl errorsJason A. Donenfeld1-1/+1
2018-08-09netlink: don't start over iteration on multipart non-first allowedipsJason A. Donenfeld1-0/+24
Reported-by: Matt Layher <mdlayher@gmail.com>
2018-04-15send: account for route-based MTUJason A. Donenfeld1-0/+13
It might be that a particular route has a different MTU than the interface, via `ip route add ... dev wg0 mtu 1281`, for example. In this case, it's important that we don't accidently pad beyond the end of the MTU. We accomplish that in this patch by carrying forward the MTU from the dst if it exists. We also add a unit test for this issue. Reported-by: Roman Mamedov <rm.wg@romanrm.net>
2018-02-12netns: replace n0 ip with ip0, per customJason A. Donenfeld1-2/+2
2018-01-03global: year bumpJason A. Donenfeld1-1/+1
2017-12-09global: add SPDX tags to all filesGreg Kroah-Hartman1-2/+3
It's good to have SPDX identifiers in all files as the Linux kernel developers are working to add these identifiers to all files. Update all files with the correct SPDX license identifier based on the license text of the project or based on the license in the file itself. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Modified-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-23tools: fix removing preshared keysJason A. Donenfeld1-0/+18
Also clean up related logic quite a bit and add unit tests.
2017-11-10netlink: make sure we reserve space for NLMSG_DONEJason A. Donenfeld1-0/+9
Otherwise, if messages pack really close together, we'll exceed the size of the sk_buff and return ENOBUFS. I suspect this has been the cause of a lot of weird bugs that people just worked around by increasing the receive buffer size. This actually addresses the root cause.
2017-10-31stats: more robust accountingJason A. Donenfeld1-1/+8
2017-10-31netns: use time-based test instead of quantity-basedJason A. Donenfeld1-4/+4
2017-10-31netns: use read built-in instead of ncat hack for dmesgJason A. Donenfeld1-4/+2
This misses lines that are greater than 128 bytes -- read returns -EINVAL -- but the lines we care about anyway are less than that, so we simply keep looping and skip the bad reads when this happens. Not ideal, but probably the best we can do in pure bash. And, importantly, it's much better than streaming this over a TCP socket, which was an even uglier hack.
2017-10-17netns: disable accept_dad for all interfacesJason A. Donenfeld1-0/+2
Upstream's a2d3f3e33853ef52e5f66b41c3e8ee5710aa3305 broke things in strange and confusing ways.
2017-10-09routingtable: iterate progressivelyJason A. Donenfeld1-2/+2
2017-10-05send: put keypair referenceJason A. Donenfeld1-0/+19
2017-10-02netlink: switch from ioctl to netlink for configurationJason A. Donenfeld1-1/+38
2017-09-24netns: disable rp_filter for final testJason A. Donenfeld1-0/+4
2017-08-23socket: improve reply-to-src algorithmJason A. Donenfeld1-0/+40
We store the destination IP of incoming packets as the source IP of outgoing packets. When we send outgoing packets, we then ask the routing table for which interface to use and which source address, given our inputs of the destination address and a suggested source address. This all is good and fine, since it means we'll successfully reply using the correct source address, correlating with the destination address for incoming packets. However, what happens when default routes change? Or when interface IP addresses change? Prior to this commit, after getting the response from the routing table of the source address, destination address, and interface, we would then make sure that the source address actually belonged to the outbound interface. If it didn't, we'd reset our source address to zero and re-ask the routing table, in which case the routing table would then give us the default IP address for sending that packet. This worked mostly fine for most purposes, but there was a problem: what if WireGuard legitimately accepted an inbound packet on a default interface using an IP of another interface? In this case, falling back to asking for the default source IP was not a good strategy, since it'd nearly always mean we'd fail to reply using the right source. So, this commit changes the algorithm slightly. Rather than falling back to using the default IP if the preferred source IP doesn't belong to the outbound interface, we have two checks: we make sure that the source IP address belongs to _some_ interface on the system, no matter which one (so long as it's within the network namespace), and we check whether or not the interface of an incoming packet matches the returned interface for the outbound traffic. If both these conditions are true, then we proceed with using this source IP address. If not, we fall back to the default IP address.
2017-08-03netns: work around linux 3.10 issuesJason A. Donenfeld1-0/+6
2017-08-03netns: explictly test reply to sender routingJason A. Donenfeld1-1/+25
2017-07-20global: wireguard.io --> wireguard.comJason A. Donenfeld1-1/+1
Due to concerns with the .io TLD, we are switching to using wireguard.com instead.
2017-06-01receive: trim incoming packets to IP header lengthJason A. Donenfeld1-1/+1
2017-05-17tests: check for stats counter increasesJason A. Donenfeld1-0/+4
The kernel API for this has changed a lot, so this test is important to ensure our compat layer is doing the right thing.
2017-05-17noise: redesign preshared key modeJason A. Donenfeld1-2/+2
2017-04-14netns: cleanup and add diagramJason A. Donenfeld1-7/+18
2017-01-10Update copyrightJason A. Donenfeld1-1/+1
2016-12-26compat: support 3.18, 3.19, 4.0Jason A. Donenfeld1-1/+1
2016-12-16tests: avoid non-strict writes via printfJason A. Donenfeld1-11/+8
2016-12-04tests: directly kill nmapJason A. Donenfeld1-7/+12
2016-12-04tests: make sure ncat gets killedJason A. Donenfeld1-3/+4
2016-11-29tests: be sure we get all messagesJason A. Donenfeld1-1/+6
2016-11-21tests: veth does not come up immediatelyJason A. Donenfeld1-0/+7
2016-11-21headers: cleanup noticesJason A. Donenfeld1-0/+2
2016-11-15tests: trim outputJason A. Donenfeld1-20/+4
2016-11-15tests: use private ipv6 addressesJason A. Donenfeld1-18/+18
2016-11-15socket: ensure that saddr routing can deal with interface removalJason A. Donenfeld1-0/+32
2016-08-29netns: remove dangling $@Jason A. Donenfeld1-4/+4
2016-08-21tests: test jumbo frames with more transferJason A. Donenfeld1-4/+19
2016-08-12tests: add crypto-RP filter testJason A. Donenfeld1-0/+18
2016-08-08tests: use makefile and expand greatlyJason A. Donenfeld1-89/+163
2016-07-18tests: improve test suite and add qemu testerJason A. Donenfeld1-0/+142