Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tools: fix removing preshared keys | Jason A. Donenfeld | 2017-11-23 | 1 | -69/+55 |
| | | | | Also clean up related logic quite a bit and add unit tests. | ||||
* | global: switch from timeval to timespec | Jason A. Donenfeld | 2017-11-22 | 3 | -7/+7 |
| | | | | | | | | | | | | | | | | | | | This gets us nanoseconds instead of microseconds, which is better, and we can do this pretty much without freaking out existing userspace, which doesn't actually make use of the nano/micro seconds field: zx2c4@thinkpad ~ $ cat a.c void main() { puts(sizeof(struct timeval) == sizeof(struct timespec) ? "success" : "failure"); } zx2c4@thinkpad ~ $ gcc a.c -m64 && ./a.out success zx2c4@thinkpad ~ $ gcc a.c -m32 && ./a.out success This doesn't solve y2038 problem, but timespec64 isn't yet a thing in userspace. | ||||
* | tools: tighten up strtoul parsing | Jason A. Donenfeld | 2017-11-17 | 2 | -36/+62 |
| | | | | Reported-by: Cedric Buxin <cedric.buxin@izri.org> | ||||
* | wg-quick: document localhost exception and v6 rule | Jason A. Donenfeld | 2017-11-12 | 1 | -3/+4 |
| | | | | Reported-by: Hermann Lienstromberg <nurtic-vibe@grmml.net> | ||||
* | tools: allow for NULL keys everywhere | Jason A. Donenfeld | 2017-11-11 | 5 | -29/+50 |
| | |||||
* | tools: remove ioctl cruft | Jason A. Donenfeld | 2017-11-11 | 1 | -4/+0 |
| | |||||
* | wg-quick: allow for tabs in keys | Jason A. Donenfeld | 2017-11-10 | 1 | -2/+2 |
| | |||||
* | wg-quick: stat the correct enclosing folder of config file | Jason A. Donenfeld | 2017-11-10 | 1 | -1/+2 |
| | |||||
* | wg-quick: save all hooks on save | Jason A. Donenfeld | 2017-11-01 | 1 | -5/+13 |
| | |||||
* | wg-quick: fsync the temporary file before renaming | Jason A. Donenfeld | 2017-10-31 | 1 | -0/+1 |
| | | | | | | | This ensures that on an unclean shutdown, we either see the old content or the new content, but not empty content. Suggested-by: Ka Ho Ng <ngkaho1234@gmail.com> | ||||
* | wg-quick: allow for saving existing interface | Jason A. Donenfeld | 2017-10-31 | 2 | -2/+14 |
| | |||||
* | tools: correct type for CTRL_ATTR_FAMILY_ID | Jason A. Donenfeld | 2017-10-31 | 1 | -4/+4 |
| | | | | Suggested-by: Jörg Thalheim <joerg@thalheim.io> | ||||
* | wg-quick: allow for the hatchet, but not by default | Jason A. Donenfeld | 2017-10-31 | 1 | -0/+2 |
| | |||||
* | wg-quick: remember to rewind DNS settings on failure | Jason A. Donenfeld | 2017-10-31 | 1 | -3/+8 |
| | |||||
* | wg-quick: allow specifiying multiple hooks | Jason A. Donenfeld | 2017-10-31 | 2 | -18/+21 |
| | |||||
* | global: style nits | Jason A. Donenfeld | 2017-10-31 | 10 | -110/+201 |
| | |||||
* | global: infuriating kernel iterator style | Jason A. Donenfeld | 2017-10-31 | 4 | -19/+19 |
| | | | | | | | | | | | | | | | | | One types: for (i = 0 ... So one should also type: for_each_obj (obj ... But the upstream kernel style guidelines are insane, and so we must instead do: for_each_obj(obj ... Ugly, but one must choose his battles wisely. | ||||
* | tools: account for padding being in zero attribute | Jason A. Donenfeld | 2017-10-17 | 1 | -0/+6 |
| | |||||
* | tools: newline after warning | Jason A. Donenfeld | 2017-10-17 | 1 | -1/+1 |
| | |||||
* | tools: style | Jason A. Donenfeld | 2017-10-17 | 1 | -1/+1 |
| | |||||
* | tools: add pass example to wg-quick man page | Jason A. Donenfeld | 2017-10-17 | 1 | -22/+9 |
| | |||||
* | tools: don't insist on having a private key | Jason A. Donenfeld | 2017-10-17 | 1 | -5/+0 |
| | | | | | | | | | | This lets us do flexible things from wg-quick such as: PostUp = wg set %i private-key <(pass WireGuard/private-keys/%i) It also was never a very sensible policy to enforce. Suggested-by: Luis Ressel <aranea@aixah.de> | ||||
* | tools: retry resolution except when fatal | Jason A. Donenfeld | 2017-10-17 | 3 | -21/+23 |
| | | | | | | | | | | | | | | | | | | | The reference to this is <https://sourceware.org/glibc/wiki/NameResolver>, which mentions: "From the perspective of the application that calls getaddrinfo() it perhaps doesn't matter that much since EAI_FAIL, EAI_NONAME and EAI_NODATA are all permanent failure codes and the causes are all permanent failures in the sense that there is no point in retrying later." This should cover more early-boot situations. While we're at it, we clean up the logic a bit so that we don't have a retry message on the final non-retrying attempt. We also peer into errno when receiving EAI_SYSTEM, to report to the user what actually happened. Also, fix the quoting back tick front tick mess. | ||||
* | tools: encoding: be more paranoid | Jason A. Donenfeld | 2017-10-17 | 1 | -2/+2 |
| | | | | Needless, but overkill can be fun. | ||||
* | Makefile: even prettier output | Jason A. Donenfeld | 2017-10-17 | 1 | -3/+3 |
| | |||||
* | tools: man: include kill-switch documentation using fwmark | Jason A. Donenfeld | 2017-10-11 | 1 | -0/+36 |
| | |||||
* | tools: store tail pointer to make coalescing peers fast | Jason A. Donenfeld | 2017-10-10 | 2 | -74/+70 |
| | |||||
* | tools: warn once on unrecognized items | Jason A. Donenfeld | 2017-10-09 | 2 | -0/+22 |
| | | | | | | | | DaveM suggests we do in fact do this. Others on the same thread weren't happy about the length of the proposed message, so we also give a bit of a less dramatic warning. This reverts commit a2cc976a3b572cf308cc2d97c080eacac60416fe. | ||||
* | tools: try again if dump is interrupted | Jason A. Donenfeld | 2017-10-08 | 1 | -1/+4 |
| | |||||
* | Makefile: clang now builds the kernel, so use scan-build | Jason A. Donenfeld | 2017-10-05 | 2 | -4/+1 |
| | | | | | Also add little stub for coccinelle and clean up semicolon issue it found. | ||||
* | Makefile: add non-verbose mode to tools | Jason A. Donenfeld | 2017-10-03 | 1 | -1/+19 |
| | |||||
* | global: satisfy bitshift pedantry | Jason A. Donenfeld | 2017-10-03 | 1 | -8/+8 |
| | | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> | ||||
* | tools: compile on non-Linux | Jason A. Donenfeld | 2017-10-02 | 1 | -16/+22 |
| | |||||
* | tools: simmer down silly compilers | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 |
| | |||||
* | tools: do not warn on unrecognized items | Jason A. Donenfeld | 2017-10-02 | 2 | -26/+0 |
| | | | | Upstream advice is to simply be silent. | ||||
* | wg-quick: check permissions of parent directory | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 |
| | | | | | Also prefix octal 0, in case these files are actually of modes that don't start with 0 by accident (such as SUID or sticky bit). | ||||
* | wg-quick: verify wireguard interface in more clever way | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 |
| | | | | | This helps with old Debian which has ancient iproute2, as well as paving the path toward this script supporting userspace implementations. | ||||
* | wg-quick: anchor sysctl regex to start and end | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 |
| | | | | | | | This doesn't actually fix a real problem, but it is more correct than not having it. Suggested-by: Aaron Sigel <aaron@vtty.com> | ||||
* | netlink: switch from ioctl to netlink for configuration | Jason A. Donenfeld | 2017-10-02 | 12 | -438/+1129 |
| | |||||
* | tools: uapi: only make sure socket file is socket | Jason A. Donenfeld | 2017-09-26 | 1 | -4/+9 |
| | |||||
* | tools: use key_is_zero for comparing to zeros | Jason A. Donenfeld | 2017-09-24 | 6 | -22/+24 |
| | | | | | | | Maybe an attacker on the system could use the infoleak in /proc to gauge how long a wg(8) process takes to complete and determine the number of leading zeros. This is somewhat ridiculous, but it's possible somebody somewhere might at somepoint care in the future, so alright. | ||||
* | wg-quick: only bash complete existing interfaces for down | Jason A. Donenfeld | 2017-09-06 | 1 | -12/+15 |
| | |||||
* | tools: fix removal of psk | Jason A. Donenfeld | 2017-08-23 | 1 | -1/+1 |
| | | | | This is an attribute of the peer, not the device. | ||||
* | tools: stricter userspace ipc parsing | Jason A. Donenfeld | 2017-08-02 | 1 | -3/+3 |
| | |||||
* | wg-quick: add explicit support for common DNS usage | Jason A. Donenfeld | 2017-07-26 | 2 | -12/+34 |
| | |||||
* | wg-quick: do not use grep | Jason A. Donenfeld | 2017-07-24 | 1 | -1/+1 |
| | |||||
* | wg-quick: do not set explicit src route for v6 default route | Jason A. Donenfeld | 2017-07-24 | 1 | -11/+3 |
| | | | | | | | | | This was only required because clueless network operators were trying to route fec0::/10 globally, when that range doesn't actually have global scope. Now that we understand the cause was operator error, we revert the change here, so that the routing table is kept consistent. This reverts commit 64e47de870a2f0575b5564a70e5680b48ab83ff9. | ||||
* | wg-quick: usage typos | Jason A. Donenfeld | 2017-07-20 | 1 | -1/+2 |
| | |||||
* | global: wireguard.io --> wireguard.com | Jason A. Donenfeld | 2017-07-20 | 3 | -6/+6 |
| | | | | | Due to concerns with the .io TLD, we are switching to using wireguard.com instead. | ||||
* | tools: remove double include in ipc | Jason A. Donenfeld | 2017-06-29 | 1 | -1/+0 |
| |