Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tools: man: include kill-switch documentation using fwmark | Jason A. Donenfeld | 2017-10-11 | 1 | -0/+36 |
| | |||||
* | tools: store tail pointer to make coalescing peers fast | Jason A. Donenfeld | 2017-10-10 | 2 | -74/+70 |
| | |||||
* | tools: warn once on unrecognized items | Jason A. Donenfeld | 2017-10-09 | 2 | -0/+22 |
| | | | | | | | | DaveM suggests we do in fact do this. Others on the same thread weren't happy about the length of the proposed message, so we also give a bit of a less dramatic warning. This reverts commit a2cc976a3b572cf308cc2d97c080eacac60416fe. | ||||
* | tools: try again if dump is interrupted | Jason A. Donenfeld | 2017-10-08 | 1 | -1/+4 |
| | |||||
* | Makefile: clang now builds the kernel, so use scan-build | Jason A. Donenfeld | 2017-10-05 | 2 | -4/+1 |
| | | | | | Also add little stub for coccinelle and clean up semicolon issue it found. | ||||
* | Makefile: add non-verbose mode to tools | Jason A. Donenfeld | 2017-10-03 | 1 | -1/+19 |
| | |||||
* | global: satisfy bitshift pedantry | Jason A. Donenfeld | 2017-10-03 | 1 | -8/+8 |
| | | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> | ||||
* | tools: compile on non-Linux | Jason A. Donenfeld | 2017-10-02 | 1 | -16/+22 |
| | |||||
* | tools: simmer down silly compilers | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 |
| | |||||
* | tools: do not warn on unrecognized items | Jason A. Donenfeld | 2017-10-02 | 2 | -26/+0 |
| | | | | Upstream advice is to simply be silent. | ||||
* | wg-quick: check permissions of parent directory | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 |
| | | | | | Also prefix octal 0, in case these files are actually of modes that don't start with 0 by accident (such as SUID or sticky bit). | ||||
* | wg-quick: verify wireguard interface in more clever way | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 |
| | | | | | This helps with old Debian which has ancient iproute2, as well as paving the path toward this script supporting userspace implementations. | ||||
* | wg-quick: anchor sysctl regex to start and end | Jason A. Donenfeld | 2017-10-02 | 1 | -1/+1 |
| | | | | | | | This doesn't actually fix a real problem, but it is more correct than not having it. Suggested-by: Aaron Sigel <aaron@vtty.com> | ||||
* | netlink: switch from ioctl to netlink for configuration | Jason A. Donenfeld | 2017-10-02 | 12 | -438/+1129 |
| | |||||
* | tools: uapi: only make sure socket file is socket | Jason A. Donenfeld | 2017-09-26 | 1 | -4/+9 |
| | |||||
* | tools: use key_is_zero for comparing to zeros | Jason A. Donenfeld | 2017-09-24 | 6 | -22/+24 |
| | | | | | | | Maybe an attacker on the system could use the infoleak in /proc to gauge how long a wg(8) process takes to complete and determine the number of leading zeros. This is somewhat ridiculous, but it's possible somebody somewhere might at somepoint care in the future, so alright. | ||||
* | wg-quick: only bash complete existing interfaces for down | Jason A. Donenfeld | 2017-09-06 | 1 | -12/+15 |
| | |||||
* | tools: fix removal of psk | Jason A. Donenfeld | 2017-08-23 | 1 | -1/+1 |
| | | | | This is an attribute of the peer, not the device. | ||||
* | tools: stricter userspace ipc parsing | Jason A. Donenfeld | 2017-08-02 | 1 | -3/+3 |
| | |||||
* | wg-quick: add explicit support for common DNS usage | Jason A. Donenfeld | 2017-07-26 | 2 | -12/+34 |
| | |||||
* | wg-quick: do not use grep | Jason A. Donenfeld | 2017-07-24 | 1 | -1/+1 |
| | |||||
* | wg-quick: do not set explicit src route for v6 default route | Jason A. Donenfeld | 2017-07-24 | 1 | -11/+3 |
| | | | | | | | | | This was only required because clueless network operators were trying to route fec0::/10 globally, when that range doesn't actually have global scope. Now that we understand the cause was operator error, we revert the change here, so that the routing table is kept consistent. This reverts commit 64e47de870a2f0575b5564a70e5680b48ab83ff9. | ||||
* | wg-quick: usage typos | Jason A. Donenfeld | 2017-07-20 | 1 | -1/+2 |
| | |||||
* | global: wireguard.io --> wireguard.com | Jason A. Donenfeld | 2017-07-20 | 3 | -6/+6 |
| | | | | | Due to concerns with the .io TLD, we are switching to using wireguard.com instead. | ||||
* | tools: remove double include in ipc | Jason A. Donenfeld | 2017-06-29 | 1 | -1/+0 |
| | |||||
* | wg-quick: use printf -v instead of namerefs for bash 4.2 | Jason A. Donenfeld | 2017-06-28 | 1 | -3/+2 |
| | | | | I'm not happy about this. | ||||
* | wg-quick: properly match IPv6 endpoint | Jason A. Donenfeld | 2017-06-24 | 1 | -1/+1 |
| | |||||
* | tools: use proper __linux__ ifdef | Jason A. Donenfeld | 2017-06-12 | 1 | -1/+1 |
| | |||||
* | wg-quick: match ipv6 default route more broadly | Jason A. Donenfeld | 2017-06-12 | 1 | -1/+1 |
| | |||||
* | wg-quick: make sure we have empty table for both v6 and v4 | Jason A. Donenfeld | 2017-06-11 | 1 | -1/+3 |
| | | | | | | | Otherwise, we wind up not doing the right thing in the v6-only case, or doing something totally borked when v4 and v6 are filled unevenly. Reported-by: Roelf Wichertjes <contact@roelf.org> | ||||
* | tools: allow creating device with no peers | Jason A. Donenfeld | 2017-05-31 | 1 | -4/+0 |
| | |||||
* | man: update wg-quick(8) to show Debian resolvconf braindamage | Jason A. Donenfeld | 2017-05-30 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | While OpenResolv supports explicit ordering directives such as `-m` and exclusivity directives such as `-x`, Debian's own resolvconf supports none of this, instead using a hard coded list of interface name templates for determining ordering. While trying to emulate `-x` is difficult [*], we can at least try to mostly emulate `-m 0` by masquerading as a `tun*` interface to resolvconf. Ugly, but it works. [*] One heavy handed way of emulating `-x` would be something like: # echo nameserver 8.8.8.8 > /etc/resolv.conf.wg0-exclusive # mount --bind -o ro /etc/resolv.conf.wg0-exclusive /etc/resolv.conf # rm -f /etc/resolv.conf.wg0-exclusive This in practice works quite well, but is a bit heavy to put in a man page. It also doesn't "stack" well. For example, if we simply run `umount /etc/resolv.conf`, how do we know which resolv.conf entry we're unmounting? | ||||
* | wg-quick: use src routing for default routes in v6 | Jason A. Donenfeld | 2017-05-18 | 1 | -3/+11 |
| | | | | | Otherwise, traffic is sent with the IP address of a different interface, and then packets don't actually get delivered. | ||||
* | man: fix psk mention in wg-quick man page | Jason A. Donenfeld | 2017-05-18 | 1 | -2/+2 |
| | |||||
* | tools: opt-in globally to GNU-isms to keep the BSDs happy | Jason A. Donenfeld | 2017-05-17 | 2 | -2/+1 |
| | |||||
* | tools: support text-based ipc | Jason A. Donenfeld | 2017-05-17 | 8 | -131/+321 |
| | |||||
* | tools: check for proto error on set too | Jason A. Donenfeld | 2017-05-17 | 1 | -3/+4 |
| | |||||
* | tools: stricter key file reading | Jason A. Donenfeld | 2017-05-17 | 1 | -31/+40 |
| | |||||
* | noise: redesign preshared key mode | Jason A. Donenfeld | 2017-05-17 | 6 | -49/+52 |
| | |||||
* | tools: wg-quick: auto MTU discovery | Jason A. Donenfeld | 2017-05-17 | 2 | -1/+28 |
| | |||||
* | tools: retry name resolution on temporary failure | Jason A. Donenfeld | 2017-05-17 | 1 | -1/+10 |
| | | | | This should solve many problems at init time. | ||||
* | tools: no hyphen in preshared, to keep uniformity | Jason A. Donenfeld | 2017-04-20 | 3 | -3/+3 |
| | |||||
* | tools: argc is always 1 | Jason A. Donenfeld | 2017-04-19 | 1 | -1/+1 |
| | |||||
* | tools: check for malloc failure | Jason A. Donenfeld | 2017-04-19 | 1 | -0/+4 |
| | |||||
* | tools: side channel resistant base64 | Jason A. Donenfeld | 2017-04-19 | 9 | -259/+86 |
| | |||||
* | tools: do not use addrconfig with port in gai | Jason A. Donenfeld | 2017-03-28 | 1 | -1/+1 |
| | |||||
* | uapi: add version magic | Jason A. Donenfeld | 2017-03-24 | 2 | -8/+27 |
| | |||||
* | wg-quick: various cleanups | Jason A. Donenfeld | 2017-03-24 | 1 | -5/+6 |
| | |||||
* | tools: document # comments in wg(8) man page | Jason A. Donenfeld | 2017-03-24 | 1 | -1/+3 |
| | |||||
* | tools: wg-quick: support old ip(8) | Pim van Pelt | 2017-03-19 | 1 | -4/+8 |
| | | | | | Old versions of ip(8) do not accept arguments to `ip rule show.` This patch works around that limitation. |