summaryrefslogtreecommitdiffstatshomepage
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* version: bump snapshot0.0.20191206Jason A. Donenfeld2019-12-062-2/+2
|
* chacha20poly1305: double check the sgmiter logic with testJason A. Donenfeld2019-12-061-8/+59
|
* wg-quick: linux: ignore save warnings for iptables-nftJason A. Donenfeld2019-12-061-1/+1
|
* wg-quick: linux: suppress more warnings on weird kernelsJason A. Donenfeld2019-12-061-4/+4
|
* wg-quick: linux: some iptables don't like empty linesJason A. Donenfeld2019-12-051-6/+6
| | | | Reported-by: Kenneth R. Crudup <kenny@panix.com>
* crypto: use new assembler macros for 5.5Jason A. Donenfeld2019-12-056-14/+19
|
* chacha20poly1305: port to sgmitter for 5.5Jason A. Donenfeld2019-12-056-122/+151
| | | | | I'm not totally comfortable with these changes yet, and it'll require some more scrutiny. But it's a start.
* netlink: prepare for removal of genl_family_attrbuf in 5.5Jason A. Donenfeld2019-12-052-8/+20
|
* version: bump snapshot0.0.20191205Jason A. Donenfeld2019-12-052-2/+2
|
* wg-quick: linux: iptables-* -w is not widely supportedJason A. Donenfeld2019-12-051-2/+2
|
* ipc: make sure userspace communication frees wgdeviceJason A. Donenfeld2019-12-052-11/+16
|
* send: avoid touching skb->{next,prev} directlyJason A. Donenfeld2019-12-051-2/+2
| | | | | This isn't quite the same, since mark_not_on_list doesn't touch skb->prev, but hopefully it doesn't matter.
* device: prepare skb_list_walk_safe for upstreamingJason A. Donenfeld2019-12-053-9/+13
|
* send: use kfree_skb_listJason A. Donenfeld2019-12-051-9/+2
|
* wg-quick: linux: have remove_iptables return trueJason A. Donenfeld2019-12-051-1/+1
| | | | Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
* wg-quick: linux: ensure postdown hooks executeJason A. Donenfeld2019-12-051-2/+2
| | | | Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
* wg-quick: linux: suppress error when finding unused tableJason A. Donenfeld2019-11-271-1/+1
|
* version: bump snapshot0.0.20191127Jason A. Donenfeld2019-11-272-2/+2
|
* tools: add syncconf commandJason A. Donenfeld2019-11-273-0/+97
|
* qemu: bump versionJason A. Donenfeld2019-11-271-1/+1
|
* qemu: respect PATH when finding CBUILDJason A. Donenfeld2019-11-271-1/+1
|
* qemu: work around build bug with powerpc64leJason A. Donenfeld2019-11-271-0/+1
|
* wg-quick: linux: filter bogus injected packets and don't disable rpfilterJason A. Donenfeld2019-11-271-8/+29
|
* wg-quick: linux: only touch net.ipv4 for v4Jason A. Donenfeld2019-11-261-3/+5
|
* allowedips: avoid double lock in selftest error caseJason A. Donenfeld2019-11-261-8/+9
|
* socket: remove redundant check of new4Jason A. Donenfeld2019-11-261-1/+1
|
* allowedips: safely dereference rcu rootsJason A. Donenfeld2019-11-261-6/+10
|
* messages: recalculate rekey max based on a one minute floodJason A. Donenfeld2019-10-301-1/+1
| | | | Discussed-with: Mathias Hall-Andersen <mathias@hall-andersen.dk>
* wg-quick: android: check for null in binder cleanup functionsJason A. Donenfeld2019-10-161-3/+6
|
* version: bump snapshot0.0.20191012Jason A. Donenfeld2019-10-122-2/+2
|
* wg-quick: android: use Binder for setting DNS on Android 10Nicolas Douma2019-10-121-7/+429
| | | | Signed-off-by: Nicolas Douma <nicolas@serveur.io>
* noise: recompare stamps after taking write lockJason A. Donenfeld2019-10-111-2/+6
|
* netlink: allow preventing creation of new peers when updatingJason A. Donenfeld2019-10-112-9/+12
| | | | | | This enables race-free updates for wg-dynamic and similar tools. Suggested-by: Thomas Gschwantner <tharre3@gmail.com>
* netns: add test for failing 5.3 FIB changesJason A. Donenfeld2019-10-112-1/+24
| | | | Reference: https://lore.kernel.org/netdev/20190924073615.31704-1-Jason@zx2c4.com/
* qemu: bump default versionJason A. Donenfeld2019-10-111-1/+1
|
* version: bump snapshot0.0.20190913Jason A. Donenfeld2019-09-132-2/+2
|
* compat: support rhel/centos 7.7Jason A. Donenfeld2019-09-131-1/+1
|
* Kbuild: squelch warnings for stack limit on broken kernel configsJason A. Donenfeld2019-09-131-0/+1
| | | | 1280 is considered the absolute minimum for 64bit archs.
* compat: don't rewrite siphash when it's from compatJason A. Donenfeld2019-09-131-0/+2
|
* compat: support newer PaXJason A. Donenfeld2019-09-111-0/+1
| | | | Reported-by: PaX Team <pageexec@freemail.hu>
* version: bump snapshot0.0.20190905Jason A. Donenfeld2019-09-052-2/+2
|
* compat: work around ubuntu breakageJason A. Donenfeld2019-09-051-0/+9
| | | | They forgot to backport hsiphash.
* tools: windows: enforce named pipe ownership and use protected prefixJason A. Donenfeld2019-08-312-22/+40
|
* Makefile: allow specifying kernel releaseMikk Mar2019-08-281-2/+3
| | | | | | | This makes depmod work when building/installing the module for a kernel other than the currently running one. Signed-off-by: Mikk Mar <mikkmar@airmail.cc>
* wg-quick: linux: don't fail down when using systemd-resolvedRonan Pigott2019-08-271-1/+1
| | | | | | | | | | | | | | | | systemd-resolved has a compatibility interface for use with resolvconf scripts when resolvectl is called from a symlink from resolvconf. However, when tearing down the interface, cmd_down calls del_if and then unset_dns. In the case of systemd-resolved, deleting the interface also removes the systemd-resolved entry and causes resolvconf -d to fail when resolvconf really is a symlink to resolvectl. This causes `wg-quick down` and 'wg-quick@.service' to exit with failure. Instead we use the resolvconf '-f' flag to ignore non-existent interfaces, supported by both openresolv and sd-resolved resolvconf. Signed-off-by: Ronan Pigott <rpigott@berkeley.edu> [zx2c4: moved -f argument to end to remain compatible with Debian's resolvconf]
* compat: account for android-4.9 backport of addr_gen_modeNathan Chancellor2019-08-252-4/+4
| | | | | | | | Android kernels backported d35a00b8e33dab7385f724e713ae71c8be0a49f4, so now we need to do feature detection. Link: https://android-review.googlesource.com/c/kernel/common/+/1103831 Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
* wg-quick: openbsd: fix alternate routing table syntaxAnkur Kothari2019-08-071-1/+1
| | | | | | | route(8) has always used the `-T` option to specify the routing table; there is no `rdomain` option. Signed-off-by: Ankur Kothari <ankur@lipidity.com>
* Kbuild: account for upstream configuration maze changesJason A. Donenfeld2019-08-071-0/+2
|
* netlink: skip peers with invalid keysJason A. Donenfeld2019-08-052-6/+15
|
* compat: do not run bc on clean targetJason A. Donenfeld2019-08-031-0/+2
| | | | | Certain targets don't define CONFIG_*, which means this bc command was previously failing.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.