Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Action TODO | Matt Dunwoodie | 2019-10-20 | 1 | -2/+1 |
| | |||||
* | Message for later | Matt Dunwoodie | 2019-10-12 | 1 | -0/+1 |
| | |||||
* | Update ipc.c to new if_wg.h interface | Matt Dunwoodie | 2019-10-05 | 1 | -34/+42 |
| | |||||
* | Return null key when masked | Matt Dunwoodie | 2019-08-29 | 1 | -6/+15 |
| | |||||
* | Add support for rdomain | Matt Dunwoodie | 2019-08-29 | 1 | -1/+12 |
| | | | | | I'm not sure if fwmark is the correct way to do it, but for the time being it works. | ||||
* | Add name to anonymous union | Matt Dunwoodie | 2019-08-29 | 1 | -1/+1 |
| | | | | | This is required for the Cython library I'm working on. I don't see this causing any issues. | ||||
* | Add support for masked/hidden keys | Matt Dunwoodie | 2019-08-11 | 1 | -3/+3 |
| | |||||
* | Create runtime dir for both interface types | Matt Dunwoodie | 2019-08-10 | 1 | -1/+1 |
| | |||||
* | Rudimentary support for wg-quick | Matt Dunwoodie | 2019-07-21 | 1 | -12/+22 |
| | | | | | This isn't as foolproof as I would like, however it seems to work with both wireguard-openbsd and wireguard-go. | ||||
* | Actually call SIOCSWGPEERAIP in wg(8) | Matt Dunwoodie | 2019-07-21 | 1 | -2/+5 |
| | | | | | The set AIP ioctl was actually not called in openbsd_set_device. Also, specify ipv4 and ipv6 when copying the addresses. | ||||
* | Add support for OpenBSD keepalive | Matt Dunwoodie | 2019-05-21 | 1 | -2/+11 |
| | |||||
* | Update to new wg_cidr allowedip structure | Matt Dunwoodie | 2019-05-19 | 1 | -17/+13 |
| | |||||
* | Add retrieval of private key from device | Matt Dunwoodie | 2019-05-19 | 1 | -0/+5 |
| | | | | | | | | Before mdlayher notified me that wg(8) actually can view the device private key (with `WG_HIDE_KEYS=never wg`), I did not have a need for it. It was straight forward to add in kernel. This functionality will also be implemented in wgctrl-go. | ||||
* | Add support for new ioctls | Matt Dunwoodie | 2019-04-30 | 1 | -15/+9 |
| | |||||
* | openbsd: add support for openbsd kernel module | Matt Dunwoodie | 2019-04-29 | 1 | -0/+253 |
| | | | | | | While this isn't complete, it is a good representation of what needs to be done. The biggest problem to fix is that the kernel module has no concept of 'replacing' peers or allowedips. | ||||
* | wg-quick: make darwin and freebsd path search strict like linux | Jason A. Donenfeld | 2019-04-23 | 2 | -2/+4 |
| | |||||
* | wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel | Jason A. Donenfeld | 2019-04-23 | 1 | -9/+22 |
| | |||||
* | compat: udp_tunnel: force cast sk_data_ready | Jason A. Donenfeld | 2019-04-14 | 1 | -1/+3 |
| | | | | Reference: https://lists.zx2c4.com/pipermail/wireguard/2019-April/004081.html | ||||
* | version: bump snapshot0.0.20190406 | Jason A. Donenfeld | 2019-04-06 | 2 | -2/+2 |
| | |||||
* | allowedips: initialize list head when removing intermediate nodes | Jason A. Donenfeld | 2019-04-06 | 2 | -1/+5 |
| | | | | | | | | | | Otherwise if this list item is later reused, we'll crash on list poison or worse. Also, add a version of Mimka's reproducer to netns.sh to catch these types of bugs in the future. Reported-by: Mimka <mikma.wg@lists.m7n.se> | ||||
* | compat: backport skb_mark_not_on_list | Jason A. Donenfeld | 2019-03-29 | 1 | -0/+7 |
| | |||||
* | blake2s: remove outlen parameter from final | Jason A. Donenfeld | 2019-03-27 | 4 | -12/+11 |
| | |||||
* | blake2s: simplify | Samuel Neves | 2019-03-27 | 2 | -40/+12 |
| | | | | Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | ||||
* | qemu: set framewarn 1280 for 64bit and 1024 for 32bit | Jason A. Donenfeld | 2019-03-25 | 14 | -4/+14 |
| | |||||
* | device: use skb accessor functions where possible | Jason A. Donenfeld | 2019-03-25 | 1 | -2/+2 |
| | | | | Suggested-by: David Miller <davem@davemloft.net> | ||||
* | allowedips: do not use __always_inline | Jason A. Donenfeld | 2019-03-25 | 1 | -9/+9 |
| | | | | | | DaveM doth forbid. Suggested-by: David Miller <davem@davemloft.net> | ||||
* | peerlookup: rename from hashtables | Jason A. Donenfeld | 2019-03-25 | 7 | -9/+9 |
| | |||||
* | tools: avoid unneccessary next_peer assignments in sort_peers() | Luis Ressel | 2019-03-23 | 1 | -2/+1 |
| | | | | Signed-off-by: Luis Ressel <aranea@aixah.de> | ||||
* | wg-quick: add 'strip' subcommand | Luis Ressel | 2019-03-23 | 5 | -5/+50 |
| | | | | | | | | | `wg-quick strip` prints the config file to stdout after stripping it of all wg-quick-specific options. This enables tricks such as `wg addconf $DEV <(wg-quick strip $DEV)`. Signed-off-by: Luis Ressel <aranea@aixah.de> | ||||
* | tools: warn if an AllowedIP has a nonzero host part | Luis Ressel | 2019-03-23 | 1 | -0/+34 |
| | | | | Signed-off-by: Luis Ressel <aranea@aixah.de> | ||||
* | wg-quick: freebsd: export TMPDIR when restoring and don't make empty | Jason A. Donenfeld | 2019-03-18 | 1 | -1/+2 |
| | | | | Otherwise mktemp doesn't see it, and if it's empty we wind up in /. | ||||
* | global: the _bh variety of rcu helpers have been unified | Jason A. Donenfeld | 2019-03-17 | 7 | -12/+57 |
| | |||||
* | compat: nf_nat_core.h was removed upstream | Bruno Wolff III | 2019-03-14 | 1 | -0/+2 |
| | | | | | | | In d2c5c103b133 ("netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h"). Signed-off-by: Bruno Wolff III <bruno@wolff.to> | ||||
* | tools: add support for Haiku | Alexander von Gluck IV | 2019-02-28 | 1 | -0/+3 |
| | | | | Signed-off-by: Alexander von Gluck IV <kallisti5@unixzen.com> | ||||
* | tools: genkey: account for short reads of /dev/urandom | Jason A. Donenfeld | 2019-02-28 | 1 | -12/+24 |
| | | | | | | | | | | Apparently Haiku has a misbehaving /dev/urandom. While we're at it, simplify the function signature to completely succeed or completely fail and make sure the caller checks the result. Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com> Nitpicked-by: Aaron Jones <aaronmdjones@gmail.com> | ||||
* | wg-quick: freebsd: rebreak interface loopback, while fixing localhost | Jason A. Donenfeld | 2019-02-28 | 1 | -1/+1 |
| | | | | | | | | | | | The commit 7c833642 ("wg-quick: freebsd: allow loopback to work") was supposed to make things better, but actually it just started sending legitimate localhost traffic over the WireGuard interface, which is really quite bad. This reverts commit 7c833642dfa342218602ab18e7091e86408d2982. Reported-by: Matt Smith <matt.xtaz@gmail.com> | ||||
* | version: bump snapshot0.0.20190227 | Jason A. Donenfeld | 2019-02-27 | 2 | -2/+2 |
| | |||||
* | queueing: net-next has changed signature of skb_probe_transport_header | Jason A. Donenfeld | 2019-02-27 | 2 | -1/+7 |
| | |||||
* | allowedips: maintain per-peer list of allowedips | Jason A. Donenfeld | 2019-02-26 | 6 | -160/+129 |
| | | | | | | | | This makes `wg show` and `wg showconf` and the like significantly faster, since we don't have to iterate through every node of the trie for every single peer. It also makes netlink cursor resumption much less problematic, since we're just iterating through a list, rather than having to save a traversal stack. | ||||
* | peer: only synchronize_rcu_bh and traverse trie once when removing all peers | Jason A. Donenfeld | 2019-02-25 | 2 | -20/+42 |
| | |||||
* | netlink: don't remove allowed ips for new peers | Jason A. Donenfeld | 2019-02-25 | 1 | -0/+3 |
| | | | | This causes needless traversal of the trie. | ||||
* | Makefile: make the depmod path configurable | Luis Ressel | 2019-02-17 | 1 | -1/+2 |
| | | | | Signed-off-by: Luis Ressel <aranea@aixah.de> | ||||
* | Makefile: don't duplicate code in install and modules-install | Luis Ressel | 2019-02-17 | 1 | -5/+5 |
| | | | | Signed-off-by: Luis Ressel <aranea@aixah.de> | ||||
* | compat: backport ALIGN_DOWN | Jason A. Donenfeld | 2019-02-17 | 1 | -0/+7 |
| | |||||
* | compat: ipv6_stub is sometimes null | Jason A. Donenfeld | 2019-02-17 | 1 | -1/+1 |
| | | | | | | | On ancient kernels, ipv6_stub is sometimes null in cases where IPv6 has been disabled with a command line flag or other failures. Reported-by: Anatoli <me@anatoli.ws> | ||||
* | tools: c_acc doesn't need to be initialized | Jason A. Donenfeld | 2019-02-08 | 1 | -1/+1 |
| | |||||
* | tools: fight compiler slightly harder | Jason A. Donenfeld | 2019-02-05 | 2 | -2/+2 |
| | |||||
* | chacha20: name enums | Jason A. Donenfeld | 2019-02-04 | 1 | -2/+2 |
| | |||||
* | noise: store clamped key instead of raw key | Jason A. Donenfeld | 2019-02-03 | 9 | -18/+18 |
| | |||||
* | chacha20poly1305: permit unaligned strides on certain platforms | Jason A. Donenfeld | 2019-02-03 | 1 | -18/+14 |
| | | | | | | | The map allocations required to fix this are mostly slower than unaligned paths. Reported-by: Louis Sautier <sbraz@gentoo.org> |